DETECTING MALICIOUS OBFUSCATION IN A SQL STATEMENT BASED ON AN EFFECT AND/OR PROCESSED VERSION THEREOF
Techniques are described herein that are capable of detecting malicious obfuscation in a SQL statement based at least in part on an effect and/or processed version of the SQL statement. In a first example, a raw version of a SQL statement is compared to a processed version of the SQL statement. A de...
Gespeichert in:
Hauptverfasser: | , , |
---|---|
Format: | Patent |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext bestellen |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
container_end_page | |
---|---|
container_issue | |
container_start_page | |
container_title | |
container_volume | |
creator | MAKHLEVICH, Michael KARPOVSKY, Andrey NASER EL DEEN, Fady |
description | Techniques are described herein that are capable of detecting malicious obfuscation in a SQL statement based at least in part on an effect and/or processed version of the SQL statement. In a first example, a raw version of a SQL statement is compared to a processed version of the SQL statement. A determination is made that a command in the processed version is not included in the raw version. The raw version is detected to be malicious based at least in part on the determination. In a second example, a SQL statement is bound to an event that results from execution of the SQL statement. Textual content of the SQL statement and an effect of the event are compared. The SQL statement is detected to be malicious based at least in part on the effect of the event not being indicated by the textual content. |
format | Patent |
fullrecord | <record><control><sourceid>epo_EVB</sourceid><recordid>TN_cdi_epo_espacenet_US2023224323A1</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>US2023224323A1</sourcerecordid><originalsourceid>FETCH-epo_espacenet_US2023224323A13</originalsourceid><addsrcrecordid>eNqNi0EKwjAQRbtxIeodBlyLmniBaTqxgTbRzLTbUiRdiRbq_bEFD-Dqf3jvrbOhICEjzl-hxsoZFxqGkNuGDYoLHpwHBL5XwIJCNXmBHJkKmBl6IGvnfH7FMUS4xWCIF9pS5CWXkiIFu81WQ_-c0u63m2xvSUx5SOO7S9PYP9IrfbqG1UlppS5aaTzr_6wvXO41nA</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>patent</recordtype></control><display><type>patent</type><title>DETECTING MALICIOUS OBFUSCATION IN A SQL STATEMENT BASED ON AN EFFECT AND/OR PROCESSED VERSION THEREOF</title><source>esp@cenet</source><creator>MAKHLEVICH, Michael ; KARPOVSKY, Andrey ; NASER EL DEEN, Fady</creator><creatorcontrib>MAKHLEVICH, Michael ; KARPOVSKY, Andrey ; NASER EL DEEN, Fady</creatorcontrib><description>Techniques are described herein that are capable of detecting malicious obfuscation in a SQL statement based at least in part on an effect and/or processed version of the SQL statement. In a first example, a raw version of a SQL statement is compared to a processed version of the SQL statement. A determination is made that a command in the processed version is not included in the raw version. The raw version is detected to be malicious based at least in part on the determination. In a second example, a SQL statement is bound to an event that results from execution of the SQL statement. Textual content of the SQL statement and an effect of the event are compared. The SQL statement is detected to be malicious based at least in part on the effect of the event not being indicated by the textual content.</description><language>eng</language><subject>CALCULATING ; COMPUTING ; COUNTING ; ELECTRIC COMMUNICATION TECHNIQUE ; ELECTRIC DIGITAL DATA PROCESSING ; ELECTRICITY ; PHYSICS ; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><creationdate>2023</creationdate><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&date=20230713&DB=EPODOC&CC=US&NR=2023224323A1$$EHTML$$P50$$Gepo$$Hfree_for_read</linktohtml><link.rule.ids>230,308,780,885,25564,76547</link.rule.ids><linktorsrc>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&date=20230713&DB=EPODOC&CC=US&NR=2023224323A1$$EView_record_in_European_Patent_Office$$FView_record_in_$$GEuropean_Patent_Office$$Hfree_for_read</linktorsrc></links><search><creatorcontrib>MAKHLEVICH, Michael</creatorcontrib><creatorcontrib>KARPOVSKY, Andrey</creatorcontrib><creatorcontrib>NASER EL DEEN, Fady</creatorcontrib><title>DETECTING MALICIOUS OBFUSCATION IN A SQL STATEMENT BASED ON AN EFFECT AND/OR PROCESSED VERSION THEREOF</title><description>Techniques are described herein that are capable of detecting malicious obfuscation in a SQL statement based at least in part on an effect and/or processed version of the SQL statement. In a first example, a raw version of a SQL statement is compared to a processed version of the SQL statement. A determination is made that a command in the processed version is not included in the raw version. The raw version is detected to be malicious based at least in part on the determination. In a second example, a SQL statement is bound to an event that results from execution of the SQL statement. Textual content of the SQL statement and an effect of the event are compared. The SQL statement is detected to be malicious based at least in part on the effect of the event not being indicated by the textual content.</description><subject>CALCULATING</subject><subject>COMPUTING</subject><subject>COUNTING</subject><subject>ELECTRIC COMMUNICATION TECHNIQUE</subject><subject>ELECTRIC DIGITAL DATA PROCESSING</subject><subject>ELECTRICITY</subject><subject>PHYSICS</subject><subject>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><fulltext>true</fulltext><rsrctype>patent</rsrctype><creationdate>2023</creationdate><recordtype>patent</recordtype><sourceid>EVB</sourceid><recordid>eNqNi0EKwjAQRbtxIeodBlyLmniBaTqxgTbRzLTbUiRdiRbq_bEFD-Dqf3jvrbOhICEjzl-hxsoZFxqGkNuGDYoLHpwHBL5XwIJCNXmBHJkKmBl6IGvnfH7FMUS4xWCIF9pS5CWXkiIFu81WQ_-c0u63m2xvSUx5SOO7S9PYP9IrfbqG1UlppS5aaTzr_6wvXO41nA</recordid><startdate>20230713</startdate><enddate>20230713</enddate><creator>MAKHLEVICH, Michael</creator><creator>KARPOVSKY, Andrey</creator><creator>NASER EL DEEN, Fady</creator><scope>EVB</scope></search><sort><creationdate>20230713</creationdate><title>DETECTING MALICIOUS OBFUSCATION IN A SQL STATEMENT BASED ON AN EFFECT AND/OR PROCESSED VERSION THEREOF</title><author>MAKHLEVICH, Michael ; KARPOVSKY, Andrey ; NASER EL DEEN, Fady</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-epo_espacenet_US2023224323A13</frbrgroupid><rsrctype>patents</rsrctype><prefilter>patents</prefilter><language>eng</language><creationdate>2023</creationdate><topic>CALCULATING</topic><topic>COMPUTING</topic><topic>COUNTING</topic><topic>ELECTRIC COMMUNICATION TECHNIQUE</topic><topic>ELECTRIC DIGITAL DATA PROCESSING</topic><topic>ELECTRICITY</topic><topic>PHYSICS</topic><topic>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</topic><toplevel>online_resources</toplevel><creatorcontrib>MAKHLEVICH, Michael</creatorcontrib><creatorcontrib>KARPOVSKY, Andrey</creatorcontrib><creatorcontrib>NASER EL DEEN, Fady</creatorcontrib><collection>esp@cenet</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>MAKHLEVICH, Michael</au><au>KARPOVSKY, Andrey</au><au>NASER EL DEEN, Fady</au><format>patent</format><genre>patent</genre><ristype>GEN</ristype><title>DETECTING MALICIOUS OBFUSCATION IN A SQL STATEMENT BASED ON AN EFFECT AND/OR PROCESSED VERSION THEREOF</title><date>2023-07-13</date><risdate>2023</risdate><abstract>Techniques are described herein that are capable of detecting malicious obfuscation in a SQL statement based at least in part on an effect and/or processed version of the SQL statement. In a first example, a raw version of a SQL statement is compared to a processed version of the SQL statement. A determination is made that a command in the processed version is not included in the raw version. The raw version is detected to be malicious based at least in part on the determination. In a second example, a SQL statement is bound to an event that results from execution of the SQL statement. Textual content of the SQL statement and an effect of the event are compared. The SQL statement is detected to be malicious based at least in part on the effect of the event not being indicated by the textual content.</abstract><oa>free_for_read</oa></addata></record> |
fulltext | fulltext_linktorsrc |
identifier | |
ispartof | |
issn | |
language | eng |
recordid | cdi_epo_espacenet_US2023224323A1 |
source | esp@cenet |
subjects | CALCULATING COMPUTING COUNTING ELECTRIC COMMUNICATION TECHNIQUE ELECTRIC DIGITAL DATA PROCESSING ELECTRICITY PHYSICS TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION |
title | DETECTING MALICIOUS OBFUSCATION IN A SQL STATEMENT BASED ON AN EFFECT AND/OR PROCESSED VERSION THEREOF |
url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-25T18%3A37%3A32IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-epo_EVB&rft_val_fmt=info:ofi/fmt:kev:mtx:patent&rft.genre=patent&rft.au=MAKHLEVICH,%20Michael&rft.date=2023-07-13&rft_id=info:doi/&rft_dat=%3Cepo_EVB%3EUS2023224323A1%3C/epo_EVB%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |