公开(公告)号：US11108817B2

公开(公告)日：2021-08-31

申请号：US16156997

申请日：2018-10-10

Applicant: Beijing Baidu Netcom Science and Technology Co., Ltd.

Inventor： Hui Chen ,  Qiang Huang ,  Tianyu Wang ,  Zhaoyi Liu

IPC: H04L29/06 ,  G06F16/2455

Abstract: A method for detecting SQL injection interception is provided. The method includes: detecting a received SQL instruction according to a SQL syntax tree rule to determine that the received SQL instruction is a malicious instruction; and analyzing the received SQL instruction by using an analysis model to determine that the received SQL instruction is a potentially malicious instruction, in a case that the received SQL instruction is not determined to be a malicious instruction according to the SQL syntax tree rule. The method can combine the online detection and the offline analysis to intercept the invading malicious SQL commands, and can also find and supplement the loopholes of the rules through offline analysis.

公开(公告)号：US20190306191A1

公开(公告)日：2019-10-03

申请号：US16156997

申请日：2018-10-10

Applicant: Beijing Baidu Netcom Science and Technology Co., Ltd.

Inventor： Hui Chen ,  Qiang Huang ,  Tianyu Wang ,  Zhaoyi Liu

IPC: H04L29/06

Abstract: A method for detecting SQL injection interception is provided. The method includes: detecting a received SQL instruction according to a SQL syntax tree rule to determine that the received SQL instruction is a malicious instruction; and analyzing the received SQL instruction by using an analysis model to determine that the received SQL instruction is a potentially malicious instruction, in a case that the received SQL instruction is not determined to be a malicious instruction according to the SQL syntax tree rule. The method can combine the online detection and the offline analysis to intercept the invading malicious SQL commands, and can also find and supplement the loopholes of the rules through offline analysis.