| Database system vulnerabilities are the main means of attacking database.Intruders can use it to illegally enter the database to threaten information security.At present,the database vulnerability detection methods mainly include two methods: penetration test and fuzzing.Compared with the penetration test,the fuzzing has better detection effect on unknown security vulnerabilities in the database system.However,the existing fuzzing technology still has shortcomings such as low accuracy and low pertinence in database vulnerability detection.A database vulnerability detection method based on fuzzing is designed.The whole detection process mainly includes two modules: static analysis and fuzzing.The static analysis module detects the possible database software vulnerabilities such as buffer overflow,format string and integer overflow in the database through the vulnerability model based detection method.The fuzzing module first automatically generates a database test case set by parsing the database protocol script and the SQL grammar,and filters the test cases according to the static analysis result,and retains test cases that may trigger potential security vulnerabilities.Then,the test case is executed by injecting abnormal data,and it is judged according to the state of the database whether a potential security vulnerability is triggered.If yes,the test case is recorded and the database state is resumed to continue the detection process.Throughout the process,the test case is automatically controlled by the DFA,and the genetic algorithm is used to continuously optimize the abnormal data set according to the test case execution result.Finally,the database vulnerability detection tool is implemented according to the Database vulnerability detection method based on fuzzing,and the experiment is performed on the MySQL database.Finally,the experimental results show that the method can effectively detect potential security vulnerabilities in database systems without false positives. |
PDF Full Text Request