SQL注入漏洞检测研究

发布时间：2018-05-13 11:29

本文选题：漏洞扫描 + 相似度匹配　；参考：《杭州电子科技大学》2014年硕士论文

【摘要】：随着网络技术的飞速发展以及网络平台的易开发、易使用和平台开放等特性,越来越多的公司企业、行政机关以及个人都在互联网上建立了自己的站点,但也使得网络平台的安全形势日益严峻。Web应用程序存在的许多编码漏洞,将导致Web服务器易于受到网络恶意攻击,其中SQL注入攻击是流传较为广泛而且危害性较大的攻击方法。为保证Web应用程序的安全,通过Web漏洞扫描及时发现、挖掘出SQL注入漏洞是非常重要的。一般情况下,在对Web漏洞扫描时,需要抓取网站所有网页并对覆盖较多的SQL注入漏洞,这将导致过高的扫描时间开销。因此,在SQL注入漏洞扫描过程中,适当缩减扫描规模又尽可能充分覆盖系统中可能存在的SQL注入漏洞成为了当前亟需解决的问题。本文首先介绍国内外在SQL注入漏洞检测上的一些进展,通过详细研究了当前漏洞检测常用方法,在前面研究的基础上设计和实现了一个检测效率高同时漏洞检出率也较高的Web漏洞安全检测模型。这个模型的设计主要分为两部分：基于模板匹配的网络爬虫和基于知识库自动扩展的SQL注入漏洞挖掘模块构成。本文设计的模型实现了网站漏洞扫描时爬虫抓取对象的适当精简,从而大大提高了漏洞扫描的效率。同时,为了提高SQL注入漏洞的检出率,本文设计并实现了用于检测的模拟攻击集自动扩展。扩展后的模拟攻击集涵盖多个方面的黑客攻击途径,在系统遭受攻击之前为安全工作者和系统开发者提供系统编码和安全机制的漏洞信息。本文提出了基于模板匹配的网络爬虫解决方案用于实现扫描对象的精简从而对目标服务器实施高效准确的漏洞检测。它首先对同一模板下的网页进行抽样抓,再对抓取的网页进行结构相似度计算,根据相似网页的在抽样中所在的比例决定是否完全抓取该模板下的网页。本文通过模板匹配方法过滤掉那些同一模板结构重复的网页实现了漏洞扫描对象的精简,并付诸于具体实验。实验证明,基于模板匹配的网络爬虫设计方案针对不同类型的网站时保持了一定规模之内的抓取数量(实验中分别爬行三种类型网站的抓取数量为88-129),同时由于设计了前缀匹配爬行策略,本文设计的爬虫对网页深度设置不敏感实现了检测结果的高鲁棒性。另一方面,由于SQL注入漏洞的黑盒检测依赖一个预先定义好的模拟攻击集,这个模拟攻击集中包含了所有可能存在的黑客攻击手段,如何完善这个模拟攻击集从而实现对可能存在的黑客攻击的有效覆盖成了本文另一个研究重点。本文提出的基于知识库自动扩展的SQL注入漏洞挖掘,通过研究当前的SQL注入攻击的各种变种形式,总结出了SQL注入攻击语句的各种不同的变化模式,将这些变化的模式应用到现有的模拟攻击集上从而实现了检测手段的扩展。新的模拟攻击集扩展方案不仅可以扫描服务器的编码漏洞还可以检测出当前部署的安全机制上的不足,从而有效预防了SQL注入攻击对目标站点的侵害。实验证明,扩展后漏洞检出率都在80%以上,虽然扩展后的时间开销确实要高于扩展之前,但两者差距并不明显实验中的三组实验结果的差距基本控制在5s之内。本文的研究依托浙江省重大项目“基于云计算感知的Web漏洞防护系统”课题,研究成果可为Web漏洞,尤其是SQL注入漏洞的检测供技术支撑。本文也为网络爬虫技术、漏洞扫描覆盖以及漏洞知识库自动扩展提供了一些全新角度的方法和思路,对进一步研究Web漏洞检测和防护以及自动识别网络黑客的SQL注入手段提供了一定的参考价值和借鉴作用。
[Abstract]:With the rapid development of network technology, the easy development of network platform, easy to use and open platform, more and more companies, administrative agencies and individuals have built their own sites on the Internet, but the security situation of the network platform is becoming increasingly severe in the.Web applications of many coding vulnerabilities, which will lead to We B server is prone to malicious attacks on the network, and SQL injection attack is a widely spread and harmful attack method. In order to ensure the security of Web applications, it is very important to discover SQL injection vulnerabilities in time by scanning the Web vulnerability. In general, it is necessary to capture all web sites when the Web vulnerability is scanned. Pages and a large number of SQL injection vulnerabilities will lead to excessive scanning time costs. Therefore, in the process of SQL injection vulnerability scanning, it is an urgent problem to appropriately reduce the scan scale and cover the possible SQL injection vulnerabilities in the system as well as possible.
This paper first introduces the progress of SQL injection vulnerability detection at home and abroad. By studying the common methods of current vulnerability detection in detail, a Web vulnerability detection model with high detection efficiency and high vulnerability detection rate is designed and implemented on the basis of the previous research. The design of this model is mainly divided into two parts: Base It is composed of template matching network crawler and SQL injection vulnerability mining module based on knowledge base automatic extension. The model designed in this paper implements the appropriate simplification of crawler grabbing objects during web site vulnerability scanning, thus greatly improving the efficiency of vulnerability scanning. In order to improve the detection rate of SQL injection vulnerability, this paper designs and implements the use of this model. The simulated attack set is extended automatically. The extended analog attack set covers a number of hacker attacks and provides security workers and system developers with system coding and security mechanisms for vulnerability information before the system is attacked.
This paper proposes a network crawler solution based on template matching, which is used to simplify the scanned object and implement the efficient and accurate vulnerability detection to the target server. First, it takes a sample of the web pages under the same template, and then calculates the structure similarity of the captured web pages, according to the ratio of the similar web pages in the sampling. In this paper, we decide whether to completely grab the web page under the template. This paper filters out those web pages that duplicate the same template structure by template matching method and implements the simplification of the vulnerability scanning object and put it into specific experiments. The experiment proves that the network crawler design based on template matching maintains a certain scale for different types of websites. The number of crawling within the three types of crawling sites in the experiment is 88-129. At the same time, because of the design of the prefix matching crawling strategy, the crawler designed in this paper is insensitive to the depth of the web page to achieve the high robustness of the detection results.
On the other hand, the black box detection of the SQL injection vulnerability depends on a pre defined set of simulated attack sets, which contains all possible hacker attacks. How to improve the simulated attack set to achieve the effective coverage of possible hacker attacks is another research focus in this paper. The SQL injection vulnerability mining based on knowledge base automatic extension is proposed. By studying various variant forms of current SQL injection attacks, various different patterns of change of SQL injection attack statements are summed up, and the patterns of these changes are applied to the existing simulated attack sets to realize the expansion of detection means. The set extension scheme not only can scan the code vulnerability of the server but also detect the shortage on the security mechanism of the current deployment, thus effectively preventing the SQL injection attack against the target site. The experiment proves that the detection rate of the extended vulnerability is above 80%, although the extended time cost is really higher than that before the extension, but the difference between the two is poor. The gap between the three sets of experiments is not obvious, and the difference is basically within 5S.
This research relies on the major project of "cloud computing based Web vulnerability protection system" in Zhejiang province. The research results can provide technical support for the detection of Web vulnerabilities, especially SQL injection vulnerabilities. This paper also provides some new methods for network crawler technology, vulnerability scanning coverage and the automatic expansion of vulnerability knowledge base. The idea provides some reference and reference for further research on Web vulnerability detection and protection, and automatic identification of SQL injection methods of network hackers.

【学位授予单位】：杭州电子科技大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】