A Syntax Tree Feature-Based Matching Approach For Sql-Injecton Detection

eWith the deepening of informatization construction, Web architecture is widely used in various fields. While presenting convenience, these new technologies also introduce great security risks. Web security has been a serious problem for information security, and SQL-injection is one of the most common means of attack against Web services. SQL Injection often changes the structure of SQL statements. In this paper, we have proposed a syntax tree feature-based matching approach to counter SQL Injection. Our approach can learn automatically the structure feature of all legal SQL statements to construct knowledge library based on SQL syntax tree in a safe environment, and then match every SQL statement with knowledge library to find whether the structural feature has been changed in real environments. Experimental results prove that this proposed approach holds good performance and perfect protection for SQL Injection.