基于反向数据流传播的SQL语句随机化

打开文本图片集

关键词：SQL注入攻击；SQL随机化；静态分析；数据流传播

中图分类号：TP311 文献标志码：A 文章编号：1001-3695（2025）10-027-3106-08

doi：10.19734/j.issn.1001-3695.2024.10.0598

Randomization of SQL statements based on reverse data flow propagation

Ma Jiaxin 1，2 ，Zhang Zheng²，Liu Peng1†，Liu Hao’，Zhou Wanqiu 1，2 ，Liu Hui³ （1.Endogeoutupslsce tionEngineringUeiteo;lf&tiinali xiang Henan 453000，China）

Abstract：Aplication programs userandomized SQL statements can access thedatabase and defend against SQL injection attacksinrandomized SQLenvironment.This paperanalyzedthechalengesof randomizationof SQL statements inapplication programs and proposed a SQL statement randomization method based onreverse data flow propagation.Reverse data flow propagationalgoritmcouldquicklyandaccuratelyidentifytheSQLstatementsinapplicationprogramsbytracing thedatapropagationofSQLstatementsinreverse，startingfromthedatabaseoperationfunction.Experimentsshowthat thealgorithmbasedon PHP8.O kernel recognizes SQL statements with an accuracy of 91.7% . The SQL statement randomization method based on reversedataflowpropagationismoreconvenientanduniversalthanthetraditionalmethod.Applicationprocessedbythis method canbe suitable for randomized SQL environment to defend against SQL injection attack.

Key words：SQL injection attack；SQL randomization；static analysis；data flow propagation

0引言

近年来，网络基础设施快速建设迭代，终端设备数量急剧增加，个人电脑、智能手机、家用电器等都可以便捷地接入互联网。（剩余21947字）