Journal of Information Security Reserach ›› 2023, Vol. 9 ›› Issue (5): 412-.

Previous Articles     Next Articles

A Survey of SQL Injection Attack Detection and Defense Technology


  • Online:2023-05-01 Published:2023-04-29



  1. 1(郑州大学网络空间安全学院郑州450002)
  • 通讯作者: 王安琪 硕士研究生.主要研究方向为网络与信息安全.
  • 作者简介:王安琪 硕士研究生.主要研究方向为网络与信息安全. 杨蓓 博士,副教授,硕士生导师.主要研究方向为人工智能、机器学习、数据挖掘. 张建辉 博士,副研究员,硕士生导师.主要研究方向为网络与信息安全、网络体系架构、人工智能. 王瑞民 博士,副教授,硕士生导师.主要研究方向为网络与信息安全、物联网安全.

Abstract: In the era of “Internet+”, data is the most valuable resource of the Internet. Attackers often use SQL injection attacks to destroy the database in order to obtain important data information in the database. The threat to database security is becoming more and more serious. At present, the research on SQL injection attacks mostly focuses on traditional SQL injection attacks, but lacks the cognition of new advanced SQL injection technology with stronger concealment and higher risk, and the research on related detection and defense technology. In response to this phenomenon, this paper analyzes and evaluates traditional and advanced SQL injection attack technologies and their technical characteristics based on the classification of SQL injection technologies; summarizes existing detection and defense technologies, and evaluates the advantages and disadvantages of these methods for defense effectiveness; finally The problems existing in the current research field are sorted out, and suggestions for future research directions are put forward.

Key words: SQL injection attack, detection and defense, traditional and advanced, Web security, database security

摘要: 在互联网+时代,数据是互联网最宝贵的资源,攻击者为获取数据库中的重要数据信息常采用SQL注入攻击方式对数据库进行破坏,数据库安全面临的威胁日益严峻.目前有关SQL注入攻击的研究多集中在传统SQL注入攻击上,而缺乏对于隐蔽性更强、危险性更高的新型高级SQL注入技术的认知及相关检测与防御技术的研究.针对这一现象,从SQL注入技术分类出发对传统和高级SQL注入攻击技术及其技术特点进行分析评价;对现有检测与防御技术归纳总结,并对这些方法的优缺点和防御有效性进行评价;最后针对当前研究领域存在的问题进行梳理,为今后的研究方向给出建议.

关键词: 关键词SQL注入攻击, 检测与防御, 传统与高级, Web安全, 数据库安全

CLC Number: