层出不穷的SQL注入攻击使Web应用面临威胁.针对PHP应用程序中的SQL注入行为,提出了一种基于污点分析的SQL注入行为检测模型.首先,该模型使用PHP扩展技术在SQL函数执行时获取SQL语句,并记录攻击者所携带的身份信息;基于以上信息生成SQL请求日志,并将该日志作为分析源.然后,基于SQL语法和抽象语法树,实现了污点标记的SQL语法分析过程,并使用污点分析技术,提取语法树中SQL注入行为的多个特征.最后,使用随机森林分类算法实现SQL注入行为的判定.与正则匹配检测技术对比实验结果显示,通过该模型检测SQL注入行为,准确率为96.9%,准确率提高了7.2个百分点.该模型的信息获取模块能以扩展形式加载在任何PHP应用程序中,因此该模型可移植性强,在安全审计和攻击溯源中具有应用价值.%The SQL (Structured Query Language) injection attack is a threat to Web applications.Aiming at SQL injection behaviors in PHP (Hypertext Preprocessor) applications,a model of detecting SQL injection behaviors based on tainting technology was proposed.Firstly,an SQL statement was obtained when an SQL function was executed,and the identity information of the attacker was recorded through PHP extension technology.Based on the above information,the request log was generated and used as the analysis source.Secondly,the SQL parsing process with taint marking was achieved based on SQL grammar analysis and abstract syntax tree.By using tainting technology,multiple features which reflected SQL injection behaviors were extracted.Finally,the random forest algorithm was used to identify malicious SQL requests.The experimental results indicate that the proposed model gets a high accuracy of 96.9%,which is 7.2 percentage points higher than that of regular matching detection technology.The information acquisition module of the proposed model can be loaded in an extended form in any PHP application;therefore,it is transplantable and applicable in security audit and attack traceability.
展开▼
