中文摘要：

SQL注入攻击是Web应用面临的主要威胁之一,传统的检测方法针对客户端或服务器端进行。通过对SQL注入的一般过程及其流量特征分析,发现其在请求长度、连接数以及特征串等方面,与正常流量相比有较大区别,并据此提出了基于长度、连接频率和特征串的LFF（length-frequency-feature）检测方法,首次从网络流量分析的角度检测SQL注入行为。实验结果表明,在模拟环境下,LFF检测方法召回率在95%以上,在真实环境下,该方法也取得较好的检测效果。

英文摘要：

SQL injection attack is one of the main threats that many Web applications faced with. The traditional detec- tion method depended on the clients or servers. Firstly the process of SQL injection attack was analyzed, and then the dif- ferences between attack traffic and normal traffic in HTTP request length, HTTP connections and feature string were dis- covered. Based on the request length, request frequency and feature string, a new method, LFF （length-frequency-feature）, was proposed to detect SQL injection behaviors from network traffic. The results of experiments indicated that in simula- tion environments the recall of LFF approach reach up to 95%, and in real network traffic the LFF approach also get a good detection result.