Design And Implementation Of The Anti SQL Injection System Based On NDIS Intermediate Driver

In recent years, WEB systems have been suffering from more and more frequent network security attacks. During many network security attacks, SQL injection attack has considerable threatening. Attackers spoof servers to execute malicious SQL commands through the submission of carefully constructed database query code, in order to get users’passwords and other sensitive information, and then get access to hosts’control etc. At present, how to prevent SQL injection attacks becomes a hot research issue in network security fields.This thesis firstly introduces the research background and the domestic and international research on the status of SQL injection attacks, and then gives a detailed analysis of the principle, characteristics, attack modes and common features of sentences of SQL injection attacks. Then this thesis summarizes common methods which defend SQL injection attacks and proposes a new solution according to the shortcomings of these methods, namely, to develop an anti SQL injection system based on NDIS intermediate driver.This thesis secondly gives the overall structure design of the anti SQL injection system. The system is divided into three modules:basic functional module, detection functional module, protection functional module. The design and implementation of detection functional module and protection functional module are described in detail by the thesis later. Detection functional module includes the filtration and the capture and the creation of the data packet as well as SQL injection attacks’ rules matching. The filtration and the capture and the creation of the data packet use the technique of NDIS intermediate driver and SQL injection attacks’rules matching uses regular expressions to write attack rules. Protection functional module includes the blacklist and application-driver communication. The blacklist is created by the two-way linked list named LIST_ENTRY and application-driver communication uses the technique of WINDOWS driver development.Finally, this thesis gives the result of system testing on anti SQL injection system in the LAN environment. The result shows that the system can effectively detect and defend common SQL injection attacks and makes very small influence on the performance of the machine. Thus the system reaches the anticipative design goal.