CN114218577A - API risk determination method, device, equipment and medium - Google Patents

API risk determination method, device, equipment and medium Download PDF

Info

Publication number
CN114218577A
CN114218577A CN202111619481.0A CN202111619481A CN114218577A CN 114218577 A CN114218577 A CN 114218577A CN 202111619481 A CN202111619481 A CN 202111619481A CN 114218577 A CN114218577 A CN 114218577A
Authority
CN
China
Prior art keywords
api
value
alarm
determining
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111619481.0A
Other languages
Chinese (zh)
Inventor
李璇
李新宁
袁帅
黄�俊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nsfocus Technologies Inc
Nsfocus Technologies Group Co Ltd
Original Assignee
Nsfocus Technologies Inc
Nsfocus Technologies Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nsfocus Technologies Inc, Nsfocus Technologies Group Co Ltd filed Critical Nsfocus Technologies Inc
Priority to CN202111619481.0A priority Critical patent/CN114218577A/en
Publication of CN114218577A publication Critical patent/CN114218577A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/32Monitoring with visual or acoustical indication of the functioning of the machine
    • G06F11/324Display of status information
    • G06F11/327Alarm or error message display
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Quality & Reliability (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The embodiment of the invention provides a method, a device, equipment and a medium for determining risk of an API (application program interface), which are used for improving the accuracy of risk evaluation of each API. In the embodiment of the invention, when the target risk value of a certain API is determined, the first risk value determined according to the alarm information received within the preset time length is determined not only according to the alarm information of a certain time, so that the first risk value of the API attacked by each alarm category can be accurately determined. According to the first risk value, the importance level of the API and the threat level of each alarm category, the accuracy of risk assessment of the API can be improved.

Description

API risk determination method, device, equipment and medium
Technical Field
The present invention relates to the field of network security technologies, and in particular, to a method, an apparatus, a device, and a medium for determining a risk of an Application Programming Interface (API).
Background
With the continuous deepening of the enterprise internet process, more and more services are migrated to the cloud. The enterprise is required to use a large number of APIs for business interaction and external services, for example, using a Representational state transfer-ful (Restful) API. The attacker typically performs exploitation penetration through the API to obtain more revenue in order to obtain data.
In the prior art, when detecting whether each API is at risk due to attack, the API is detected in a single point through each detection device and a preset detection rule, however, the single point detection is performed only once, and whether the detected API is attacked or not is not necessarily accurate. In addition, different attack means have different harmfulness and different losses to the API. The importance of different APIs is the same and the risk of attacks on different APIs is different.
Disclosure of Invention
The embodiment of the invention provides a method, a device, equipment and a medium for determining risk of an API (application program interface), which are used for improving the accuracy of risk evaluation of each API.
In a first aspect, an embodiment of the present invention provides a method for determining a risk of an API, where the method includes:
if the current condition meets the risk determination condition, acquiring each alarm message received within a preset time length before the current time according to the stored time for receiving each alarm message; acquiring the detected API carried in each alarm message;
aiming at each detected API, acquiring each target alarm information carrying the API; acquiring the alarm category carried in each target alarm message; counting the target quantity of target alarm information carrying the alarm category aiming at each alarm category, and determining the target probability value of the API attacked by the alarm category according to a preset value and the target quantity by adopting a first preset function; determining the loss value of the API attacked by the alarm category according to the preset important level of the API and the threat level of the alarm category by adopting a second preset function; determining a first risk value of the API attacked by the alarm category according to the target probability value and the loss value by adopting a third preset function; and determining a target risk value of the API according to the first risk value of the API attacked by each alarm type and the loss value of the API attacked by each alarm type.
Further, the currently satisfied risk determination condition includes:
if a risk determination request is received, determining that a risk determination condition is currently met; or
And if the time interval between the current time and the time of the last risk determination reaches a set time threshold, determining that the risk determination condition is currently met.
Further, the determining, by using the first preset function, the target probability value of the API attacked by the alarm category according to the preset value and the target number includes:
determining the probability value of the API not attacked by the alarm category according to the first product of the first preset value and the target number;
and determining the target probability value of the API attacked by the alarm category according to the difference value between the second preset value and the probability value.
Further, the determining, according to the first product of the first preset value and the target number, a probability value that the API is not attacked by the alarm category includes:
and determining a first product of the first preset value and the target number, and determining a third preset value as a base number, wherein the first product is a numerical value of an index and is a probability value that the API is not attacked by the alarm type.
Further, the determining, by using a second preset function, the loss value of the API attacked by the alarm category according to the preset importance level of the API and the preset threat level of the alarm category includes:
and determining the loss value of the API attacked by the alarm category according to a second product of the preset importance level of the API and the preset threat level of the alarm category.
Further, the determining, according to a second product of the preset importance level of the API and the preset threat level of the alarm category, a loss value of the API under attack of the alarm category includes:
and determining a second product of the preset importance level of the API and the preset threat level of the alarm category, and determining the second product as a loss value of the API attacked by the alarm category.
Further, the determining, by using a third preset function, the first risk value of the API attacked by the alarm category according to the target probability value and the loss value includes:
and determining a first risk value of the API attacked by the alarm category according to a third product of the target probability value and the loss value.
Further, the determining, according to the third product of the target probability value and the loss value, a first risk value of the API being attacked by the alarm category includes:
and determining a third product of the target probability value and the loss value, and determining the third product as a first risk value of the API attacked by the alarm category.
Further, the determining the target risk value of the API according to the first risk value of the API under attack by each alarm type and the loss value of the API under attack by each alarm type includes:
determining a second risk value of the API attacked according to the first sum of the first risk values of the API attacked by each alarm category;
determining a target loss value attacked by the API according to the second sum of the loss values attacked by each alarm type of the API;
and determining the target risk value of the API according to the ratio of the second risk value to the target loss value.
Further, the determining the target risk value of the API according to the ratio of the second risk value to the target loss value includes:
determining a ratio of the second risk value to the target loss value, and determining the ratio as a target risk value for the API.
In a second aspect, an embodiment of the present invention further provides an apparatus for determining a risk of an API, where the apparatus includes:
the acquisition module is used for acquiring each alarm message received within a preset time length before the current time according to the stored time for receiving each alarm message if the current condition for determining the risk is met; acquiring the detected API carried in each alarm message;
the processing module is used for acquiring each target alarm information carrying the API aiming at each detected API; acquiring the alarm category carried in each target alarm message; counting the target quantity of target alarm information carrying the alarm category aiming at each alarm category, and determining the target probability value of the API attacked by the alarm category according to a preset value and the target quantity by adopting a first preset function; determining the loss value of the API attacked by the alarm category according to the preset important level of the API and the threat level of the alarm category by adopting a second preset function; determining a first risk value of the API attacked by the alarm category according to the target probability value and the loss value by adopting a third preset function; and determining a target risk value of the API according to the first risk value of the API attacked by each alarm type and the loss value of the API attacked by each alarm type.
Further, the obtaining module is specifically configured to determine that a risk determination condition is currently satisfied if a risk determination request is received; or if the time interval between the current time and the time of the last risk determination reaches a set time threshold, determining that the risk determination condition is currently met.
Further, the processing module is specifically configured to determine, according to a first product of a first preset value and the target number, a probability value that the API is not attacked by the alarm category; and determining the target probability value of the API attacked by the alarm category according to the difference value between the second preset value and the probability value.
Further, the processing module is specifically configured to determine a first product of a first preset value and the target number, and determine that a third preset value is a base number, where the first product is a value of an index and is a probability value that the API is not attacked by the alarm category.
Further, the processing module is specifically configured to determine a loss value of the API under attack of the alarm category according to a second product of the preset importance level of the API and the preset threat level of the alarm category.
Further, the processing module is specifically configured to determine a second product of the preset importance level of the API and the preset threat level of the alarm category, and determine that the second product is a loss value of the API under attack of the alarm category.
Further, the processing module is specifically configured to determine, according to a third product of the target probability value and the loss value, a first risk value of the API under attack of the alarm category.
Further, the processing module is specifically configured to determine a third product of the target probability value and the loss value, and determine that the third product is a first risk value of the API being attacked by the alarm category.
Further, the processing module is specifically configured to determine, according to a first sum of first risk values of the API attacked by each alarm category, a second risk value of the API attacked; determining a target loss value attacked by the API according to the second sum of the loss values attacked by each alarm type of the API; and determining the target risk value of the API according to the ratio of the second risk value to the target loss value.
Further, the processing module is specifically configured to determine a ratio of the second risk value to the target loss value, and determine that the ratio is a target risk value of the API.
In a third aspect, an embodiment of the present invention further provides an electronic device, where the electronic device at least includes a processor and a memory, and the processor is configured to execute the steps of the API risk determination method when executing a computer program stored in the memory.
In a fourth aspect, an embodiment of the present invention further provides a computer-readable storage medium, which stores a computer program, and when the computer program is executed by a processor, the computer program performs the steps of the API risk determination method.
In the embodiment of the invention, when the risk determination condition is met currently, the electronic equipment acquires each alarm message received within a preset time length before the current time, and acquires the detected API carried in each alarm message. Aiming at each detected API, acquiring each target alarm information carrying the API; the method comprises the steps of obtaining the alarm category carried in each target alarm information, counting the target number of the target alarm information carrying the alarm category aiming at each alarm category, determining a first risk value of the API attacked by the alarm category according to the target number, the threat level of the alarm category and the importance level of the API, and determining the target risk value of the API according to the first risk value of the API attacked by each alarm category, the importance level of the API and the threat level corresponding to each alarm category. In the embodiment of the invention, when the target risk value of a certain API is determined, the first risk value determined according to the alarm information received within the preset time length is determined not only according to the alarm information of a certain time, so that the first risk value of the API attacked by each alarm category can be accurately determined. According to the first risk value, the importance level of the API and the threat level of each alarm category, the accuracy of risk assessment of the API can be improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic diagram of a risk determination process of an API provided in an embodiment of the present invention;
fig. 2 is a schematic diagram of a risk determination process of an API provided in an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an API risk determination apparatus according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of an electronic device according to the present invention.
Detailed Description
The present invention will be described in further detail with reference to the attached drawings, and it should be understood that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In order to improve the accuracy of risk assessment of each API, embodiments of the present invention provide a method, an apparatus, a device, and a medium for determining risk of an API.
Example 1:
fig. 1 is a schematic diagram of a risk determination process of an API provided by an embodiment of the present invention, where the process includes the following steps:
s101: if the current condition meets the risk determination condition, acquiring each alarm message received within a preset time length before the current time according to the stored time for receiving each alarm message; and acquiring the detected API carried in each alarm message.
The API risk determination method provided by the embodiment of the invention is applied to electronic equipment, and the electronic equipment can be intelligent equipment such as a PC (personal computer) or a server.
In the embodiment of the invention, when the risk of determining the API is required, each alarm information carries the detected API, so that each alarm information can be obtained based on the detected API carried in each alarm information.
Specifically, when the risk determination condition is currently satisfied, the electronic device may determine that there is a current need to determine the risk of the API. If the risk determination condition is that a certain type of alarm information is received, it is determined that the risk determination condition is currently satisfied.
Because the risk of the API cannot be accurately determined only according to the single alarm result, in the embodiment of the present invention, when the risk determination condition is currently satisfied, the electronic device obtains each alarm message received within a preset time length before the current time. Specifically, the time of receiving each alarm message may be stored in the electronic device, and each alarm message received within the preset time period before the current time may be determined according to the time of receiving the alarm message, the current time, and the preset time period. The preset time length Δ T may be any time length, for example, 2 hours (hours, h), and a value of the preset time length may be flexibly configured as required.
In order to determine whether each API is at risk, after acquiring each alarm message received within a preset time period before the current time, the electronic device acquires each API carried in each alarm message, and may further determine whether each detected API is at risk.
S102: aiming at each detected API, acquiring each target alarm information carrying the API; acquiring the alarm category carried in each target alarm message; counting the target quantity of target alarm information carrying the alarm category aiming at each alarm category, and determining the target probability value of the API attacked by the alarm category according to a preset value and the target quantity by adopting a first preset function; determining the loss value of the API attacked by the alarm category according to the preset important level of the API and the threat level of the alarm category by adopting a second preset function; determining a first risk value of the API attacked by the alarm category according to the target probability value and the loss value by adopting a third preset function; and determining a target risk value of the API according to the first risk value of the API attacked by each alarm type and the loss value of the API attacked by each alarm type.
In the embodiment of the present invention, for each detected API, the electronic device may determine a target risk value of the API, where the size of the target risk value may indicate the size of the risk existing in the API, where the larger the target risk value is, the greater the possibility of the risk existing in the API is, and conversely, the smaller the target risk value is, the smaller the possibility of the risk existing in the API is. When the electronic device determines the target risk value of the API, it may determine a first risk value of the API being attacked by each alarm category, and determine the target risk value of the API according to the first risk value of the API being attacked by each alarm category. The alarm categories include Structured Query Language (SQL) injection, command injection, abnormal behavior, vulnerability authentication, and the like.
In order to determine whether each API has a risk, in the embodiment of the present invention, for each detected API, a first risk value of the API under attack of each alarm category may be counted. Since the greater the probability that an API is attacked by an alarm class, the greater the first risk value that the API is attacked by the alarm class, and the greater the loss that the API is attacked by the alarm class. Therefore, the electronic device may first determine, for each alarm category, a first risk value of each API being attacked by the alarm category.
Specifically, when the first risk value is determined, the first risk value is related to a target probability value and a loss value of the API under the attack of the alarm type. Therefore, the target probability value and the loss value of the API under the attack of the alarm category need to be determined.
For each alarm category, the more the number of the target alarm information carrying the alarm category in the alarm information is, the greater the target probability value of the API attacked by the alarm category is. In addition, each alarm information carries a corresponding alarm category, so that the electronic device can firstly acquire the target number of each target alarm information carrying the alarm category, and after the target number is acquired, the target probability value of the API attacked by the alarm category is determined according to the preset value and the target number by adopting a first preset function.
The method for determining the target probability value may be determining an inverse number of the target number, determining a difference between the preset value and the inverse number, and determining the difference as the target probability value of the API attacked by the alarm category.
The higher the importance level of an API is, the higher the loss value of the API is attacked; the higher the threat level of an alarm class, the greater the loss value of the API under attack for that alarm class. The importance level of each API and the threat level of each alarm category are preset in the electronic equipment, wherein the importance level of each API and the threat level of each alarm category are preset by staff. When the electronic device determines, for each detected API, a loss value of the API under attack of a certain alarm category, a second preset function may be used to determine, according to a preset importance level of the API and a preset threat level of the alarm category, a loss value of the API under attack of the alarm category.
For each detected API, when determining the first risk value of the API under attack of a certain alarm category, the electronic device may determine, by using a third preset function, the target probability value of the API under attack of the alarm category and the loss value of the API under attack of the alarm category, and then determine, according to the target probability value and the loss function, the first risk value of the API under attack of the alarm category.
In this embodiment of the present invention, for each detected API, the electronic device may determine the target risk value of the API according to the first risk value of the API attacked by each alarm category and the loss value of the API attacked by each alarm category.
In addition, in the embodiment of the invention, the alarm information can be sent to the electronic equipment for the detection equipmentSpecifically, the detection device may detect different alarm categories according to different preset rules. The rule may be a detection scenario related to API combing by a manager, for example, SQL injection, abnormal period access, authentication vulnerability utilization, and the like, and a rule list (scell) corresponding to the alarm category is correspondingly formedi]I is the identifier of the alarm category, ruleidiIn the embodiment of the present invention, the rule list may be stored in the alarm rule base for the rule correspondingly adopted when the detection device detects the i-th alarm category.
In the embodiment of the invention, when the target risk value of a certain API is determined, the first risk value determined according to the alarm information received within the preset time length is determined not only according to the alarm information of a certain time, so that the first risk value of the API attacked by each alarm category can be accurately determined. According to the first risk value, the importance level of the API and the threat level of each alarm category, the accuracy of risk assessment of the API can be improved.
Example 2:
in order to determine whether the risk determination condition is currently satisfied, on the basis of the above embodiment, in an embodiment of the present invention, the currently satisfied risk determination condition includes:
if a risk determination request is received, determining that a risk determination condition is currently met; or
And if the time interval between the current time and the time of the last risk determination reaches a set time threshold, determining that the risk determination condition is currently met.
In the embodiment of the present invention, it may be determined that the risk determination condition is currently satisfied when the electronic device receives the risk determination request. For example, the manager may send a risk determination request to the electronic device through a preset device.
In addition, in the embodiment of the present invention, the time of performing the risk determination last time may be stored in the electronic device, a time interval between the current time and the time of performing the risk determination last time is determined in real time, whether the time interval reaches a set time threshold is determined, and if the time interval reaches the set time threshold, it is determined that the risk determination condition is currently satisfied. The set time threshold may be any time duration, for example, 2 h.
Specifically, the alarm information reported by the detection device is received in real time during the operation of the electronic device, and the received alarm information is stored, for example, the alarm information may be stored in a database. And periodically determining the target risk value of each detected API. For example, when the time threshold Δ step is set to 1h, it means that the target risk value of the API is determined every 1 h. The setting time threshold Δ step can be flexibly configured according to the requirement, but is not too large. In order to avoid obtaining some alarm information for multiple times when determining the target risk value twice, in the embodiment of the present invention, the set time threshold is greater than the preset time length described above, that is, the set time threshold Δ step > Δ T.
In the embodiment of the invention, for each detected API, the electronic device may periodically determine the target risk value of the API through the set time threshold, so as to draw a corresponding curve according to each determined target risk value of the API and the corresponding determined time, and further display the curve, so that a manager may monitor the current target risk value and the risk change curve of the API.
In order to determine a target probability value of the API attacked by a certain alarm category, on the basis of the foregoing embodiments, in an embodiment of the present invention, determining the target probability value of the API attacked by the alarm category according to a preset value and the target number by using a first preset function includes:
determining the probability value of the API not attacked by the alarm category according to the first product of the first preset value and the target number;
and determining the target probability value of the API attacked by the alarm category according to the difference value between the second preset value and the probability value.
For each detected API, when the target probability value of the API attacked by a certain alarm category is determined, the more the number of the target alarm information carrying the alarm category is, the larger the target probability value of the API attacked by the alarm category is. Therefore, the electronic device can determine the target probability value of the API attacked by the alarm category according to the number of the targets carrying the target alarm information of the alarm category.
For each detected API, when determining a target probability value that the API is attacked by a certain alarm category, the electronic device may first determine a first preset value, which is a first product of a first preset value and a target number carrying target alarm information of the alarm category, where the first preset value is any negative number, so that the larger the target number is, the smaller the first product is, and after determining the first product, may determine a probability value that the API is not attacked by the alarm category according to the first product, so that the larger the first product is, the larger the probability value is, that is, the larger the target number is, the smaller the first product is, the smaller the probability value that the API is not attacked by the alarm category is, and thus, the probability value that the API is not attacked by the alarm category can be accurately determined.
After determining the probability value that the API is not attacked by the alarm category, the electronic device may determine a difference between a second preset value and the probability value, where the difference is the probability value that the API is attacked by the alarm category. Since the probability value is a value greater than 0 and less than 1, the second predetermined value is a value greater than 0 and not greater than 1.
In order to determine a probability value that the API is not attacked by a certain alarm category, based on the foregoing embodiments, in an embodiment of the present invention, determining the probability value that the API is not attacked by the alarm category according to a first product of a first preset value and the target number includes:
and determining a first product of the first preset value and the target number, and determining a third preset value as a base number, wherein the first product is a numerical value of an index and is a probability value that the API is not attacked by the alarm type.
In the embodiment of the present invention, after determining the first product of the first preset value and the target number, it may be determined that the third preset value is a base number, and when the first product is an exponent, the obtained value is a probability value that the API is not attacked by the alarm category. Wherein the third predetermined value is any value greater than 1, for example, e. Therefore, the probability value is smaller than 1, which is more suitable for the actual application scenario, and in addition, the larger the first product is, the larger the probability value is, that is, the larger the target number is, the smaller the first product is, the smaller the probability value of the API not suffering from the attack of the alarm category is, so that the probability value of the API not suffering from the attack of the alarm category can be accurately determined.
In this embodiment of the present invention, if the third preset value is e, for each detected API, the target probability value of the API attacked by a certain alarm category may be determined in the following manner:
a-er*cnti
wherein "a" is a second predetermined value, "r" is a first predetermined value, and cnti is the target number.
In the embodiment of the present invention, the relationship between the number of targets and the probability value of the attacked target may be adjusted by adjusting the first preset value, for example, when r is-0.3, a is 1, cnti is 10, and 1-er*cntiAnd if the probability value is approximate to 1, the probability value of the target of the API attacked by the alarm category is almost 1 when the target alarm information carrying the alarm category appears 10 times.
Example 3:
in order to determine a loss value of an API under attack of a certain alarm category, on the basis of the foregoing embodiments, in an embodiment of the present invention, the determining, by using a second preset function, the loss value of the API under attack of the alarm category according to a preset importance level of the API and a preset threat level of the alarm category includes:
and determining the loss value of the API attacked by the alarm category according to a second product of the preset importance level of the API and the preset threat level of the alarm category.
Since the higher the importance level of an API is, the higher the loss value of the API under attack is, the higher the threat level of an alarm category is, the higher the loss value of the API under attack is. Therefore, for each detected API, when determining a loss value of the API under attack of a certain alarm category, the electronic device may obtain a preset second product of the importance level of the API and the threat level of the alarm category, where the higher the importance level of the API is, the larger the second product is, the higher the threat level of the alarm category is, and the larger the second product is, the larger the loss value of the API under attack of the alarm category is. Therefore, the electronic device can determine the loss value of the API under the attack of the alarm class according to the second product. The loss value represents the loss of the risk of the alarm category to the API, and the loss value comprehensively considers the threat level of the alarm category and the importance level of the API. Specifically, the electronic device may determine that a product of the second product and any positive integer is a loss value of the API under the attack of the alarm category, and may also determine that a sum of the second product and any value is a loss value of the API under the attack of the alarm category.
In an embodiment of the present invention, which APIs are included may be actively identified in advance by the asset scanner or combed by way of design/code review. The manager combines the user service characteristics to establish the importance level of each API and output the importance level knowledge base AssetL of the API<APIa,assetlevela>]The a is the identifier of API, wherein the assetlevelaIs an APIaThe importance level of. The importance levels of the APIs may be divided into 3 levels, and for example, the manager may previously determine the importance level of the API with a higher importance level as 3, the importance level of the API with the second importance level as 2, and the importance level of the API with a lower importance level as 1. In an embodiment of the present invention, the electronic device may obtain the importance level of the API in the importance level repository.
In order to determine the loss value of the API under attack of a certain alarm category, on the basis of the foregoing embodiments, in an embodiment of the present invention, the determining the loss value of the API under attack of the alarm category according to a second product of a preset importance level of the API and a preset threat level of the alarm category includes:
and determining a second product of the preset importance level of the API and the preset threat level of the alarm category, and determining the second product as a loss value of the API attacked by the alarm category.
In the embodiment of the present invention, for each detected API, when determining a loss value of the API under attack of a certain alarm category, the electronic device may determine a second product of a preset importance level of the API and a preset threat level of the alarm category, and may determine that the second product is the loss value of the API under attack of the alarm category. Therefore, the higher the importance level of the API is, the larger the loss value of the API under attack is, the higher the threat level of the alarm category is, the larger the loss value of the API under attack of the alarm category is, and therefore the loss value of the API under attack of the alarm category can be accurately determined.
When determining the loss value of the API under attack of a certain alarm category, if it is determined that the corresponding second product is the loss value of the API under attack of the alarm category, the electronic device may determine the loss value of the API under attack of the alarm category according to the following formula:
alarmlevel*assetleveli
i is the identifier of the alarm category, alarmlevel is the important level of the API, assetleveliThe threat level for the class i alert category.
In order to determine the first risk value of the API being attacked by a certain alarm category, on the basis of the foregoing embodiments, in an embodiment of the present invention, determining, by using a third preset function, the first risk value of the API being attacked by the alarm category according to the target probability value and the loss value includes:
and determining a first risk value of the API attacked by the alarm category according to a third product of the target probability value and the loss value.
For each detected API, when determining the first risk value of the API under attack of a certain alarm category, the higher the target probability value of the API under attack of the alarm category is, the larger the first risk value of the API under attack of the alarm category is, and the larger the loss value of the API under attack of the alarm category is, the larger the first risk value of the API under attack of the alarm category is. Therefore, the electronic device can obtain the target probability value of the API under the attack of the alarm category and the loss value of the API under the attack of the alarm category, and determine a third product of the target probability value and the loss value, where the larger the target probability value of the API under the attack of the alarm category, the larger the third product, and the larger the loss value of the API under the attack of the alarm category, the larger the third product, and therefore the electronic device can determine the first risk value of the API under the attack of the alarm category according to the third product. Specifically, the electronic device may determine that a product of the third product and any positive integer is a first risk value of the API under attack by the alarm category, and may also determine that a sum of the third product and any numerical value is the first risk value of the API under attack by the alarm category.
In order to determine the first risk value of the API being attacked by a certain alarm category, on the basis of the foregoing embodiments, in an embodiment of the present invention, the determining the first risk value of the API being attacked by the alarm category according to the third product of the target probability value and the loss value includes:
and determining a third product of the target probability value and the loss value, and determining the third product as a first risk value of the API attacked by the alarm category.
For each detected API, when determining the first risk value of the API under attack of a certain alarm category, the electronic device may obtain a target probability value of the API under attack of the alarm category and a loss value of the API under attack of the alarm category, and determine that a third product of the target probability value and the loss value is the first risk value of the API under attack of the alarm category. Therefore, the larger the target probability value is, the larger the first risk value of the API under the attack of the alarm category is, the larger the loss value is, the larger the first risk value of the API under the attack of the alarm category is, and thus the first risk value of the API under the attack of the alarm category can be accurately determined.
In the embodiment of the present invention, for each detected API, when determining the first risk value of the API under attack of a certain alarm category, the first risk value of the API under attack of the alarm category may be determined by the following formula:
riski=(1-er*cnti)*(alarmleveli*assetleveli)
wherein i is the identity of the alarm category, riskiFor the first risk value of the API under attack by the alarm category, 1 is a first preset value, r is a second preset value, and cnti is a target number.
Example 4:
in order to determine the target risk value of the API, on the basis of the foregoing embodiments, in an embodiment of the present invention, the determining the target risk value of the API according to the first risk value of the API under attack by each alarm type and the loss value of the API under attack by each alarm type includes:
determining a second risk value of the API attacked according to the first sum of the first risk values of the API attacked by each alarm category;
determining a target loss value attacked by the API according to the second sum of the loss values attacked by each alarm type of the API;
and determining the target risk value of the API according to the ratio of the second risk value to the target loss value.
For each detected API, when determining the risk value of the API, the higher the first risk value of the API attacked by each alarm category is, the higher the second risk value of the API attacked is, so that the electronic device may first determine the first sum of the first risk values of the API attacked by each alarm category, and determine the second risk value of the API attacked according to the first sum. Specifically, the electronic device may determine that the first sum is the second risk value of the API being attacked, and may also determine that a product of the first sum and an arbitrary positive number is the second risk value of the API being attacked.
Because the quantity of the alarm information detected to be attacked by the API with higher importance level is less, and the quantity of the alarm information detected to be attacked by the API with lower importance level is more, the target risk value of the API is determined to be inaccurate only according to the risk value of the API attacked. Therefore, in the embodiment of the present invention, for each detected API, the electronic device may obtain a second sum of loss values of the API attacked by each alarm category, and after obtaining the second sum, determine a target risk value of the API according to a ratio of the first sum to the second sum. Specifically, the electronic device may determine that the product of the ratio and the preset value is the target risk value of the API.
In order to determine the target risk value of the API, on the basis of the foregoing embodiments, in an embodiment of the present invention, the determining the target risk value of the API according to the ratio of the second risk value to the target loss value includes:
determining a ratio of the second risk value to the target loss value, and determining the ratio as a target risk value for the API.
For each detected API, when determining the target risk value of the API, the electronic device may determine a second risk value at which the API is attacked and a target loss value at which the API is attacked, and after determining the second risk value and the target loss value, may determine a ratio of the second risk value to the target loss value, which is the target risk value of the API.
For each detected API, when determining the target risk value of the API, if the electronic device determines that the ratio is the target risk value of the API, the electronic device may determine the target risk value of the API according to the following formula:
risk=∑iriski/∑i(alarmleveli*assetleveli)
where risk is the target risk value of the API, i is the identity of a certain alarm class,riskifirst risk value, alarmlevel, for the API being attacked by the class i alarm classiObtaining the importance level of the API when the API is subjected to the i-th alarm category, wherein the importance levels of the API obtained when the API is subjected to each alarm category are consistent, and the assettleiThe threat level for the category i alarm category.
Fig. 2 is a schematic diagram of a risk determination process of an API provided in an embodiment of the present invention.
As can be seen from fig. 2, the administrator pre-configures the importance levels of the APIs and the detection rules corresponding to each alarm message, stores the importance levels of the APIs in an importance level knowledge base of the APIs, stores the detection rules corresponding to each alarm message in an alarm rule base, and the electronic device periodically determines the risk according to the received alarm messages, and correspondingly determines the target risk value of each API, thereby drawing the risk curve of each API.
Example 5:
fig. 3 is a schematic structural diagram of an API risk determination apparatus according to an embodiment of the present invention, where the apparatus includes:
an obtaining module 301, configured to, if a risk determination condition is currently met, obtain each alarm message received within a preset time length before a current time according to a stored time for receiving each alarm message; acquiring the detected API carried in each alarm message;
a processing module 302, configured to obtain, for each detected API, each target alarm information carrying the API; acquiring the alarm category carried in each target alarm message; counting the target quantity of target alarm information carrying the alarm category aiming at each alarm category, and determining the target probability value of the API attacked by the alarm category according to a preset value and the target quantity by adopting a first preset function; determining the loss value of the API attacked by the alarm category according to the preset important level of the API and the threat level of the alarm category by adopting a second preset function; determining a first risk value of the API attacked by the alarm category according to the target probability value and the loss value by adopting a third preset function; and determining a target risk value of the API according to the first risk value of the API attacked by each alarm type and the loss value of the API attacked by each alarm type.
In a possible implementation manner, the obtaining module 301 is specifically configured to determine that a risk determination condition is currently met if a risk determination request is received; or if the time interval between the current time and the time of the last risk determination reaches a set time threshold, determining that the risk determination condition is currently met.
In a possible implementation manner, the processing module 302 is specifically configured to determine, according to a first product of a first preset value and the target number, a probability value that the API is not attacked by the alarm category; and determining the target probability value of the API attacked by the alarm category according to the difference value between the second preset value and the probability value.
In a possible implementation manner, the processing module 302 is specifically configured to determine a first product of a first preset value and the target quantity, and determine that a third preset value is a base number, where the first product is a numerical value of an index and is a probability value that the API is not attacked by the alarm category.
In a possible implementation manner, the processing module 302 is specifically configured to determine a loss value of the API under the attack of the alarm category according to a second product of a preset importance level of the API and a preset threat level of the alarm category.
In a possible implementation manner, the processing module 302 is specifically configured to determine a second product of the preset importance level of the API and the preset threat level of the alarm category, and determine that the second product is a loss value of the API under the attack of the alarm category.
In a possible implementation manner, the processing module 302 is specifically configured to determine, according to a third product of the target probability value and the loss value, a first risk value of the API being attacked by the alarm category.
In a possible implementation manner, the processing module 302 is specifically configured to determine a third product of the target probability value and the loss value, and determine that the third product is the first risk value of the API being attacked by the alarm category.
In a possible implementation manner, the processing module 302 is specifically configured to determine, according to a first sum of first risk values of the API attacked by each alarm category, a second risk value of the API attacked; determining a target loss value attacked by the API according to the second sum of the loss values attacked by each alarm type of the API; and determining the target risk value of the API according to the ratio of the second risk value to the target loss value.
In a possible implementation manner, the processing module 302 is specifically configured to determine a ratio of the second risk value to the target loss value, and determine that the ratio is a target risk value of the API.
Example 6:
fig. 4 is a schematic structural diagram of an electronic device provided by the present invention, and on the basis of the foregoing embodiments, an embodiment of the present invention further provides an electronic device, as shown in fig. 4, including: the system comprises a processor 401, a communication interface 402, a memory 403 and a communication bus 404, wherein the processor 401, the communication interface 402 and the memory 403 complete mutual communication through the communication bus 404;
the memory 403 has stored therein a computer program which, when executed by the processor 401, causes the processor 401 to perform the steps of:
if the current condition meets the risk determination condition, acquiring each alarm message received within a preset time length before the current time according to the stored time for receiving each alarm message; acquiring the detected API carried in each alarm message;
aiming at each detected API, acquiring each target alarm information carrying the API; acquiring the alarm category carried in each target alarm message; counting the target quantity of target alarm information carrying the alarm category aiming at each alarm category, and determining the target probability value of the API attacked by the alarm category according to a preset value and the target quantity by adopting a first preset function; determining the loss value of the API attacked by the alarm category according to the preset important level of the API and the threat level of the alarm category by adopting a second preset function; determining a first risk value of the API attacked by the alarm category according to the target probability value and the loss value by adopting a third preset function; and determining a target risk value of the API according to the first risk value of the API attacked by each alarm type and the loss value of the API attacked by each alarm type.
In one possible embodiment, the currently satisfied risk determination condition includes:
if a risk determination request is received, determining that a risk determination condition is currently met; or
And if the time interval between the current time and the time of the last risk determination reaches a set time threshold, determining that the risk determination condition is currently met.
In a possible implementation manner, the determining, by using the first preset function and according to a preset value and the target number, a target probability value of the API under the attack of the alarm category includes:
determining the probability value of the API not attacked by the alarm category according to the first product of the first preset value and the target number;
and determining the target probability value of the API attacked by the alarm category according to the difference value between the second preset value and the probability value.
In a possible implementation manner, the determining, according to a first product of a first preset value and the target number, a probability value that the API is not attacked by the alarm category includes:
and determining a first product of the first preset value and the target number, and determining a third preset value as a base number, wherein the first product is a numerical value of an index and is a probability value that the API is not attacked by the alarm type.
In a possible implementation manner, the determining, by using the second preset function, a loss value of the API attacked by the alarm category according to the preset importance level of the API and the preset threat level of the alarm category includes:
and determining the loss value of the API attacked by the alarm category according to a second product of the preset importance level of the API and the preset threat level of the alarm category.
In a possible implementation manner, the determining, according to a second product of the preset importance level of the API and the preset threat level of the alarm category, a loss value of the API under attack by the alarm category includes:
and determining a second product of the preset importance level of the API and the preset threat level of the alarm category, and determining the second product as a loss value of the API attacked by the alarm category.
In a possible implementation manner, the determining, by using a third preset function and according to the target probability value and the loss value, a first risk value of the API under the attack of the alarm category includes:
and determining a first risk value of the API attacked by the alarm category according to a third product of the target probability value and the loss value.
In a possible implementation manner, the determining, according to a third product of the target probability value and the loss value, a first risk value of the API against the attack of the alarm category includes:
and determining a third product of the target probability value and the loss value, and determining the third product as a first risk value of the API attacked by the alarm category.
In a possible implementation manner, the determining the target risk value of the API according to the first risk value of the API under attack by each alarm type and the loss value of the API under attack by each alarm type includes:
determining a second risk value of the API attacked according to the first sum of the first risk values of the API attacked by each alarm category;
determining a target loss value attacked by the API according to the second sum of the loss values attacked by each alarm type of the API;
and determining the target risk value of the API according to the ratio of the second risk value to the target loss value.
In a possible implementation, the determining a target risk value of the API according to the ratio of the second risk value to the target loss value includes:
determining a ratio of the second risk value to the target loss value, and determining the ratio as a target risk value for the API.
The communication bus mentioned in the above server may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The communication bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown, but this does not mean that there is only one bus or one type of bus.
The communication interface is used for communication between the electronic equipment and other equipment.
The Memory may include a Random Access Memory (RAM) or a Non-Volatile Memory (NVM), such as at least one disk Memory. Alternatively, the memory may be at least one memory device located remotely from the processor.
The Processor may be a general-purpose Processor, including a central processing unit, a Network Processor (NP), and the like; but may also be a Digital instruction processor (DSP), an application specific integrated circuit, a field programmable gate array or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or the like.
Example 7:
on the basis of the foregoing embodiments, an embodiment of the present invention further provides a computer-readable storage medium, in which a computer program executable by an electronic device is stored, and when the program is run on the electronic device, the electronic device is caused to execute the following steps:
the memory having stored therein a computer program that, when executed by the processor, causes the processor to perform the steps of:
if the current condition meets the risk determination condition, acquiring each alarm message received within a preset time length before the current time according to the stored time for receiving each alarm message; acquiring the detected API carried in each alarm message;
aiming at each detected API, acquiring each target alarm information carrying the API; acquiring the alarm category carried in each target alarm message; counting the target quantity of target alarm information carrying the alarm category aiming at each alarm category, and determining the target probability value of the API attacked by the alarm category according to a preset value and the target quantity by adopting a first preset function; determining the loss value of the API attacked by the alarm category according to the preset important level of the API and the threat level of the alarm category by adopting a second preset function; determining a first risk value of the API attacked by the alarm category according to the target probability value and the loss value by adopting a third preset function; and determining a target risk value of the API according to the first risk value of the API attacked by each alarm type and the loss value of the API attacked by each alarm type.
In one possible embodiment, the currently satisfied risk determination condition includes:
if a risk determination request is received, determining that a risk determination condition is currently met; or
And if the time interval between the current time and the time of the last risk determination reaches a set time threshold, determining that the risk determination condition is currently met.
In a possible implementation manner, the determining, by using the first preset function and according to a preset value and the target number, a target probability value of the API under the attack of the alarm category includes:
determining the probability value of the API not attacked by the alarm category according to the first product of the first preset value and the target number;
and determining the target probability value of the API attacked by the alarm category according to the difference value between the second preset value and the probability value.
In a possible implementation manner, the determining, according to a first product of a first preset value and the target number, a probability value that the API is not attacked by the alarm category includes:
and determining a first product of the first preset value and the target number, and determining a third preset value as a base number, wherein the first product is a numerical value of an index and is a probability value that the API is not attacked by the alarm type.
In a possible implementation manner, the determining, by using the second preset function, a loss value of the API attacked by the alarm category according to the preset importance level of the API and the preset threat level of the alarm category includes:
and determining the loss value of the API attacked by the alarm category according to a second product of the preset importance level of the API and the preset threat level of the alarm category.
In a possible implementation manner, the determining, according to a second product of the preset importance level of the API and the preset threat level of the alarm category, a loss value of the API under attack by the alarm category includes:
and determining a second product of the preset importance level of the API and the preset threat level of the alarm category, and determining the second product as a loss value of the API attacked by the alarm category.
In a possible implementation manner, the determining, by using a third preset function and according to the target probability value and the loss value, a first risk value of the API under the attack of the alarm category includes:
and determining a first risk value of the API attacked by the alarm category according to a third product of the target probability value and the loss value.
In a possible implementation manner, the determining, according to a third product of the target probability value and the loss value, a first risk value of the API against the attack of the alarm category includes:
and determining a third product of the target probability value and the loss value, and determining the third product as a first risk value of the API attacked by the alarm category.
In a possible implementation manner, the determining the target risk value of the API according to the first risk value of the API under attack by each alarm type and the loss value of the API under attack by each alarm type includes:
determining a second risk value of the API attacked according to the first sum of the first risk values of the API attacked by each alarm category;
determining a target loss value attacked by the API according to the second sum of the loss values attacked by each alarm type of the API;
and determining the target risk value of the API according to the ratio of the second risk value to the target loss value.
In a possible implementation, the determining a target risk value of the API according to the ratio of the second risk value to the target loss value includes:
determining a ratio of the second risk value to the target loss value, and determining the ratio as a target risk value for the API.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.

Claims (13)

1. A method for risk determination of an application program interface, API, the method comprising:
if the current condition meets the risk determination condition, acquiring each alarm message received within a preset time length before the current time according to the stored time for receiving each alarm message; acquiring the detected API carried in each alarm message;
aiming at each detected API, acquiring each target alarm information carrying the API; acquiring the alarm category carried in each target alarm message; counting the target quantity of target alarm information carrying the alarm category aiming at each alarm category, and determining the target probability value of the API attacked by the alarm category according to a preset value and the target quantity by adopting a first preset function; determining the loss value of the API attacked by the alarm category according to the preset important level of the API and the threat level of the alarm category by adopting a second preset function; determining a first risk value of the API attacked by the alarm category according to the target probability value and the loss value by adopting a third preset function; and determining a target risk value of the API according to the first risk value of the API attacked by each alarm type and the loss value of the API attacked by each alarm type.
2. The method of claim 1, wherein the currently meeting a risk determination condition comprises:
if a risk determination request is received, determining that a risk determination condition is currently met; or
And if the time interval between the current time and the time of the last risk determination reaches a set time threshold, determining that the risk determination condition is currently met.
3. The method of claim 1, wherein the determining, by using the first predetermined function, the target probability value of the API under the attack of the alarm type according to the predetermined value and the target number comprises:
determining the probability value of the API not attacked by the alarm category according to the first product of the first preset value and the target number;
and determining the target probability value of the API attacked by the alarm category according to the difference value between the second preset value and the probability value.
4. The method of claim 3, wherein the determining the probability value that the API is not attacked by the alarm category according to the first product of the first preset value and the target number comprises:
and determining a first product of the first preset value and the target number, and determining a third preset value as a base number, wherein the first product is a numerical value of an index and is a probability value that the API is not attacked by the alarm type.
5. The method of claim 1, wherein the determining, by using the second predetermined function, the loss value of the API under the attack of the alarm type according to the predetermined importance level of the API and the predetermined threat level of the alarm type comprises:
and determining the loss value of the API attacked by the alarm category according to a second product of the preset importance level of the API and the preset threat level of the alarm category.
6. The method of claim 5, wherein determining the loss value of the API under attack by the alarm category according to a second product of the preset importance level of the API and the preset threat level of the alarm category comprises:
and determining a second product of the preset importance level of the API and the preset threat level of the alarm category, and determining the second product as a loss value of the API attacked by the alarm category.
7. The method of claim 1, wherein the determining, by using a third preset function, the first risk value of the API being attacked by the alarm category according to the target probability value and the loss value comprises:
and determining a first risk value of the API attacked by the alarm category according to a third product of the target probability value and the loss value.
8. The method of claim 7, wherein determining the first risk value of the API for the alarm category based on the third product of the target probability value and the loss value comprises:
and determining a third product of the target probability value and the loss value, and determining the third product as a first risk value of the API attacked by the alarm category.
9. The method of claim 1, wherein determining the target risk value of the API according to the first risk value of the API under attack for each alarm type and the loss value of the API under attack for each alarm type comprises:
determining a second risk value of the API attacked according to the first sum of the first risk values of the API attacked by each alarm category;
determining a target loss value attacked by the API according to the second sum of the loss values attacked by each alarm type of the API;
and determining the target risk value of the API according to the ratio of the second risk value to the target loss value.
10. The method of claim 9, wherein determining the target risk value for the API based on the ratio of the second risk value to the target loss value comprises:
determining a ratio of the second risk value to the target loss value, and determining the ratio as a target risk value for the API.
11. An apparatus for risk determination of an API, the apparatus comprising:
the acquisition module is used for acquiring each alarm message received within a preset time length before the current time according to the stored time for receiving each alarm message if the current condition for determining the risk is met; acquiring the detected API carried in each alarm message;
the processing module is used for acquiring each target alarm information carrying the API aiming at each detected API; acquiring the alarm category carried in each target alarm message; counting the target quantity of target alarm information carrying the alarm category aiming at each alarm category, and determining the target probability value of the API attacked by the alarm category according to a preset value and the target quantity by adopting a first preset function; determining the loss value of the API attacked by the alarm category according to the preset important level of the API and the threat level of the alarm category by adopting a second preset function; determining a first risk value of the API attacked by the alarm category according to the target probability value and the loss value by adopting a third preset function; and determining a target risk value of the API according to the first risk value of the API attacked by each alarm type and the loss value of the API attacked by each alarm type.
12. An electronic device, characterized in that the electronic device comprises at least a processor and a memory, the processor being adapted to perform the steps of the risk determination method of the API of any of claims 1-10 when executing a computer program stored in the memory.
13. A computer-readable storage medium, characterized in that it stores a computer program which, when being executed by a processor, carries out the steps of the risk determination method of the API of any one of claims 1-10.
CN202111619481.0A 2021-12-27 2021-12-27 API risk determination method, device, equipment and medium Pending CN114218577A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111619481.0A CN114218577A (en) 2021-12-27 2021-12-27 API risk determination method, device, equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111619481.0A CN114218577A (en) 2021-12-27 2021-12-27 API risk determination method, device, equipment and medium

Publications (1)

Publication Number Publication Date
CN114218577A true CN114218577A (en) 2022-03-22

Family

ID=80706286

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111619481.0A Pending CN114218577A (en) 2021-12-27 2021-12-27 API risk determination method, device, equipment and medium

Country Status (1)

Country Link
CN (1) CN114218577A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114884801A (en) * 2022-06-09 2022-08-09 奇安信科技集团股份有限公司 Alarm method, alarm device, electronic equipment and storage medium
CN117972724A (en) * 2024-02-22 2024-05-03 北京天融信网络安全技术有限公司 API asset security management method and system, electronic equipment and storage medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114884801A (en) * 2022-06-09 2022-08-09 奇安信科技集团股份有限公司 Alarm method, alarm device, electronic equipment and storage medium
CN117972724A (en) * 2024-02-22 2024-05-03 北京天融信网络安全技术有限公司 API asset security management method and system, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
CN104539514B (en) Information filtering method and device
CN110830986B (en) Method, device, equipment and storage medium for detecting abnormal behavior of Internet of things card
CN109698809B (en) Method and device for identifying abnormal login of account
CN110417778B (en) Access request processing method and device
CN114218577A (en) API risk determination method, device, equipment and medium
US8984151B1 (en) Content developer abuse detection
CN109495467B (en) Method and device for updating interception rule and computer readable storage medium
CN107682345B (en) IP address detection method and device and electronic equipment
CN110798488B (en) Web application attack detection method
CN104980402B (en) Method and device for identifying malicious operation
KR102230441B1 (en) Method, Device and program for generating security action report based on the results of the security vulnerability assessment
US20180181871A1 (en) Apparatus and method for detecting abnormal event using statistics
CN106998336B (en) Method and device for detecting user in channel
CN113591068A (en) Online login equipment management method and device and electronic equipment
CN110796053B (en) Video detection method and device, electronic equipment and computer readable storage medium
CN103559438A (en) Progress identification method and progress identification system
US10984105B2 (en) Using a machine learning model in quantized steps for malware detection
CN110569509A (en) risk group identification method and device
CN111131166B (en) User behavior prejudging method and related equipment
CN110768865B (en) Deep packet inspection engine activation method and device and electronic equipment
CN112583789A (en) Method, device and equipment for determining illegally logged-in login interface
CN116846644A (en) Unauthorized access detection method and device
CN114095936A (en) Short message verification code request method, attack defense method, device, medium and equipment
CN105701684B (en) Data processing method and device
CN110933068A (en) Black and white list real-time optimization method and device, server and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination