CN106778250A - The method whether determining interface is illegally called - Google Patents
The method whether determining interface is illegally called Download PDFInfo
- Publication number
- CN106778250A CN106778250A CN201611165613.6A CN201611165613A CN106778250A CN 106778250 A CN106778250 A CN 106778250A CN 201611165613 A CN201611165613 A CN 201611165613A CN 106778250 A CN106778250 A CN 106778250A
- Authority
- CN
- China
- Prior art keywords
- interface
- user
- chain
- node
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/54—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2117—User registration
Abstract
The present invention relates to internet interaction technique, a kind of method whether determining interface is illegally called is disclosed, prevent interface from being called by illegal, malice.The present invention includes:User specifies the accessed node of ground root ranks to enter system by one, and into after system, user calls any one interface by backstage record as user's accessed node, and records in internal memory;When user calls certain interface, all preposition accessed nodes of the accessed node of current calling interface and the node are constituted a user and access chain by system;System reads the Lawful access chain of the interface from internal memory, and Lawful access chain is accessed into chain with user compares, and calls legal once comparing and successfully think this time, and provides interface resource.The present invention is applied to interface management.
Description
Technical field
The present invention relates to internet interaction technique, the method that more particularly to whether determining interface is illegally called.
Background technology
The use of interface includes two types:1. non-open type interface (i.e. with checking interface, such as:Band identifying code
Login interface/need the token interfaces of checking are provided) .2. open interfaces are (such as:Identifying code is sent to mobile phone) opens non-
When calling of formula interface is put, user have submitted the checking information of oneself so as to obtain the access of system and call authority, relatively
Safer is in non-open type interface interchange due to not needing preposition user profile, it is possible to cause user to use work
The high frequency that tool is not limited is called so as to cause system under attack.
The content of the invention
The technical problem to be solved in the present invention is:A kind of method whether determining interface is illegally called is provided, prevents from connecing
Mouth is called by illegal, malice.
To solve the above problems, the technical solution adopted by the present invention is:The method whether determining interface is illegally called, bag
Include step:For each interface sets its Lawful access chain, and it is maintained in internal memory;
User specifies the accessed node of ground root ranks to enter system by one, and into after system, user calls and appoints
One interface of meaning all turns into user's accessed node by backstage record, and records in internal memory;
When user calls certain interface, system is by the accessed node of current calling interface and all preposition visits of the node
Ask that node constitutes a user and accesses chain;
System reads the Lawful access chain of the interface from internal memory, and Lawful access chain is compared with user's access chain, one
Denier compares and successfully think this time and call legal, and provides interface resource.
Further, before Lawful access chain and user's access chain is compared, also need that user is accessed chain and used to optimize
Algorithm is optimized.
Specifically, the optimized algorithm merges algorithm for index.
Further, LRU internal memories are saved as in described, system will meet user's accessed node of LRU replacement condition in internal memory
It is saved into database.
The beneficial effects of the invention are as follows:By the present invention in that judging user with preposition access control and Lawful access chain
Whether malice calling interface, such that it is able to effectively prevent interface resource from being illegally occupied.
Brief description of the drawings
Fig. 1 is system structure diagram.
Specific embodiment
In order that the object, technical solutions and advantages of the present invention are clearer, implementation steps of the present invention are carried out below
It is further to describe in detail.
The present invention judged using preposition access control and Lawful access chain user whether malice calling interface.
1st, preposition access control is meant that, we are contemplated that and such as send identifying code to mobile phone this interface (hereafter
In use " obtain identifying code interface " state this concept), it is not necessary to the information of user is also impossible to obtain the information of user
(in such as register flow path, first send identifying code and ask registration again, anyone any instrument can call this interface to complete hair
Sending the function of identifying code) at this moment registration interface sends identifying code this interface as front interface and there is provided checking to due to having
The such a control field of code just can be avoided effectively by malicious registration, and obtains identifying code interface due to without preposition access
Interface is difficult to be limited so malicious requests cannot be avoided to send identifying code and this malicious access under certain technological means
E.g., system, such as instrument (calling once with regard to the replacement request ip and phone number) in high frequency replacement request source
2nd, the setting of Lawful access chain.We be contemplated that an interface interchange flow we with a registration for website
As a example by flow, its access order is:The Index pages (guide page or homepage)->Enrollment page->Call request identifying code interface->
Using identifying code call registration interface this order in it may be seen that, before call request identifying code interface at least
There are 2 preposition access control units (accessing the Index pages, access enrollment page), but we can not be simply considered that user
Operation be exactly such single structure, such as user operation can also be order like below:The Index page (guide pages
Or homepage)->The partial content page->The help pages->Enrollment page->Call request identifying code interface->Called using identifying code
Registration interface, in such order, Lawful access chain therein is:The Index pages (guide page or homepage)->(other)->
Enrollment page->Call request identifying code interface, i.e., with the Index pages (guide page or homepage) access start, with enrollment page->
The call request identifying code continuous hitless operation of interface two such constitutes a complete Lawful access chain and can constitute this
The premise of one Lawful access of sample is that user interface request each time has all been recorded in server end and forms user and visits
Ask chain (user's footprint)
3rd, the description of embodiment
Concrete thought is as follows:
1) for each interface sets its Lawful access chain, and it is maintained in internal memory.
2) system must have root chain node of the unified entrance as Lawful access chain.User passes through the root ranks
Accessed node enter system, into after system, user call any one interface all by backstage record turn into a user
Accessed node, and record in internal memory.Wherein, LRU internal memories are inside saved as, LRU internal memories can operationally be put LRU is met in internal memory
The user's accessed node for changing condition is saved into database, can be used as the data source of subsequent user behavioural analysis.
3) when user calls certain interface, system obtains all of preposition accessed node of the node, and will currently call
The accessed node of interface and all preposition accessed nodes of the node constitute a user and access chain (user's footprint), while using
Index merges algorithm and merges identical user footprint point (user accesses chain node) memory optimization storage.Because the operation of user can
Can have it is many repeat, the part that these are repeated we only need in fact the operating frequency of user/number of times record without
Want its specific operation.
4) system reads the Lawful access chain of the interface from internal memory, and Lawful access chain is compared with user's access chain,
Call legal once comparing and successfully think this time, and provide interface resource, user can call the resource of the interface.
Embodiment
Below by taking certain interface calling procedure as an example, it is specifically described.
A. user initiates interface interchange;
B. current interface is called record access node by system;
C. this accessed node is stored in LRU internal memories, so as to update or create the user's accessed node in LRU internal memories;
At the same time, system obtains all preposition accessed node of accessed node, and by the accessed node of current calling interface and is somebody's turn to do
The all preposition accessed nodes of node constitute a user and access chain;
D. system reads the Lawful access chain of the interface from internal memory, and Lawful access chain is compared with user's access chain,
Call legal once comparing and successfully think this time, and provide interface resource, if it is considered to being illegal, then do abnormality processing.
General principle of the invention and main feature are the foregoing described, the description of specification is explanation original of the invention
Reason, without departing from the spirit and scope of the present invention, various changes and modifications of the present invention are possible, these changes and improvements
All fall within the protetion scope of the claimed invention.
Claims (4)
1. the method that whether determining interface is illegally called, it is characterised in that including step:
For each interface sets its Lawful access chain, and it is maintained in internal memory;
User specifies the accessed node of ground root ranks to enter system by one, and into after system, user calls any one
Individual interface all turns into user's accessed node by backstage record, and records in internal memory;
When user calls certain interface, system saves all preposition access of the accessed node of current calling interface and the node
Point constitutes a user and accesses chain;
System reads the Lawful access chain of the interface from internal memory, and Lawful access chain is compared with user's access chain, once than
To successfully thinking that this time is called legal, and interface resource is provided.
2. the method that whether determining interface according to claim 1 is illegally called, it is characterised in that to Lawful access
Before chain is compared with user's access chain, also need to optimize user's access chain using optimized algorithm.
3. the method that whether determining interface according to claim 2 is illegally called, it is characterised in that the optimized algorithm
For index merges algorithm.
4. the method that whether determining interface according to claim 1 is illegally called, it is characterised in that saved as in described
LRU internal memories, system will meet LRU replacement condition user's accessed node in internal memory is saved into database.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611165613.6A CN106778250A (en) | 2016-12-16 | 2016-12-16 | The method whether determining interface is illegally called |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611165613.6A CN106778250A (en) | 2016-12-16 | 2016-12-16 | The method whether determining interface is illegally called |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106778250A true CN106778250A (en) | 2017-05-31 |
Family
ID=58893094
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611165613.6A Pending CN106778250A (en) | 2016-12-16 | 2016-12-16 | The method whether determining interface is illegally called |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106778250A (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103404182A (en) * | 2012-12-26 | 2013-11-20 | 华为技术有限公司 | Method and apparatus for preventing illegal access of business |
CN105187449A (en) * | 2015-09-30 | 2015-12-23 | 北京恒华伟业科技股份有限公司 | Interface calling method and device |
CN105262717A (en) * | 2015-08-31 | 2016-01-20 | 福建天晴数码有限公司 | Network service security management method and device |
CN105847262A (en) * | 2016-03-31 | 2016-08-10 | 乐视控股(北京)有限公司 | Anti-stealing-link method and system |
-
2016
- 2016-12-16 CN CN201611165613.6A patent/CN106778250A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103404182A (en) * | 2012-12-26 | 2013-11-20 | 华为技术有限公司 | Method and apparatus for preventing illegal access of business |
CN105262717A (en) * | 2015-08-31 | 2016-01-20 | 福建天晴数码有限公司 | Network service security management method and device |
CN105187449A (en) * | 2015-09-30 | 2015-12-23 | 北京恒华伟业科技股份有限公司 | Interface calling method and device |
CN105847262A (en) * | 2016-03-31 | 2016-08-10 | 乐视控股(北京)有限公司 | Anti-stealing-link method and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10055561B2 (en) | Identity risk score generation and implementation | |
US20200285978A1 (en) | Model training system and method, and storage medium | |
CN110855676B (en) | Network attack processing method and device and storage medium | |
CN108810006A (en) | resource access method, device, equipment and storage medium | |
CN109960944A (en) | A kind of data desensitization method, server, terminal and computer readable storage medium | |
CN107733972A (en) | A kind of short linking analytic method, device and equipment | |
CN103607385A (en) | Method and apparatus for security detection based on browser | |
CN107015996A (en) | A kind of resource access method, apparatus and system | |
CN107622211A (en) | A kind of large data sets monarchial power limit access control method and device | |
CN107766469A (en) | A kind of method for caching and processing and device | |
CN108667770A (en) | A kind of loophole test method, server and the system of website | |
CN112468416B (en) | Network flow mirroring method and device, computer equipment and storage medium | |
CN106911782A (en) | A kind of method for reading data and device | |
CN104639650A (en) | Fine granularity distributive interface access control method and device | |
WO2017131355A1 (en) | Device for self-defense security based on system environment and user behavior analysis, and operating method therefor | |
RU2659482C1 (en) | Protection of web applications with intelligent network screen with automatic application modeling | |
CN109376530B (en) | Process mandatory behavior control method and system based on mark | |
CN108092777B (en) | Method and device for supervising digital certificate | |
CN104426836A (en) | Invasion detection method and device | |
CN108055299A (en) | Portal page push method, network access server and portal certification system | |
CN106778250A (en) | The method whether determining interface is illegally called | |
CN113489738B (en) | Method, device, equipment and medium for processing violations of broadband account | |
US20210366070A1 (en) | System and method of providing a nationwide child protection database | |
CN113806443A (en) | Trusted data storage method, system, medium, equipment and terminal | |
CN107566410A (en) | A kind of data save message request treating method and apparatus from damage |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170531 |