基于NDIS中间层驱动的防SQL注入系统的设计与实现

发布时间：2018-04-12 21:27

本文选题：SQL注入攻击 + NDIS中间层驱动　；参考：《中南大学》2014年硕士论文

【摘要】：近年来,WEB系统遭受着日益频繁的网络安全攻击。在众多的网络安全攻击中,SQL注入攻击具有相当大的威胁性,攻击者通过提交精心构造的数据库查询代码欺骗服务器执行恶意的SQL命令,以获取用户密码等敏感信息,进而获取主机控制权限等。如何防御SQL注入攻击成为目前网络安全界研究的热点问题。文章首先介绍了课题的研究背景以及国内外对SQL注入攻击的研究现状,然后详细分析了SQL注入攻击的原理、特点、攻击方式以及常见的语句特征,随后总结了常见的防SQL注入攻击的手段,并根据这些手段的不足提出一种新的解决方案,即开发一个基于NDIS中间层驱动的防SQL注入系统。文章接着给出了防SQL注入系统的总体结构设计,将防SQL注入系统分为三大模块：基础功能模块、检测功能模块、防护功能模块。随后详细介绍了检测功能模块和防护功能模块的设计与实现。检测功能模块包括数据包的过滤、捕捉和构造以及SQL注入攻击规则匹配。其中数据包的过滤、捕捉和构造利用了NDIS中间层驱动的相关技术,SQL注入攻击规则匹配则采用正则表达式来书写攻击规则。防护功能模块包括黑名单和应用层-驱动层通信。其中黑名单采用LIST_ENTRY双向链表来实现,应用层-驱动层通信则是利用了WINDOWS驱动开发的相关技术。文章最后给出了在局域网环境中对防SQL注入系统进行测试的结果,测试结果表明,本系统能有效地检测并防御常见的SQL注入攻击,并且对机器的性能影响很小,因此达到了预期的设计目标。
[Abstract]:In recent years, the Web system has been subjected to more and more frequent network security attacks.Among the numerous network security attacks, SQL injection attacks are quite threatening. The attacker spoofed the server to execute malicious SQL commands by submitting carefully constructed database query code to obtain sensitive information such as user passwords.Then access to the host control authority and so on.How to defend against SQL injection attack has become a hot issue in network security field.This paper first introduces the research background of the subject and the research status of SQL injection attack at home and abroad, then analyzes the principle, characteristics, attack methods and common sentence features of SQL injection attack in detail.Then it summarizes the common methods of preventing SQL injection attacks and proposes a new solution to prevent SQL injection attacks based on NDIS middle-tier driver.Then the paper gives the overall structure design of anti- injection system, and divides the anti- injection system into three modules: basic function module, detection function module, protection function module.Then the design and implementation of the detection function module and the protection function module are introduced in detail.The detection module includes packet filtering, capture and construction, and SQL injection attack rule matching.The filtering, capturing and constructing of data packets make use of the relevant technology of NDIS mid-layer driver to match the rules of SQL injection attack. The regular expression is used to write the attack rules.The protection function module includes blacklist and application layer-driver layer communication.The blacklist is realized by LIST_ENTRY bidirectional linked list, and the communication between application layer and driver layer is based on the technology of WINDOWS driver development.Finally, the test results of anti- injection system in LAN environment are given. The test results show that the system can effectively detect and defend against common SQL injection attacks, and has little effect on the performance of the machine.Therefore, the expected design goal has been achieved.
【学位授予单位】：中南大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】