The Research And Implementation Of Assessment Technology For Threat Of SQL Injection

Threat alerts of SQL injection is an important intelligence that it is the premise of decision-makers can develop operational plans and make decisions.Assessing quantitatively threat of SQL injection,to generate threat alerts;it plays an important role and has a significance of assessing the degree of threat faced by decision-makers and providing appropriate recommendations.For this reason,researching threat assessment techniques of SQL injection is needed.The main contributions can be summarized as follows:1?Describe the role and significance of threat assessment techniques of SQL injection for emergency response and decision-making,analyze and summarize the the current research on the threat assessment,and point out the problem about the lack of a pre-invasion threat assessment technique that can automatically determine the threat level and generate threat alerts.To this problem,research objective and content of the paper arc determined.2?Follow the research objective and content,we introduce the educational measurement theory,and reference the quantitative method of A/D converter,the description methods of assessment elements and threat levels and so on.Then we define the behavior of elements quantification,element-values standardization and alerts generation,and analyze activities constitute and behavioral characteristics.According to the activities constitute,we establish pushdown automaton model of threat assessment and prove up its reachability of final status.3?Based on the process of the reachability of final status,we design framework algorithm of threat assessment;According to functions of automaton model,three sub-algorithms are desiged,they are elements quantification,element-values standardization,alerts generation.4?By using object-oriented software development method,we design and implement a prototype system named Threat-Asessment.Then we design user cases,and use the threat reports of SQL injection,to verify the effectiveness of the threat assessment technique on quantifying elenlents,standardizing element-values and generating alerts.The experiments show that threat-Asessment meets the requirements,that is,it can determine the threat level,and provide the appropriate recommendations.