???????????????? ?????????????????????????????? ?????????????????????? ???????????????????? ???????? SQL-????????????????

Name: ???????????????? ?????????????????????????????? ?????????????????????? ???????????????????? ???????? SQL-????????????????
Keywords: ???????????? ?????????????????? ?? ???????????? ????????????????????

Found an issue? Give us feedback

Наукова електронна б...arrow_drop_down

Наукова електронна бібліотека періодичних видань НАН України (Vernadsky National Library of Ukraine)

Article . 2021

Data sources: Наукова електронна бібліотека періодичних видань НАН України (Vernadsky National Library of Ukraine)

???????????????? ?????????????????????????????? ?????????????????????? ???????????????????? ???????? SQL-????????????????

descriptionPublicationkeyboard_double_arrow_right Article 20 Oct 2021 Russian Publisher:???????????????? ?????????????????????? ????. ??.??. ???????????????? ?????? ??????????????

???????????????? ?????????????????????????????? ?????????????????????? ???????????????????? ???????? SQL-????????????????

- Summary
- Subjects
- Metrics

Abstract

?????????? ???? ??????-?????????????? ?? ???????????????? ?????????? ?????????? ??????????????. ???????? ?? ??????-?????????????? ???????????????? ?????????? ???? ?????????????????????? ???????????????????? ?????????????? ????????????????????, ???? ?????????????????????? ???????????? ???????????????? ???????????????????? ???????????????????????????? ???????? ??????????, ???????????????????????????? ?????????? ???? ??????-???????????????? ?????? ???????????????? ???????? ???????????? ????????. ?????????????????????? ?????????????????????? ???? ?????????????????????????? ?????????????????????????? ????????????????? ???????????????????? ?????????????? ???????? ?????? ?????????????????? ?????????? ?????????????????????????? ??????????????. ???????????? ?? ?????????? ?????????? ?? ?????????????????? ???????? ???? ??????-?????????????? ?????? ???????????????????? ??????????????. ??????????????????????, ???????????????????? ???????????????? ?????????????????? ???????? ?????? ???????????????????? ??????????????, ???????????????? ?????????????????? ??????????????. ?????????? ?????????? ???????????? ???????????????????? ?? ?????????? ????????????????. ?????????? ???????? SQL-????????????????? ??? ?????????????????? ???????????? ?????????? ??????-????????????????, ?????? ?????????? ???????? ??????????. ?????????????????????????? ???????????????????????? ???????????? ?????????????????????????? ???????? SQL-????????????????? ???? ?????????????????? ?????????????????? ?????????? ??????????????, ???? ???????????????? ?????? ???????????????? ??????????. ?????? ???????????????? ?????????? ?????????????? ?????????????????????? ?????????????? ?? ?????????????? ??????????, ?????? ?????????? ?????????????????????????? ?? ???????????????? ???????? ????????????????????????. ???? ?????????????????? ?????????????????????????????? ???????????? ?????????? ???????????????? ?????????? ????????????????? SQL, ???????????????????????????? ???????? ????????????. ?????????? ???????????????????????????????? ????????????????, ???? ?????????? ?????????? ?????????????????? ?? ?????????????????????????? ???????????? ?????????????????? ???????????????? ???????????????? ?????????? ?????????? ?????????????????? ?????????????????????? ???????? SQL-?????????????????. ?? ?????????????????????????????? ???????????? ???????????????? ?????????? ????????????????, ???? ?????????????????????? ???? ?? ????????????, ?????? ?? ?? ?????????????????????? ????????????????, ?? ???????????? ?????????????? ??????????????, ???????????????????????????? ?????????????????? ???????? ???????? ???? ???????????????????? ??????????????. ???????????? ?? ???????????????????????????? ?? ???????????????? ???????????? ?????????? ?????????????? ????????????, ???????????? ?? ?????????? ?? ?????????? ??????????, ???? ?????????????????? ?????????????????? ?????? ?????????????????? ?????????? ???? ?????????????????????? ????????????.

Attacks to web applications are a relatively new type of attack. If the web application does not filter incoming parameters properly, then attackers can get the opportunity to falsify the database using the form on the web page or by changing other incoming data. Mathematical modeling and identification of information objects play an important role in solving problems of pattern recognition. One of these tasks is to detect attacks or normal requests for web applications. Studies on the detection of attacks or normal requests for web applications began relatively recently. Nevertheless, there is a lot of research in this direction. Attack of the form of SQL-injection is a common way of hacking web applications that have a database. Our paper proposes a mathematical method for identifying SQL-injection attacks using a function bounded below that depends on the input string. To build such a function, we used special characters and keywords that are often found in the construction of attacks by intruders. In our proposed method, we can detect SQL-injection attacks using a single character. Nevertheless, we experimentally show that the proposed detection method using a set of numerous symbols allows us to determine the vulnerability of the form of SQL-injection more accurately. In the proposed method, we created a character set that combines both attack and normal detections, and the previously known threshold, using the approximate data of the attackers and normal strings. According to our experiments with artificial data, the set contains a space, a semicolon, and the right bracket has worked well for a larger weight range for the attack and the normal string.

?? ???????????? ???????????? ?????????????????? ???????????????? ?????????????????????? ?????????? ???????????????? SQL ?? ?????????????? ?????????????? ?????????????????????????? ?? ???????? ???????????? ?????????????????????????? ?????????????????????????? ?????????????????? ?? ?????????????? ?????????????????????????? ????????????. ?? ???????????????????????? ???????????? ???????????? ?? ?????????????? ?????????????????? ???????????? ?????????????????? ?? ???????????????????? ?????????? ?????????? ???????????????? ?????? ?????????????????????????? ?????? ??????????, ?????? ?? ?????????????????????? ?????????????? ?? ?????????? ?????????????????? ??????????????. ???????????????? ?????????????????????????? ?? ???????????????????????????? ?????????????? ?????????? ???????????????? ????????????, ?????????? ?? ?????????????? ?? ???????????? ????????????, ?????????????? ???????????????? ???????????????? ?????? ?????????????????????????? ?????????? ?? ???????????????????? ????????????. ???????????? ?????????? ???????????? ?????????? ???????????? ?? ?????????????????????? ???? ?????????????????????? ????????????.

Keywords

???????????? ?????????????????? ?? ???????????? ????????????????????

Impact byBIP!

	selected citations These citations are derived from selected sources. This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).	0
	popularity This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.	Average
	influence This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).	Average
	impulse This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.	Average

Found an issue? Give us feedback

0

Average

Upload OA version

Are you the author of this publication? Upload your Open Access version to Zenodo!

It’s fast and easy, just two clicks!

uploadUpload now