Proceedings of the 2012 National Conference on Information Technology and Computer Science

A Java Source-code SQL Injection Attack Detection Algorithm Based on Static Analysis

Authors
Tian Wang, Lihao Wei, Hong Zou
Corresponding Author
Tian Wang
Available Online November 2012.
DOI
https://doi.org/10.2991/citcs.2012.167How to use a DOI?
Keywords
static analysis; SQL injection attack; abstract syntax tree.
Abstract
This paper researches the method of SQL injection attack detection and the principle of static analysis scanning, and presents a Java source-code SQL injection attack detection algorithm. The detection algorithm includes these steps: lexical analysis of source code, parsing of source code, constructing abstract syntax tree of source code, defining rules, abstract syntax tree traversal, tracking problems, detecting possible paths of SQL injection attack etc. Test results show the proposed detection algorithm in this paper performs perfectly and has higher recognition rate.
Open Access
This is an open access article distributed under the CC BY-NC license.

Download article (PDF)

Proceedings
2012 National Conference on Information Technology and Computer Science
Part of series
Advances in Intelligent Systems Research
Publication Date
November 2012
ISBN
978-94-91216-39-8
ISSN
1951-6851
DOI
https://doi.org/10.2991/citcs.2012.167How to use a DOI?
Open Access
This is an open access article distributed under the CC BY-NC license.

Cite this article

TY  - CONF
AU  - Tian Wang
AU  - Lihao Wei
AU  - Hong Zou
PY  - 2012/11
DA  - 2012/11
TI  - A Java Source-code SQL Injection Attack Detection Algorithm Based on Static Analysis
BT  - 2012 National Conference on Information Technology and Computer Science
PB  - Atlantis Press
SP  - 653
EP  - 655
SN  - 1951-6851
UR  - https://doi.org/10.2991/citcs.2012.167
DO  - https://doi.org/10.2991/citcs.2012.167
ID  - Wang2012/11
ER  -