CN106778250A - The method whether determining interface is illegally called - Google Patents

The method whether determining interface is illegally called Download PDF

Info

Publication number
CN106778250A
CN106778250A CN201611165613.6A CN201611165613A CN106778250A CN 106778250 A CN106778250 A CN 106778250A CN 201611165613 A CN201611165613 A CN 201611165613A CN 106778250 A CN106778250 A CN 106778250A
Authority
CN
China
Prior art keywords
interface
user
chain
node
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201611165613.6A
Other languages
Chinese (zh)
Inventor
魏劲超
江涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan Changhong Electric Co Ltd
Original Assignee
Sichuan Changhong Electric Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan Changhong Electric Co Ltd filed Critical Sichuan Changhong Electric Co Ltd
Priority to CN201611165613.6A priority Critical patent/CN106778250A/en
Publication of CN106778250A publication Critical patent/CN106778250A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/54Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2117User registration

Abstract

The present invention relates to internet interaction technique, a kind of method whether determining interface is illegally called is disclosed, prevent interface from being called by illegal, malice.The present invention includes:User specifies the accessed node of ground root ranks to enter system by one, and into after system, user calls any one interface by backstage record as user's accessed node, and records in internal memory;When user calls certain interface, all preposition accessed nodes of the accessed node of current calling interface and the node are constituted a user and access chain by system;System reads the Lawful access chain of the interface from internal memory, and Lawful access chain is accessed into chain with user compares, and calls legal once comparing and successfully think this time, and provides interface resource.The present invention is applied to interface management.

Description

The method whether determining interface is illegally called
Technical field
The present invention relates to internet interaction technique, the method that more particularly to whether determining interface is illegally called.
Background technology
The use of interface includes two types:1. non-open type interface (i.e. with checking interface, such as:Band identifying code Login interface/need the token interfaces of checking are provided) .2. open interfaces are (such as:Identifying code is sent to mobile phone) opens non- When calling of formula interface is put, user have submitted the checking information of oneself so as to obtain the access of system and call authority, relatively Safer is in non-open type interface interchange due to not needing preposition user profile, it is possible to cause user to use work The high frequency that tool is not limited is called so as to cause system under attack.
The content of the invention
The technical problem to be solved in the present invention is:A kind of method whether determining interface is illegally called is provided, prevents from connecing Mouth is called by illegal, malice.
To solve the above problems, the technical solution adopted by the present invention is:The method whether determining interface is illegally called, bag Include step:For each interface sets its Lawful access chain, and it is maintained in internal memory;
User specifies the accessed node of ground root ranks to enter system by one, and into after system, user calls and appoints One interface of meaning all turns into user's accessed node by backstage record, and records in internal memory;
When user calls certain interface, system is by the accessed node of current calling interface and all preposition visits of the node Ask that node constitutes a user and accesses chain;
System reads the Lawful access chain of the interface from internal memory, and Lawful access chain is compared with user's access chain, one Denier compares and successfully think this time and call legal, and provides interface resource.
Further, before Lawful access chain and user's access chain is compared, also need that user is accessed chain and used to optimize Algorithm is optimized.
Specifically, the optimized algorithm merges algorithm for index.
Further, LRU internal memories are saved as in described, system will meet user's accessed node of LRU replacement condition in internal memory It is saved into database.
The beneficial effects of the invention are as follows:By the present invention in that judging user with preposition access control and Lawful access chain Whether malice calling interface, such that it is able to effectively prevent interface resource from being illegally occupied.
Brief description of the drawings
Fig. 1 is system structure diagram.
Specific embodiment
In order that the object, technical solutions and advantages of the present invention are clearer, implementation steps of the present invention are carried out below It is further to describe in detail.
The present invention judged using preposition access control and Lawful access chain user whether malice calling interface.
1st, preposition access control is meant that, we are contemplated that and such as send identifying code to mobile phone this interface (hereafter In use " obtain identifying code interface " state this concept), it is not necessary to the information of user is also impossible to obtain the information of user (in such as register flow path, first send identifying code and ask registration again, anyone any instrument can call this interface to complete hair Sending the function of identifying code) at this moment registration interface sends identifying code this interface as front interface and there is provided checking to due to having The such a control field of code just can be avoided effectively by malicious registration, and obtains identifying code interface due to without preposition access Interface is difficult to be limited so malicious requests cannot be avoided to send identifying code and this malicious access under certain technological means E.g., system, such as instrument (calling once with regard to the replacement request ip and phone number) in high frequency replacement request source
2nd, the setting of Lawful access chain.We be contemplated that an interface interchange flow we with a registration for website As a example by flow, its access order is:The Index pages (guide page or homepage)->Enrollment page->Call request identifying code interface-> Using identifying code call registration interface this order in it may be seen that, before call request identifying code interface at least There are 2 preposition access control units (accessing the Index pages, access enrollment page), but we can not be simply considered that user Operation be exactly such single structure, such as user operation can also be order like below:The Index page (guide pages Or homepage)->The partial content page->The help pages->Enrollment page->Call request identifying code interface->Called using identifying code Registration interface, in such order, Lawful access chain therein is:The Index pages (guide page or homepage)->(other)-> Enrollment page->Call request identifying code interface, i.e., with the Index pages (guide page or homepage) access start, with enrollment page-> The call request identifying code continuous hitless operation of interface two such constitutes a complete Lawful access chain and can constitute this The premise of one Lawful access of sample is that user interface request each time has all been recorded in server end and forms user and visits Ask chain (user's footprint)
3rd, the description of embodiment
Concrete thought is as follows:
1) for each interface sets its Lawful access chain, and it is maintained in internal memory.
2) system must have root chain node of the unified entrance as Lawful access chain.User passes through the root ranks Accessed node enter system, into after system, user call any one interface all by backstage record turn into a user Accessed node, and record in internal memory.Wherein, LRU internal memories are inside saved as, LRU internal memories can operationally be put LRU is met in internal memory The user's accessed node for changing condition is saved into database, can be used as the data source of subsequent user behavioural analysis.
3) when user calls certain interface, system obtains all of preposition accessed node of the node, and will currently call The accessed node of interface and all preposition accessed nodes of the node constitute a user and access chain (user's footprint), while using Index merges algorithm and merges identical user footprint point (user accesses chain node) memory optimization storage.Because the operation of user can Can have it is many repeat, the part that these are repeated we only need in fact the operating frequency of user/number of times record without Want its specific operation.
4) system reads the Lawful access chain of the interface from internal memory, and Lawful access chain is compared with user's access chain, Call legal once comparing and successfully think this time, and provide interface resource, user can call the resource of the interface.
Embodiment
Below by taking certain interface calling procedure as an example, it is specifically described.
A. user initiates interface interchange;
B. current interface is called record access node by system;
C. this accessed node is stored in LRU internal memories, so as to update or create the user's accessed node in LRU internal memories; At the same time, system obtains all preposition accessed node of accessed node, and by the accessed node of current calling interface and is somebody's turn to do The all preposition accessed nodes of node constitute a user and access chain;
D. system reads the Lawful access chain of the interface from internal memory, and Lawful access chain is compared with user's access chain, Call legal once comparing and successfully think this time, and provide interface resource, if it is considered to being illegal, then do abnormality processing.
General principle of the invention and main feature are the foregoing described, the description of specification is explanation original of the invention Reason, without departing from the spirit and scope of the present invention, various changes and modifications of the present invention are possible, these changes and improvements All fall within the protetion scope of the claimed invention.

Claims (4)

1. the method that whether determining interface is illegally called, it is characterised in that including step:
For each interface sets its Lawful access chain, and it is maintained in internal memory;
User specifies the accessed node of ground root ranks to enter system by one, and into after system, user calls any one Individual interface all turns into user's accessed node by backstage record, and records in internal memory;
When user calls certain interface, system saves all preposition access of the accessed node of current calling interface and the node Point constitutes a user and accesses chain;
System reads the Lawful access chain of the interface from internal memory, and Lawful access chain is compared with user's access chain, once than To successfully thinking that this time is called legal, and interface resource is provided.
2. the method that whether determining interface according to claim 1 is illegally called, it is characterised in that to Lawful access Before chain is compared with user's access chain, also need to optimize user's access chain using optimized algorithm.
3. the method that whether determining interface according to claim 2 is illegally called, it is characterised in that the optimized algorithm For index merges algorithm.
4. the method that whether determining interface according to claim 1 is illegally called, it is characterised in that saved as in described LRU internal memories, system will meet LRU replacement condition user's accessed node in internal memory is saved into database.
CN201611165613.6A 2016-12-16 2016-12-16 The method whether determining interface is illegally called Pending CN106778250A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611165613.6A CN106778250A (en) 2016-12-16 2016-12-16 The method whether determining interface is illegally called

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611165613.6A CN106778250A (en) 2016-12-16 2016-12-16 The method whether determining interface is illegally called

Publications (1)

Publication Number Publication Date
CN106778250A true CN106778250A (en) 2017-05-31

Family

ID=58893094

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611165613.6A Pending CN106778250A (en) 2016-12-16 2016-12-16 The method whether determining interface is illegally called

Country Status (1)

Country Link
CN (1) CN106778250A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103404182A (en) * 2012-12-26 2013-11-20 华为技术有限公司 Method and apparatus for preventing illegal access of business
CN105187449A (en) * 2015-09-30 2015-12-23 北京恒华伟业科技股份有限公司 Interface calling method and device
CN105262717A (en) * 2015-08-31 2016-01-20 福建天晴数码有限公司 Network service security management method and device
CN105847262A (en) * 2016-03-31 2016-08-10 乐视控股(北京)有限公司 Anti-stealing-link method and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103404182A (en) * 2012-12-26 2013-11-20 华为技术有限公司 Method and apparatus for preventing illegal access of business
CN105262717A (en) * 2015-08-31 2016-01-20 福建天晴数码有限公司 Network service security management method and device
CN105187449A (en) * 2015-09-30 2015-12-23 北京恒华伟业科技股份有限公司 Interface calling method and device
CN105847262A (en) * 2016-03-31 2016-08-10 乐视控股(北京)有限公司 Anti-stealing-link method and system

Similar Documents

Publication Publication Date Title
US10055561B2 (en) Identity risk score generation and implementation
US20200285978A1 (en) Model training system and method, and storage medium
CN110855676B (en) Network attack processing method and device and storage medium
CN108810006A (en) resource access method, device, equipment and storage medium
CN109960944A (en) A kind of data desensitization method, server, terminal and computer readable storage medium
CN107733972A (en) A kind of short linking analytic method, device and equipment
CN103607385A (en) Method and apparatus for security detection based on browser
CN107015996A (en) A kind of resource access method, apparatus and system
CN107622211A (en) A kind of large data sets monarchial power limit access control method and device
CN107766469A (en) A kind of method for caching and processing and device
CN108667770A (en) A kind of loophole test method, server and the system of website
CN112468416B (en) Network flow mirroring method and device, computer equipment and storage medium
CN106911782A (en) A kind of method for reading data and device
CN104639650A (en) Fine granularity distributive interface access control method and device
WO2017131355A1 (en) Device for self-defense security based on system environment and user behavior analysis, and operating method therefor
RU2659482C1 (en) Protection of web applications with intelligent network screen with automatic application modeling
CN109376530B (en) Process mandatory behavior control method and system based on mark
CN108092777B (en) Method and device for supervising digital certificate
CN104426836A (en) Invasion detection method and device
CN108055299A (en) Portal page push method, network access server and portal certification system
CN106778250A (en) The method whether determining interface is illegally called
CN113489738B (en) Method, device, equipment and medium for processing violations of broadband account
US20210366070A1 (en) System and method of providing a nationwide child protection database
CN113806443A (en) Trusted data storage method, system, medium, equipment and terminal
CN107566410A (en) A kind of data save message request treating method and apparatus from damage

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20170531