基于 LD 算法的 SQL 注入攻击过滤方法研究.

Filtering SQL injection attacks effectively is one of the critical issues to be solved in the current Web security field. Combined keywords filtration with sequence alignment filtration technology, this paper proposed a SQL injection attacks filtration method( SQL injection attacks filtration, SQLIAF) based on LD algorithm. Firstly, in order to reduce the traffic size, it used the blacklist technology to filter illegal users from the perspective of IP. Secondly, it performed keywords detection on the user input. It used LD sequence alignment algorithm to filter illegal input when keywords don' t exist. Otherwise, in order to solve the false positive of normal requests in traditional keywords filtration, it distinguished the user request mode and used the method which ID was added to blacklist directly or the method of LD algorithm. The experimental results show that, compared with the traditional keyword filtration and rule matching, the proposed method can filter SQL injection attacks effectively with lower false positive rate and false negative rate and faster filtration speed. [ABSTRACT FROM AUTHOR]