Overview of SQL Injection Attack Detection Techniques

In today's rapid development of digital economy and digital transformation, SQLIA (SQL injection attack) against data infrastructure as a means of illegal access manipulation is a serious threat to data security, SQLIA methods are becoming more and more diverse and complex, and data security is facing serious challenges. SQLIA detection technology has become a research hotspot in the field of data security. At present, many domestic and foreign SQLIA detection technology methods are diverse and have their own characteristics, the SQLIA detection technology can be summarised to better open up new research ideas. In this paper, the current status and research progress of SQLIA detection technology are systematically reviewed. Firstly, the SQL injection attack mechanism is introduced and various injection methods and attack types are summarized. Then, the main techniques of SQLIA detection are analyzed, classified and summarized from four aspects: data analysis, feature training, syntactic semantics and pattern matching. Finally, the principles, advantages and disadvantages of the above four detection methods are summarized and evaluated, and SQLIA detection tools and technologies are compared from multiple indicators. The challenges existing in SQLIA detection methods and corresponding optimization technologies are discussed, and the key research directions in the future are prospeced. It is expected to provide some basic theoretical support and technical direction guidance for the subsequent integration of multiple detection methods, solving the problem of second-order SQL injection and creating a new theory of SQL attack and defense.