In accordance with regulations and requirements, the editorial department's website domain has been changed to arocmag.cn. The original domain (arocmag.com) will be discontinued after Dec. 31st, 2024.
Technology of Information Security
|
2117-2122

SQL injection attack detection method based on SimHash

Kong Deguang1,2
Jiang Chaohui1
Guo Chun1,2
1. College of Computer Science & Technology, Guizhou University, Guiyang 550025, China
2. Guizhou Provincial Key Laboratory of Public Big Data, Guiyang 550025, China

Abstract

Aiming at vulnerabilities mentioned above, this paper put forward a method to detect SQL injection attack based on SimHash algorithm. Firstly, it generated the initial SimHash fingerprint database after segmenting, hashing, weighting, merging, and dimension-reducing each SQL statement through self-learning process. Secondly, it used the initial fingerprint database to build the SimHash fingerprint database with index structure. Thirdly, it judged the legitimacy of each SQL statement by combining strict white list strategy which took "users' action is either black or white" as its core concept with the SimHash fingerprint database. Thereby, it lowered the risk of hacker's attacks bypassing the defense system. Experiments show that the detection method has a favorable performance of defensing SQL injection attack, including defensing some unknown ones, which is especially applicable for medium and small-sized websites.

Foundation Support

国家自然科学基金资助项目(61540049)
贵州省基础研究重大项目(黔科合JZ字[2014]2001-21)
贵州省科技合作计划项目(黔科合重大专项字[2018]3001,黔科合基础[2017]1051,黔科合基础[2016]1052)
2017贵州省公共大数据重点实验室开放课题(2017BDKFJJ025)
河南省科技攻关计划项目(182102210123)

Publish Information

DOI: 10.19734/j.issn.1001-3695.2018.12.0943
Publish at: Application Research of Computers Printed Article, Vol. 37, 2020 No. 7
Section: Technology of Information Security
Pages: 2117-2122
Serial Number: 1001-3695(2020)07-040-2117-06

Publish History

[2020-07-05] Printed Article

Cite This Article

孔德广, 蒋朝惠, 郭春. 基于SimHash算法的SQL注入攻击检测方法 [J]. 计算机应用研究, 2020, 37 (7): 2117-2122. (Kong Deguang, Jiang Chaohui, Guo Chun. SQL injection attack detection method based on SimHash [J]. Application Research of Computers, 2020, 37 (7): 2117-2122. )

About the Journal

  • Application Research of Computers Monthly Journal
  • Journal ID ISSN 1001-3695
    CN  51-1196/TP

Application Research of Computers, founded in 1984, is an academic journal of computing technology sponsored by Sichuan Institute of Computer Sciences under the Science and Technology Department of Sichuan Province.

Aiming at the urgently needed cutting-edge technology in this discipline, Application Research of Computers reflects the mainstream technology, hot technology and the latest development trend of computer application research at home and abroad in a timely manner. The main contents of the journal include high-level academic papers in this discipline, the latest scientific research results and major application results. The contents of the columns involve new theories of computer discipline, basic computer theory, algorithm theory research, algorithm design and analysis, blockchain technology, system software and software engineering technology, pattern recognition and artificial intelligence, architecture, advanced computing, parallel processing, database technology, computer network and communication technology, information security technology, computer image graphics and its latest hot application technology.

Application Research of Computers has many high-level readers and authors, and its readers are mainly senior and middle-level researchers and engineers engaged in the field of computer science, as well as teachers and students majoring in computer science and related majors in colleges and universities. Over the years, the total citation frequency and Web download rate of Application Research of Computers have been ranked among the top of similar academic journals in this discipline, and the academic papers published are highly popular among the readers for their novelty, academics, foresight, orientation and practicality.


Indexed & Evaluation

  • The Second National Periodical Award 100 Key Journals
  • Double Effect Journal of China Journal Formation
  • the Core Journal of China (Peking University 2023 Edition)
  • the Core Journal for Science
  • Chinese Science Citation Database (CSCD) Source Journals
  • RCCSE Chinese Core Academic Journals
  • Journal of China Computer Federation
  • 2020-2022 The World Journal Clout Index (WJCI) Report of Scientific and Technological Periodicals
  • Full-text Source Journal of China Science and Technology Periodicals Database
  • Source Journal of China Academic Journals Comprehensive Evaluation Database
  • Source Journals of China Academic Journals (CD-ROM Version), China Journal Network
  • 2017-2019 China Outstanding Academic Journals with International Influence (Natural Science and Engineering Technology)
  • Source Journal of Top Academic Papers (F5000) Program of China's Excellent Science and Technology Journals
  • Source Journal of China Engineering Technology Electronic Information Network and Electronic Technology Literature Database
  • Source Journal of British Science Digest (INSPEC)
  • Japan Science and Technology Agency (JST) Source Journal
  • Russian Journal of Abstracts (AJ, VINITI) Source Journals
  • Full-text Journal of EBSCO, USA
  • Cambridge Scientific Abstracts (Natural Sciences) (CSA(NS)) core journals
  • Poland Copernicus Index (IC)
  • Ulrichsweb (USA)