CN116668157A - API interface identification processing method, device and medium based on zero trust gateway log - Google Patents
API interface identification processing method, device and medium based on zero trust gateway log Download PDFInfo
- Publication number
- CN116668157A CN116668157A CN202310744351.2A CN202310744351A CN116668157A CN 116668157 A CN116668157 A CN 116668157A CN 202310744351 A CN202310744351 A CN 202310744351A CN 116668157 A CN116668157 A CN 116668157A
- Authority
- CN
- China
- Prior art keywords
- same level
- nodes
- application
- url
- zero trust
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 15
- 238000012545 processing Methods 0.000 claims abstract description 37
- 238000000034 method Methods 0.000 claims abstract description 33
- 238000010276 construction Methods 0.000 claims description 2
- 230000009286 beneficial effect Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 238000005206 flow analysis Methods 0.000 description 3
- 239000008186 active pharmaceutical agent Substances 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 239000008358 core component Substances 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the application relates to the technical field of network security, and provides a processing method and a processing device of an API (application program interface) based on a zero trust gateway log, wherein the method comprises the following steps: acquiring a zero trust gateway log, and grouping the zero trust gateway log according to different application types; acquiring a path url of the zero trust gateway log generated by accessing the application according to the grouped zero trust gateway log, and processing the path url; dividing the processed path to determine the number of stages of the path url, and constructing different multi-branch trees according to the number of stages of the path url; judging whether merging is needed for each node of the multi-way tree with the same level; after the nodes to be combined of the whole multi-way tree are combined, traversing the multi-way tree to obtain all interface paths url for accessing the application. The application is based on the access log of the zero trust application gateway, can automatically combine interfaces containing dynamic parameters, and greatly improves the accuracy of the identification of the interfaces.
Description
Technical Field
The embodiments of the application belong to the technical field of network security, and particularly relate to an API interface identification processing method, device and medium based on a zero trust gateway log.
Background
An API (Application Programming Interface: application program interface) is a set of conventions that define how specific software components or web services are programmatically accessed, allowing interactions and data transfers between different applications, making communication between software components and services more convenient and reliable.
Most of the existing API interface identification is identified by a flow analysis method, and the flow analysis method has the following disadvantages:
the method for analyzing the flow can identify the API of the application outside the enterprise, so that the application interface inside the enterprise is difficult to screen out;
it is difficult to handle encrypted traffic: if SSL or other encryption is used for the communication, it may become difficult or impossible to identify the API request by parsing the network traffic. This is because the encryption data requires a key that is kept secret, so decryption is typically only possible locally at the server and client.
May have an impact on performance: resolving network traffic requires taking up certain system resources and thus may affect the performance of the system. This may become more pronounced especially under high load conditions. Furthermore, the process of collecting and parsing traffic can also become very time consuming and complex for large, complex API interfaces.
It is difficult to handle new API interfaces and changes: if an API interface changes, then the rules and algorithms for the API interface signature may need to be reconfigured. In addition, if a new API interface is added, it takes time to parse its traffic pattern and update the rule. For large systems, this process can be very cumbersome.
Potential safety hazard: since identifying APIs by parsing network traffic may involve personal privacy, sensitive information, etc., security needs to be noted. If an attacker were able to intercept network traffic, they might gain access to the API. Furthermore, for those APIs that are not encrypted, an attacker may also easily view or modify the data.
In the prior art, in the identification of the API interface, a method of a single threshold value is adopted for most of the interface URLs containing dynamic parameters, so that paths accessing the API interface containing the dynamic parameters cannot be accurately identified.
Content of the application
Aiming at the defects in the prior art, the application provides an API interface identification processing method, an API interface identification processing device and a storage medium based on a zero trust gateway log.
In a first aspect, an embodiment of the present application provides an API interface identifying and processing method based on a zero trust gateway log, where the method includes:
acquiring a zero trust gateway log, and grouping the zero trust gateway log according to different application types;
acquiring a path url of the zero trust gateway log generated by accessing the application according to the grouped zero trust gateway log, and processing the path url;
dividing the processed path to determine the number of stages of the path url, and constructing different multi-branch trees according to the number of stages of the path url;
judging whether merging is needed for each node of the multi-way tree with the same level; the method comprises the steps of carrying out a first treatment on the surface of the
After the nodes to be combined of the whole multi-way tree are combined, traversing the multi-way tree to obtain all interface paths url for accessing the application.
As a preferred embodiment of the present application, before the obtaining the zero trust gateway log and grouping the zero trust gateway log according to different application types, the method includes:
and accessing the application to be accessed to a zero trust gateway so as to acquire a zero trust gateway log of the application through the zero trust gateway when the application is accessed.
As a preferred embodiment of the present application, the obtaining a path url of the zero trust gateway log generated by accessing the application, and processing the path url includes:
acquiring a path url of an access application;
is it in the path url of the access application? Removing the parameters at the back;
and taking the path url of the access application after the parameters are removed as a unique identifier of the access application interface.
As a preferred embodiment of the present application, the dividing the processed path to determine the number of stages of the path url, and constructing different multi-tree according to the number of stages of the path url includes:
dividing each node of the path url of the access application of which the parameters are removed by "/";
constructing a primary multi-way tree according to the parent-child relationship of each level by using the paths url of the access application with the same level;
and merging the same father node with the same name into a node, wherein the top node of each multi-fork number is represented by "/" to obtain a final multi-fork tree.
As a preferred embodiment of the present application, the processing each node of the multi-tree having the same level to determine whether the node having the same level of the multi-tree having the same level needs to be combined, includes:
acquiring multi-way trees with the same level;
processing whether the nodes of the same level of the multi-way tree with the same level comprise dynamic parameters or not;
if so, determining whether the nodes with the same level of the multi-way tree with the same level are required to be combined according to a preset rule.
As a preferred embodiment of the present application, the processing whether the nodes of the same level of the multi-way tree having the same level includes dynamic parameters includes:
acquiring nodes of the same level of the multi-way tree with the same level;
determining whether the nodes of the same level comprise any one of numbers, character strings of the beginning of the numbers, uuid, MD5, random character strings and character strings representing user names or unobvious characteristics;
if yes, the nodes of the same level of the multi-way tree with the same level are processed to comprise dynamic parameters.
As a preferred embodiment of the present application, if so, determining whether to perform merging processing on nodes of the same level of the multi-way tree with the same level according to a preset rule includes:
if the dynamic parameters in the nodes of the same level are numbers, character strings at the beginning of the numbers, uuid and MD5, combining the nodes of the same level into the same node, and replacing the combined nodes by a first preset character;
if the dynamic parameters in the nodes of the same level are random character strings, determining the number of paths url of the access application of the random character strings included in the nodes of the same level, and if the number of paths url of the access application of the random character strings included in the nodes of the same level is larger than a preset threshold, merging the nodes of the same level into the same node, and replacing the merged nodes by a second preset character;
if the dynamic parameters in the nodes of the same level are character strings representing the non-obvious user names or the non-obvious characteristics, determining that the nodes of the same level comprise the number of paths url of the access application representing the character strings representing the non-obvious user names or the non-obvious characteristics, if the number of the paths url of the access application of the nodes of the same level comprise the character strings representing the non-obvious user names or the non-obvious characteristics is larger than a preset threshold, merging the nodes of the same level into the same node, and replacing the merged nodes with a third preset character.
As a preferred embodiment of the present application, before determining the number of paths url of the access application where the node of the same level includes a random string, the method includes:
whether the nodes in the multi-way tree are random character strings or not is judged through a hidden Markov random character string algorithm.
Compared with the prior art, the method for processing the API interface based on the zero trust gateway log provided by the embodiment of the application comprises the following steps: acquiring a zero trust gateway log, and grouping the zero trust gateway log according to different application types; acquiring a path url of the zero trust gateway log generated by accessing the application, and processing the path url; dividing the processed path to determine the number of stages of the path url, and constructing different multi-branch trees according to the number of stages of the path url; judging whether merging is needed for each node of the multi-way tree with the same level; after the nodes to be combined of the whole multi-way tree are combined, traversing the multi-way tree to obtain all interface paths url for accessing the application. The application is based on the access log of the zero trust application gateway, can automatically combine and merge interfaces containing dynamic parameters, and greatly improves the accuracy of the identification of the interfaces.
In a second aspect, an embodiment of the present application provides an API interface identifying and processing device based on a zero trust gateway log, where the device includes:
the first acquisition module is used for acquiring the zero trust gateway logs and grouping the zero trust gateway logs according to different application types;
the second acquisition module is used for acquiring a path url of the zero trust gateway log generated by accessing the application according to the grouped zero trust gateway log and processing the path url;
the construction module is used for dividing the processed path to determine the number of stages of the path url, and constructing different multi-way trees according to the number of stages of the path url;
the processing module is used for judging whether the nodes of the multi-way tree with the same level are needed to be combined or not;
and the traversing module is used for traversing the multi-way tree after the nodes needing to be combined of the whole multi-way tree are combined, and acquiring all interface paths url for accessing the application.
Compared with the prior art, the beneficial effects of the processing device of the API interface based on the zero-trust gateway log provided by the embodiment of the application are the same as those provided by the first aspect, and are not repeated here.
In a third aspect, an embodiment of the present application provides a storage medium storing a code program for performing the method for zero trust gateway log based API interface processing according to any one of the first aspects.
Compared with the prior art, the beneficial effects of the storage medium provided by the embodiment of the application are the same as those provided by the first aspect, and are not repeated here.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute a limitation on the application. Some specific embodiments of the application will be described in detail hereinafter by way of example and not by way of limitation with reference to the accompanying drawings. The same reference numbers in the drawings denote the same or similar parts or portions, and it will be understood by those skilled in the art that the drawings are not necessarily drawn to scale, in which:
fig. 1 is a flow diagram of an API interface identification processing method based on a zero trust gateway log according to an embodiment of the present application;
FIG. 2 is a schematic diagram of a constructed 5-level multi-drop tree provided by an embodiment of the present application;
FIG. 3 is a schematic diagram of a constructed 6-level multi-drop tree provided by an embodiment of the present application;
FIG. 4 is a 6-level multi-way tree with dynamic parameters constructed as provided by an embodiment of the present application;
fig. 5 is a schematic structural diagram of an API interface identifying and processing device based on a zero trust gateway log according to an embodiment of the present application.
Detailed Description
In order to enable those skilled in the art to better understand the present application, the following description will make clear and complete descriptions of the technical solutions according to the embodiments of the present application with reference to the accompanying drawings. It will be apparent that the described embodiments are merely some, but not all embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present application without making any inventive effort, shall fall within the scope of the present application.
A zero trust application gateway (zerotrust) is a security architecture that protects enterprise networks and applications from external attacks. It is one of the core components of the zero trust security model, aimed at achieving secure access and control. The application accessing the gateway, the user will be proxied by the gateway when accessing the application.
After the application of the enterprise is accessed to the zero-trust application gateway, the user accesses the application through the zero-trust application gateway, and the zero-trust application gateway records the relevant information of the access request and the response, wherein the relevant information of the access request and the response is the zero-trust application layer gateway access log.
In a first aspect, as shown in fig. 1, an embodiment of the present application provides an API interface identifying and processing method based on a zero trust gateway log, where the method includes:
step S01, acquiring a zero trust gateway log, and grouping the zero trust gateway log according to different application types;
it should be noted that, the timing task queries the zero trust gateway log generated when the user accesses the application within the preset time period, and groups the zero trust gateway log according to different applications, for example, the enterprise includes application 1: a financial management system; application 2: the project management system passes through the zero trust gateway when staff of a company accesses the financial management system or the project management system, the zero trust gateway can record zero trust gateway logs generated when the staff accesses the application, and the system groups the zero trust gateway logs generated when the staff accesses different applications.
Step S02, obtaining a path url of the zero trust gateway log generated by accessing the application according to the grouped zero trust gateway log, and processing the path url;
it should be noted that, the path url of the zero trust gateway log generated by the application is obtained according to the zero trust gateway log after grouping, where url is a representation method used for specifying the information location on the web service program of the internet.
The obtaining the path url of the zero trust gateway log generated by accessing the application and processing the path url includes:
acquiring a path url of an access application;
is the path url of the access application? Removing the parameters at the back;
and taking the path url of the access application after the parameters are removed as a unique identifier of the access application interface. Note that, for example, the path of the access application is/url/ztppmanger/testname= lfs & age=18, where "? "after" is a parameter, and "when the path url is processed,? And the 'after parameter', taking the path url of the access application after the parameter is removed as the unique identification of the access application interface.
Step S03, dividing the processed path to determine the number of stages of the path url, and constructing different multi-way trees according to the number of stages of the path url;
the dividing the processed path to determine the number of stages of the path url, and constructing different multi-way trees according to the number of stages of the path url, including:
dividing each node of the path url of the access application of which the parameters are removed by "/";
constructing a primary multi-way tree according to the parent-child relationship of each level by using the paths url of the access application with the same level;
and merging the same father node with the same name into a node, wherein the top node of each multi-fork number is represented by "/" to obtain a final multi-fork tree.
As shown in fig. 2, fig. 2 is a 5-level multi-tree structure, as shown in fig. 3, and fig. 3 is a 6-level multi-tree structure.
Step S04, determining whether merging is needed for each node of the multi-tree with the same level, including:
acquiring multi-way trees with the same level;
processing whether the nodes of the same level of the multi-way tree with the same level comprise dynamic parameters or not;
if so, determining whether the nodes with the same level of the multi-way tree with the same level are required to be combined according to a preset rule.
The processing whether the nodes of the same level of the multi-way tree with the same level comprise dynamic parameters comprises the following steps:
acquiring nodes of the same level of the multi-way tree with the same level;
determining whether the nodes of the same level comprise any one of numbers, character strings of the beginning of the numbers, uuid, MD5, random character strings and character strings representing user names or unobvious characteristics;
if yes, the nodes of the same level of the multi-way tree with the same level are processed to comprise dynamic parameters.
If the dynamic parameters in the nodes of the same level are numbers, character strings at the beginning of the numbers, uuid and MD5, combining the nodes of the same level into the same node, and replacing the combined nodes by a first preset character; the nodes 3 of the same level are all numbers, such as/ztpmannger/getUserInfo/1,/ztpmannger/getUserInfo/2,/ztpmannger/getUserInfo/3, and the nodes of the same level are combined to be the same node { x }, and the obtained path url of the access application is/ztpmannger/getUserInfo/{ x }, which is the dynamic feature matching method identification processing API interface.
If the dynamic parameters in the nodes of the same level are random character strings, determining the number of paths url of the access application of the random character strings included in the nodes of the same level, and if the number of paths url of the access application of the random character strings included in the nodes of the same level is larger than a preset threshold, merging the nodes of the same level into the same node, and replacing the merged nodes by a second preset character; the 3 rd level of the path url of the access application is a random character string, which is as follows: the method comprises the steps of carrying out merging processing on nodes of the same level into the same node if the number of paths url of access application of random character strings exceeds a preset threshold value of 5, and replacing the merged node by a second preset character, wherein the second preset character can be arbitrarily defined. The path url of the access application after merging is/ztpmannger/getUserInfo/{ x }, and this embodiment is a dynamic feature matching method and a hidden Markov random string algorithm decision method for structural identification API interface.
Before determining the number of paths url of the access application of which the nodes of the same level include random strings, the method includes:
whether the nodes in the multi-way tree are random character strings or not is judged through a hidden Markov random character string algorithm. The hidden markov random string algorithm is the prior art, and is not described herein.
If the dynamic parameters in the nodes of the same level are character strings representing the non-obvious user names or the non-obvious characteristics, determining that the nodes of the same level comprise the number of paths url of the access application representing the character strings representing the non-obvious user names or the non-obvious characteristics, if the number of the paths url of the access application of the nodes of the same level comprise the character strings representing the non-obvious user names or the non-obvious characteristics is larger than a preset threshold, merging the nodes of the same level into the same node, replacing the merged nodes with a third preset character, and the second preset character can be defined arbitrarily. The path url of the access application is/ztpmannger/getUserInfo/zhangsan,/ztpmannger/getUserInfo/wangwu, the number of different values of the current edge two stages is/ztpmannger/getUserInfo/3 rd node exceeds a large threshold (default is 100), merging is carried out to form the same node, and the path url of the merged access application is/ztpmannger/getUserInfo/{ }, and the embodiment is the API interface identified by the size threshold judgment method.
And step S05, after the nodes to be combined of the whole multi-way tree are combined, traversing the multi-way tree to obtain all interface paths url for accessing the application.
It should be noted that, through step S05, all interface paths under the application may be obtained.
The embodiment of the application can eliminate useless flow analysis, improve the efficiency of API interface identification and accurately identify the API interface of the enterprise internal application based on the zero trust application gateway identification API interface; the RESTful interface containing dynamic parameters adopts a method combining a dynamic feature matching method, a hidden Markov random string algorithm judging method and a size threshold value, and the recognition accuracy is improved by more than 90% compared with the traditional method adopting a single threshold value.
In a second aspect, as shown in fig. 5, an embodiment of the present application provides a processing apparatus of an API interface based on a zero trust gateway log, the apparatus includes:
a first obtaining module 21, configured to obtain a zero trust gateway log, and group the zero trust gateway log according to different application types;
a second obtaining module 22, configured to obtain, according to the grouped zero trust gateway log, a path url of the zero trust gateway log generated by accessing the application, and process the path url;
a constructing module 23, configured to divide the processed path to determine the number of stages of the path url, and construct different multi-tree according to the number of stages of the path url;
a processing module 24, configured to determine, for each node having the same level of the multi-way tree, whether merging is required; the method comprises the steps of carrying out a first treatment on the surface of the
And the traversing module 25 is configured to traverse the multi-way tree after performing merging processing on nodes to be merged of the entire multi-way tree, and obtain all interface paths url for accessing the application.
Compared with the prior art, the beneficial effects of the processing device of the API interface based on the zero-trust gateway log provided by the embodiment of the application are the same as those provided by the first aspect, and are not repeated here.
In a third aspect, an embodiment of the present application provides a storage medium storing a code program for performing the method for zero trust gateway log based API interface processing according to any one of the first aspects.
Compared with the prior art, the beneficial effects of the storage medium provided by the embodiment of the application are the same as those provided by the first aspect, and are not repeated here.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present application, and not for limiting the same; although the application has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the application.
Claims (10)
1. An API interface identification processing method based on zero trust gateway log is characterized in that the method comprises the following steps:
acquiring a zero trust gateway log, and grouping the zero trust gateway log according to different application types;
acquiring a path url of the zero trust gateway log generated by accessing the application according to the grouped zero trust gateway log, and processing the path url;
dividing the processed path to determine the number of stages of the path url, and constructing different multi-branch trees according to the number of stages of the path url;
judging whether merging is needed for each node of the multi-way tree with the same level;
after the nodes to be combined of the whole multi-way tree are combined, traversing the multi-way tree to obtain all interface paths url for accessing the application.
2. The API interface identification processing method as claimed in claim 1, wherein before said obtaining the zero trust gateway log and grouping the zero trust gateway log according to different application types, the method comprises:
and accessing the application to be accessed to a zero trust gateway so as to acquire a zero trust gateway log of the application through the zero trust gateway when the application is accessed.
3. The API interface identification processing method as claimed in claim 1, wherein said obtaining a path url of said zero trust gateway log generated by accessing said application and processing said path url comprises:
acquiring a path url of an access application;
is it in the path url of the access application? Removing parameters at the back of the number;
and taking the path url of the access application after the parameters are removed as a unique identifier of the access application interface.
4. The API interface identification processing method as claimed in claim 1, wherein said dividing the processed path to determine the number of stages of the path url, constructing different multi-way trees according to the number of stages of the path url, comprises:
dividing each node of the path url of the access application of which the parameters are removed by "/";
constructing a primary multi-way tree according to the parent-child relationship of each level by using the paths url of the access application with the same level;
and merging the same father node with the same name into a node, wherein the top node of each multi-fork number is represented by "/" to obtain a final multi-fork tree.
5. The API interface identification processing method as claimed in claim 1, wherein said determining whether merging is required for each node having the same level of multi-way tree comprises:
acquiring multi-way trees with the same level;
judging whether the nodes of the same level of the multi-way tree with the same level number comprise dynamic parameters or not;
if so, determining whether the nodes with the same level of the multi-way tree with the same level are required to be combined according to a preset rule.
6. The method for processing API interface identification based on zero trust gateway log according to claim 5, wherein said processing whether nodes of a same level of said multi-way tree having a same level comprises dynamic parameters comprises:
acquiring nodes of the same level of the multi-way tree with the same level;
determining whether the nodes of the same level comprise any one of numbers, character strings of the beginning of the numbers, uuid, MD5, random character strings and character strings representing user names or unobvious characteristics;
if yes, the nodes of the same level of the multi-way tree with the same level are processed to comprise dynamic parameters.
7. The method for identifying and processing the API interface based on the zero-trust gateway log according to claim 6, wherein if yes, determining whether to perform merging processing on nodes of the same level of the multi-way tree with the same level according to a preset rule comprises:
if the dynamic parameters in the nodes of the same level are numbers, character strings at the beginning of the numbers, uuid and MD5, combining the nodes of the same level into the same node, and replacing the combined nodes by a first preset character;
if the dynamic parameters in the nodes of the same level are random character strings, determining the number of paths url of the access application of the random character strings included in the nodes of the same level, and if the number of paths url of the access application of the random character strings included in the nodes of the same level is larger than a preset threshold, merging the nodes of the same level into the same node, and replacing the merged nodes by a second preset character;
if the dynamic parameters in the nodes of the same level are character strings representing the non-obvious user names or the non-obvious characteristics, determining that the nodes of the same level comprise the number of paths url of the access application representing the character strings representing the non-obvious user names or the non-obvious characteristics, if the number of the paths url of the access application of the nodes of the same level comprise the character strings representing the non-obvious user names or the non-obvious characteristics is larger than a preset threshold, merging the nodes of the same level into the same node, and replacing the merged nodes with a third preset character.
8. The API interface identification processing method as claimed in claim 7, wherein said determining the number of paths url of said access application including random character strings in said node of the same level includes:
whether the nodes in the multi-way tree are random character strings or not is judged through a hidden Markov random character string algorithm.
9. An API interface identification processing device based on a zero trust gateway log, the device comprising:
the first acquisition module is used for acquiring the zero trust gateway logs and grouping the zero trust gateway logs according to different application types;
the second acquisition module is used for acquiring a path url of the zero trust gateway log generated by accessing the application according to the grouped zero trust gateway log and processing the path url;
the construction module is used for dividing the processed path to determine the number of stages of the path url, and constructing different multi-way trees according to the number of stages of the path url;
the processing module is used for judging whether the nodes of the multi-way tree with the same level are needed to be combined or not; the method comprises the steps of carrying out a first treatment on the surface of the
And the traversing module is used for traversing the multi-way tree after the nodes needing to be combined of the whole multi-way tree are combined, and acquiring all interface paths url for accessing the application.
10. A storage medium storing a program for executing the zero-trust gateway log-based API interface identification processing method according to any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310744351.2A CN116668157A (en) | 2023-06-21 | 2023-06-21 | API interface identification processing method, device and medium based on zero trust gateway log |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310744351.2A CN116668157A (en) | 2023-06-21 | 2023-06-21 | API interface identification processing method, device and medium based on zero trust gateway log |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116668157A true CN116668157A (en) | 2023-08-29 |
Family
ID=87722370
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310744351.2A Pending CN116668157A (en) | 2023-06-21 | 2023-06-21 | API interface identification processing method, device and medium based on zero trust gateway log |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116668157A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117150493A (en) * | 2023-09-26 | 2023-12-01 | 中电云计算技术有限公司 | Method and device for identifying API (application program interface) parameter value increment type traversal |
-
2023
- 2023-06-21 CN CN202310744351.2A patent/CN116668157A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117150493A (en) * | 2023-09-26 | 2023-12-01 | 中电云计算技术有限公司 | Method and device for identifying API (application program interface) parameter value increment type traversal |
| CN117150493B (en) * | 2023-09-26 | 2024-07-09 | 中电云计算技术有限公司 | Method and device for identifying API (application program interface) parameter value increment type traversal |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110602029B (en) | Method and system for identifying network attack | |
| CN112468520B (en) | Data detection method, device and equipment and readable storage medium | |
| CN113242236B (en) | Method for constructing network entity threat map | |
| CN111488594B (en) | Permission checking method and device based on cloud server, storage medium and terminal | |
| CN111104579A (en) | Identification method and device for public network assets and storage medium | |
| CN113179271A (en) | Intranet security policy detection method and device | |
| CN116668157A (en) | API interface identification processing method, device and medium based on zero trust gateway log | |
| CN114915479A (en) | Web attack phase analysis method and system based on Web log | |
| WO2022069955A1 (en) | Optimizing scraping requests through browsing profiles | |
| CN114817974A (en) | Dynamic data desensitization method and system, and data security processing method and system | |
| CN114356989A (en) | Audit abnormal data detection method and device | |
| CN111107101A (en) | Firewall system and method for multi-dimensional filtering request of nginx | |
| CN112822121A (en) | Traffic identification method, traffic determination method and knowledge graph establishment method | |
| CN112632044A (en) | Database security audit method | |
| CN117254983A (en) | Method, device, equipment and storage medium for detecting fraud-related websites | |
| CN111901199A (en) | Mass data-based quick early warning matching implementation method | |
| CN111885088A (en) | Log monitoring method and device based on block chain | |
| CN106919844A (en) | A kind of android system vulnerability of application program detection method | |
| CN113839940B (en) | URL pattern tree-based defense method, device, electronic equipment and readable storage medium | |
| CN115392238A (en) | Equipment identification method, device, equipment and readable storage medium | |
| CN110336777B (en) | Communication interface acquisition method and device for android application | |
| CN112948874B (en) | Secret state data access method | |
| CN116488947B (en) | Security element treatment method | |
| US11997110B2 (en) | Tree-based learning of application programming interface specification | |
| KR102617515B1 (en) | Method and device for blocking illegal and harmful information sites using favicon |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |