参考文献
[1]Harb H M, Eleyan D, Eleyan A. SQL injection detection tools advantages and drawbacks[J]. International Journal of Wireless and Microwave Technologies, 2021, 11(3): 1621[2]OWASP. OWASP top 10[EBOL]. (20210913) [20220520]. https:owasp.orgTop10[3]CWE. Top25 most dangerous software error[EBOL]. (20210806) [20220520]. https:cwe.mitre.orgtop25archive20212021_cwe_top25.html#cwe_top_25[4]Clarke J. SQL Injection Attacks and Defense[M]. Oxford: Elsevier Ltd, 2009: 2127[5]黄小丹. SQL注入漏洞检测技术综述[J]. 现代计算机, 2020 (10): 5158[6]Shar L K, Tan H B K. Defeating SQL injection[J]. Computer, 2012, 46(3): 6977[7]Acker S V, Nikiforakis N, Desmet L, et al. FlashOver: Automated discovery of crosssite scripting vulnerabilities in rich Internet applications[C] Proc of the 7th ACM Symp on Information, Computer and Communications Security. New York: ACM, 2012: 1213[8]Singh J P. Analysis of SQL injection detection techniques[J]. Theoretical and Applied Informatics, 2016, 28(12): 3942[9]Stampar M. Data retrieval over DNS in SQL injection attacks[J]. arXiv preprint, arXiv: 1303.3047, 2013[10]乐德广, 李鑫, 龚声蓉, 等. 新型二阶SQL注入技术研究[J]. 通信学报, 2015, 36(S1): 8593[11]魏友. 二阶SQL注入技术和检测方法研究[D]. 济南: 山东大学, 2018[12]Selvamani K, Kannan A. A novel approach for prevention of SQL injection attacks using cryptography and access control policies[C] Proc of the 2nd Int Conf on Advances in Power Electronics and Instrumentation Engineering (PEIE 2011). Berlin: Springer, 2011: 2528[13]Becher M. Web application firewalls[D]. Akademikerverlag: Universiti Teknologi MARA, 2012[14]Soewito B, Gunawan F E. Prevention structured query language injection using regular expression and escape string[J]. Procedia Computer Science, 2018, 135: 678687[15]方爽. 基于特征匹配的Web应用防火墙的研究与实现[D]. 合肥: 安徽大学, 2014[16]张卓. SQL注入攻击技术及防范措施研究[D]. 上海: 上海交通大学, 2007[17]Abikoye O C, Abubakar A, Dokoro H A, et al. A novel technique to prevent SQL injection and crosssite scripting attacks using KnuthMorrisPratt string match algorithm[J]. EURASIP Journal on Information Security, 2020, 2020(1): 114[18]万卓昊, 徐冬冬, 梁生, 等. 基于NGram的SQL注入检测研究[J]. 计算机科学, 2019, 46(7): 108113[19]石聪聪, 张涛, 余勇. 基于语法树特征匹配的SQL注入防护方法研究与实现[C] 第2届计算智能与工业应用国际学术研讨会. 武汉: 电气电子工程师协会, 2011: 206210[20]韩宸望, 林晖, 黄川. 基于SQL语法树的SQL注入过滤方法研究[J]. 网络与信息安全学报, 2016, 2(11): 7077[21]韩涛. 基于解析树的SQL注入检测方法研究[D]. 哈尔滨: 哈尔滨工业大学, 2013[22]孙伟, 陈林. 基于抽象语法树的C#源代码SQL注入漏洞检测算法[J]. 信息安全研究, 2015, 1(2): 112125[23]王杰. 基于抽象语法树的SQL注入防御研究[D]. 武汉: 武汉邮电科学研究院, 2018[24]Boyd S W, Keromytis A D. SQLrand: Preventing SQL injection attacks[C] Proc of Int Conf on Applied Cryptography and Network Security. Berlin: Springer, 2004: 292302[25]马博林, 张铮, 刘浩, 等. SQLMVED: 基于多变体执行的SQL注入运行时防御系统[J]. 通信学报, 2021, 42(4): 127138[26]Kar D, Agarwal K, Sahoo A K, et al. Detection of SQL injection attacks using hidden Markov model[C] Proc of IEEE Int Conf on Engineering & Technology. Piscataway, NJ: IEEE, 2016: 16[27]Joshi A, Geetha V. SQL injection detection using machine learning[C] Proc of 2014 Int Conf on Control, Instrumentation, Communication and Computational Technologies (ICCICCT). Piscataway, NJ: IEEE, 2014: 11111115[28]郭春, 蔡文艳, 申国伟, 等. 基于关键载荷截取的SQL注入攻击检测方法[J]. 信息网络安全, 2021, 21(7): 4353[29]李铭, 邢光升, 王芝辉, 等. SQL注入行为实时在线智能检测技术研究[J]. 湖南大学学报: 自然科学版, 2020, 47(8): 3141[30]Caglayan A, Toothaker M, Dan D, et al. Realtime Detection of Fast Flux Service Networks[M]. Piscataway, NJ: IEEE, 2009: 3541[31]Lekies S, Nikiforakis N, Tighzert W, et al. DEMACRO: Defense against malicious crossdomain requests[C] Proc of the 15th Int Conf on Research in Attacks, Intrusions, and Defenses. Berlin: Springer, 2012: 254273[32]Bernardo D G. Sqlmapautomatic SQL injection and database take over tool[EBOL]. (20150305) [20220706]. http:sqlmap.org[33]Kirda E, Krügel C, Vigna G, et al. Noxes: A clientside solution for mitigating crosssite scripting attacks[C] Proc of the 2006 ACM Symp on Applied Computing (SAC). New York: ACM, 2006: 330337[34]Nikiforakis N, Meert W, Younan Y, et al. SessionShield: Lightweight protection against session hijacking[C] Proc of Int Symp on Engineering Secure Software and Systems. Berlin: Springer, 2011: 87100[35]李鑫, 张维纬, 郑力新. 动静结合的二阶SQL注入漏洞检测技术[J]. 华侨大学学报: 自然科学版, 2018, 39(4): 600605
|