JISE

[1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16]

Journal of Information Science and Engineering, Vol. 39 No. 1, pp. 167-181

Analysis of SQL Injection based on Petri Net in Wireless Network

YI-CHUAN WANG^1,2, GUI-LING ZHANG¹ AND YA-LING ZHANG^1,+
¹School of Computer Science and Engineering
²Shaanxi Key Laboratory for Network Computing and Security
Xi'an University of Technology
Xi'an, 710000 P.R. China
E-mail: {chuan; ylzhang}@xaut.edu.cn; 2167721368@qq.com

SQL injection is becoming more frequent and is urgent to be studied the defense mechanism. In this paper, a fine-grained Petri Net (PN) model is proposed to describe the process of SQL Boolean injection and SQL time blind injection. The results show that the speed of PN model simulating SQL injection can be scaled, such as 10 times the speed. It is conducive to faster-than-real-time simulation and prediction of unknown vulnerabilities when the injection speed is fast. It is good for fine-grained analysis of the attack and establish a patch model when the injection speed is slow. The modeling and simulation in this paper provide a theoretical guarantee for the occurrence mechanism of vulnerabilities and the discovery of unknown vulnerabilities.

Keywords: SQL injection, wireless network, network security, petri net, fine-grained modeling

Retrieve PDF document (JISE_202301_13.pdf)