Patent · US Active

SQL injection interception detection method and device, apparatus and computer readable medium

US11108817B2 · kind B2 · utility

0Cited by

0References

8Claims

0Family size

Assignee

BEIJING BAIDU NETCOM SCIENCE TECHNOLOGY CO., LTD. · CN

Inventors

Hui-Hsuan Chen · Hengshan, TW
Qiang Huang · Austin, US
Tianyu Wang · Los Altos, US
Zhaoyi Liu · Beijing, CN

Key dates

Filing date	Oct 10, 2018
Grant date	Aug 31, 2021
Priority date	—
Expiry date	Oct 25, 2039

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/20
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

A method for detecting SQL injection interception is provided. The method includes: detecting a received SQL instruction according to a SQL syntax tree rule to determine that the received SQL instruction is a malicious instruction; and analyzing the received SQL instruction by using an analysis model to determine that the received SQL instruction is a potentially malicious instruction, in a case that the received SQL instruction is not determined to be a malicious instruction according to the SQL syntax tree rule. The method can combine the online detection and the offline analysis to intercept the invading malicious SQL commands, and can also find and supplement the loopholes of the rules through offline analysis.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.