DETECTING MALICIOUS OBFUSCATION IN A SQL STATEMENT BASED ON AN EFFECT AND/OR PROCESSED VERSION THEREOF

Techniques are described herein that are capable of detecting malicious obfuscation in a SQL statement based at least in part on an effect and/or processed version of the SQL statement. In a first example, a raw version of a SQL statement is compared to a processed version of the SQL statement. A de...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: MAKHLEVICH, Michael, KARPOVSKY, Andrey, NASER EL DEEN, Fady
Format: Patent
Sprache:eng
Schlagworte:
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue
container_start_page
container_title
container_volume
creator MAKHLEVICH, Michael
KARPOVSKY, Andrey
NASER EL DEEN, Fady
description Techniques are described herein that are capable of detecting malicious obfuscation in a SQL statement based at least in part on an effect and/or processed version of the SQL statement. In a first example, a raw version of a SQL statement is compared to a processed version of the SQL statement. A determination is made that a command in the processed version is not included in the raw version. The raw version is detected to be malicious based at least in part on the determination. In a second example, a SQL statement is bound to an event that results from execution of the SQL statement. Textual content of the SQL statement and an effect of the event are compared. The SQL statement is detected to be malicious based at least in part on the effect of the event not being indicated by the textual content.
format Patent
fullrecord <record><control><sourceid>epo_EVB</sourceid><recordid>TN_cdi_epo_espacenet_US2023224323A1</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>US2023224323A1</sourcerecordid><originalsourceid>FETCH-epo_espacenet_US2023224323A13</originalsourceid><addsrcrecordid>eNqNi0EKwjAQRbtxIeodBlyLmniBaTqxgTbRzLTbUiRdiRbq_bEFD-Dqf3jvrbOhICEjzl-hxsoZFxqGkNuGDYoLHpwHBL5XwIJCNXmBHJkKmBl6IGvnfH7FMUS4xWCIF9pS5CWXkiIFu81WQ_-c0u63m2xvSUx5SOO7S9PYP9IrfbqG1UlppS5aaTzr_6wvXO41nA</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>patent</recordtype></control><display><type>patent</type><title>DETECTING MALICIOUS OBFUSCATION IN A SQL STATEMENT BASED ON AN EFFECT AND/OR PROCESSED VERSION THEREOF</title><source>esp@cenet</source><creator>MAKHLEVICH, Michael ; KARPOVSKY, Andrey ; NASER EL DEEN, Fady</creator><creatorcontrib>MAKHLEVICH, Michael ; KARPOVSKY, Andrey ; NASER EL DEEN, Fady</creatorcontrib><description>Techniques are described herein that are capable of detecting malicious obfuscation in a SQL statement based at least in part on an effect and/or processed version of the SQL statement. In a first example, a raw version of a SQL statement is compared to a processed version of the SQL statement. A determination is made that a command in the processed version is not included in the raw version. The raw version is detected to be malicious based at least in part on the determination. In a second example, a SQL statement is bound to an event that results from execution of the SQL statement. Textual content of the SQL statement and an effect of the event are compared. The SQL statement is detected to be malicious based at least in part on the effect of the event not being indicated by the textual content.</description><language>eng</language><subject>CALCULATING ; COMPUTING ; COUNTING ; ELECTRIC COMMUNICATION TECHNIQUE ; ELECTRIC DIGITAL DATA PROCESSING ; ELECTRICITY ; PHYSICS ; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><creationdate>2023</creationdate><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20230713&amp;DB=EPODOC&amp;CC=US&amp;NR=2023224323A1$$EHTML$$P50$$Gepo$$Hfree_for_read</linktohtml><link.rule.ids>230,308,780,885,25564,76547</link.rule.ids><linktorsrc>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20230713&amp;DB=EPODOC&amp;CC=US&amp;NR=2023224323A1$$EView_record_in_European_Patent_Office$$FView_record_in_$$GEuropean_Patent_Office$$Hfree_for_read</linktorsrc></links><search><creatorcontrib>MAKHLEVICH, Michael</creatorcontrib><creatorcontrib>KARPOVSKY, Andrey</creatorcontrib><creatorcontrib>NASER EL DEEN, Fady</creatorcontrib><title>DETECTING MALICIOUS OBFUSCATION IN A SQL STATEMENT BASED ON AN EFFECT AND/OR PROCESSED VERSION THEREOF</title><description>Techniques are described herein that are capable of detecting malicious obfuscation in a SQL statement based at least in part on an effect and/or processed version of the SQL statement. In a first example, a raw version of a SQL statement is compared to a processed version of the SQL statement. A determination is made that a command in the processed version is not included in the raw version. The raw version is detected to be malicious based at least in part on the determination. In a second example, a SQL statement is bound to an event that results from execution of the SQL statement. Textual content of the SQL statement and an effect of the event are compared. The SQL statement is detected to be malicious based at least in part on the effect of the event not being indicated by the textual content.</description><subject>CALCULATING</subject><subject>COMPUTING</subject><subject>COUNTING</subject><subject>ELECTRIC COMMUNICATION TECHNIQUE</subject><subject>ELECTRIC DIGITAL DATA PROCESSING</subject><subject>ELECTRICITY</subject><subject>PHYSICS</subject><subject>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><fulltext>true</fulltext><rsrctype>patent</rsrctype><creationdate>2023</creationdate><recordtype>patent</recordtype><sourceid>EVB</sourceid><recordid>eNqNi0EKwjAQRbtxIeodBlyLmniBaTqxgTbRzLTbUiRdiRbq_bEFD-Dqf3jvrbOhICEjzl-hxsoZFxqGkNuGDYoLHpwHBL5XwIJCNXmBHJkKmBl6IGvnfH7FMUS4xWCIF9pS5CWXkiIFu81WQ_-c0u63m2xvSUx5SOO7S9PYP9IrfbqG1UlppS5aaTzr_6wvXO41nA</recordid><startdate>20230713</startdate><enddate>20230713</enddate><creator>MAKHLEVICH, Michael</creator><creator>KARPOVSKY, Andrey</creator><creator>NASER EL DEEN, Fady</creator><scope>EVB</scope></search><sort><creationdate>20230713</creationdate><title>DETECTING MALICIOUS OBFUSCATION IN A SQL STATEMENT BASED ON AN EFFECT AND/OR PROCESSED VERSION THEREOF</title><author>MAKHLEVICH, Michael ; KARPOVSKY, Andrey ; NASER EL DEEN, Fady</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-epo_espacenet_US2023224323A13</frbrgroupid><rsrctype>patents</rsrctype><prefilter>patents</prefilter><language>eng</language><creationdate>2023</creationdate><topic>CALCULATING</topic><topic>COMPUTING</topic><topic>COUNTING</topic><topic>ELECTRIC COMMUNICATION TECHNIQUE</topic><topic>ELECTRIC DIGITAL DATA PROCESSING</topic><topic>ELECTRICITY</topic><topic>PHYSICS</topic><topic>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</topic><toplevel>online_resources</toplevel><creatorcontrib>MAKHLEVICH, Michael</creatorcontrib><creatorcontrib>KARPOVSKY, Andrey</creatorcontrib><creatorcontrib>NASER EL DEEN, Fady</creatorcontrib><collection>esp@cenet</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>MAKHLEVICH, Michael</au><au>KARPOVSKY, Andrey</au><au>NASER EL DEEN, Fady</au><format>patent</format><genre>patent</genre><ristype>GEN</ristype><title>DETECTING MALICIOUS OBFUSCATION IN A SQL STATEMENT BASED ON AN EFFECT AND/OR PROCESSED VERSION THEREOF</title><date>2023-07-13</date><risdate>2023</risdate><abstract>Techniques are described herein that are capable of detecting malicious obfuscation in a SQL statement based at least in part on an effect and/or processed version of the SQL statement. In a first example, a raw version of a SQL statement is compared to a processed version of the SQL statement. A determination is made that a command in the processed version is not included in the raw version. The raw version is detected to be malicious based at least in part on the determination. In a second example, a SQL statement is bound to an event that results from execution of the SQL statement. Textual content of the SQL statement and an effect of the event are compared. The SQL statement is detected to be malicious based at least in part on the effect of the event not being indicated by the textual content.</abstract><oa>free_for_read</oa></addata></record>
fulltext fulltext_linktorsrc
identifier
ispartof
issn
language eng
recordid cdi_epo_espacenet_US2023224323A1
source esp@cenet
subjects CALCULATING
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
title DETECTING MALICIOUS OBFUSCATION IN A SQL STATEMENT BASED ON AN EFFECT AND/OR PROCESSED VERSION THEREOF
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-25T18%3A37%3A32IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-epo_EVB&rft_val_fmt=info:ofi/fmt:kev:mtx:patent&rft.genre=patent&rft.au=MAKHLEVICH,%20Michael&rft.date=2023-07-13&rft_id=info:doi/&rft_dat=%3Cepo_EVB%3EUS2023224323A1%3C/epo_EVB%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true