CN113868692A - Grading method, grading device, grading equipment and storage medium of data interface - Google Patents

Grading method, grading device, grading equipment and storage medium of data interface Download PDF

Info

Publication number
CN113868692A
CN113868692A CN202010620246.4A CN202010620246A CN113868692A CN 113868692 A CN113868692 A CN 113868692A CN 202010620246 A CN202010620246 A CN 202010620246A CN 113868692 A CN113868692 A CN 113868692A
Authority
CN
China
Prior art keywords
interface
data
sensitive
classified
interfaces
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010620246.4A
Other languages
Chinese (zh)
Inventor
刘芳
张星
常嘉岳
谢锋林
刘炯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Communications Ltd Research Institute
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Communications Ltd Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Communications Ltd Research Institute filed Critical China Mobile Communications Group Co Ltd
Priority to CN202010620246.4A priority Critical patent/CN113868692A/en
Publication of CN113868692A publication Critical patent/CN113868692A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • G06F18/241Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Data Mining & Analysis (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Artificial Intelligence (AREA)
  • Evolutionary Biology (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Evolutionary Computation (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention discloses a grading method, a grading device, grading equipment and a storage medium for a data interface, and relates to the technical field of communication to reduce the manpower cost for grading the data interface. The method comprises the following steps: acquiring interface sensitive data characteristics and interface sensitive behavior characteristics of an interface to be graded; and determining the interface sensitivity level of the interface to be classified according to the interface sensitive data characteristics and the interface sensitive behavior characteristics. The embodiment of the invention can reduce the labor cost of grading the data interface.

Description

Grading method, grading device, grading equipment and storage medium of data interface
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method, an apparatus, a device, and a storage medium for grading a data interface.
Background
Internet enterprises have a large number of external data interfaces. Data assets such as user data and enterprise data are output externally through the data interface, and therefore safety control of the data interface is one of key points of data safety guarantee work.
For realizing the safety control of the data interface, the level of the data interface needs to be confirmed, and the contents returned by some data interfaces are not sensitive, such as the contents visible to tourists in a webpage or an application program, description contents and the like, so that the risk of data leakage of the interfaces is low; interfaces involving "sensitive data" require enhanced protection; if the interface involves "very sensitive data" then important protection is required.
After the sensitivity level of the interface is determined, the interfaces with different levels can be protected to different degrees. For example, for an interface that is not sensitive, its access may only be audited and not monitored; for an interface with high sensitivity, when auditing the interface, measures such as adding flow real-time monitoring and accessing source real-time monitoring to the interface, or adding related early warning measures are also needed.
At the current stage, most enterprises do not perform interface grading. In an enterprise requiring interface ranking, the interface ranking is generally confirmed by an administrator through manual combing or actively reported by an application program customizing the interface. This approach requires significant labor costs.
Disclosure of Invention
The embodiment of the invention provides a grading method, a grading device, grading equipment and a storage medium for a data interface, so as to reduce the labor cost for grading the data interface.
In a first aspect, an embodiment of the present invention provides a method for grading a data interface, including:
acquiring interface sensitive data characteristics and interface sensitive behavior characteristics of an interface to be graded;
and determining the interface sensitivity level of the interface to be classified according to the interface sensitive data characteristics and the interface sensitive behavior characteristics.
The acquiring of the interface sensitive data characteristic and the interface sensitive behavior characteristic of the interface to be classified comprises the following steps:
in a data range which can be called by the interface to be classified, acquiring data characteristics of sensitive data, and taking the data characteristics of the sensitive data as the sensitive data characteristics of the interface, wherein the data characteristics comprise one or any combination of the following information: data category, sensitivity level, data content;
acquiring the interface sensitive behavior characteristics according to the historical calling data condition of the interface to be graded, wherein the interface sensitive behavior characteristics comprise one or any combination of the following information: interface access source, access frequency, data volume returned to the interface, and access time.
Determining the interface sensitivity level of the interface to be classified according to the interface sensitive data characteristic and the interface sensitive behavior characteristic, wherein the determining the interface sensitivity level of the interface to be classified comprises:
classifying the interfaces to be classified according to the interface sensitive data characteristics and the interface sensitive behavior characteristics to obtain at least one class of interfaces to be classified;
determining an interface sensitivity level of the at least one class of interfaces to be classified.
The classifying the interfaces to be classified according to the interface sensitive data characteristics and the interface sensitive behavior characteristics to obtain at least one class of interfaces to be classified comprises the following steps:
and classifying the interfaces to be classified by using an interface classification model to obtain at least one class of interfaces to be classified.
Before the interface classification model is used to classify the interface to be classified to obtain at least one class of interface to be classified, the method further includes:
determining a training characteristic according to the interface sensitive data characteristic and the interface sensitive behavior characteristic;
and training the interface classification model according to the training characteristics and a preset classification algorithm.
Wherein the determining an interface sensitivity level of the at least one class of interfaces to be ranked comprises:
performing interface characterization processing on the interface to be defined of the at least one category to obtain interface characteristic description of the interface to be defined of the at least one category;
and determining the interface sensitivity level of the interface to be defined of the at least one category according to the mapping relation between the interface feature description and the interface sensitivity level.
Wherein, the performing interface characterization processing on the to-be-defined interface of the at least one category to obtain the interface feature description of the to-be-defined interface of the at least one category includes:
according to the training characteristics, describing the corresponding degree of the interface to be defined of the at least one category and the training characteristics until the interface characteristics of the interface to be defined of the at least one category are described;
wherein the training features are features used for training the interface classification model and are selected from the interface sensitive data features and the interface sensitive behavior features.
In a second aspect, an embodiment of the present invention further provides a grading apparatus for a data interface, including:
the first acquisition module is used for acquiring the interface sensitive data characteristics and the interface sensitive behavior characteristics of the interface to be classified;
and the first determining module is used for determining the interface sensitivity level of the interface to be classified according to the interface sensitive data characteristics and the interface sensitive behavior characteristics.
Wherein the first obtaining module comprises:
the first obtaining submodule is used for obtaining the data characteristics of sensitive data in the data range which can be called by the interface to be classified, and taking the data characteristics of the sensitive data as the interface sensitive data characteristics, wherein the data characteristics comprise one or any combination of the following information: data category, sensitivity level, data content;
the second obtaining submodule is used for obtaining the interface sensitive behavior characteristics according to the historical calling data condition of the interface to be classified, and the interface sensitive behavior characteristics comprise one or any combination of the following information: interface access source, access frequency, data volume returned to the interface, and access time.
Wherein the first determining module comprises:
the first classification submodule is used for classifying the interfaces to be classified according to the interface sensitive data characteristics and the interface sensitive behavior characteristics to obtain at least one class of interfaces to be classified;
and the first determining submodule is used for determining the interface sensitivity level of the interface to be classified of the at least one category.
Wherein the first classification submodule comprises: and classifying the interfaces to be classified by using an interface classification model to obtain at least one class of interfaces to be classified.
Wherein the apparatus may further comprise:
the second determining module is used for determining training characteristics according to the interface sensitive data characteristics and the interface sensitive behavior characteristics;
and the training module is used for training the interface classification model according to the training characteristics and a preset classification algorithm.
Wherein the first determination submodule includes:
the first processing unit is used for carrying out interface characterization processing on the interface to be defined of the at least one category to obtain interface feature description of the interface to be defined of the at least one category;
a first determining unit, configured to determine an interface sensitivity level of the to-be-defined interface of the at least one category according to a mapping relationship between the interface feature description and the interface sensitivity level.
The first processing unit is specifically configured to, according to a training feature, describe a degree of correspondence between the to-be-defined interface of the at least one category and the training feature, to an interface feature description of the to-be-defined interface of the at least one category;
wherein the training features are features used for training the interface classification model and are selected from the interface sensitive data features and the interface sensitive behavior features.
In a third aspect, an embodiment of the present invention further provides an electronic device, including: a memory, a processor and a program stored on the memory and executable on the processor, the processor implementing the steps in the method as described above in the first aspect when executing the program.
In a fourth aspect, the embodiments of the present invention also provide a readable storage medium, on which a program is stored, where the program, when executed by a processor, implements the steps in the method according to the first aspect.
In a fifth aspect, an embodiment of the present invention further provides a grading apparatus for a data interface, including: a processor and a transceiver; wherein the processor is configured to:
acquiring interface sensitive data characteristics and interface sensitive behavior characteristics of an interface to be graded;
and determining the interface sensitivity level of the interface to be classified according to the interface sensitive data characteristics and the interface sensitive behavior characteristics.
Wherein the processor is further configured to:
in a data range which can be called by the interface to be classified, acquiring data characteristics of sensitive data, and taking the data characteristics of the sensitive data as the sensitive data characteristics of the interface, wherein the data characteristics comprise one or any combination of the following information: data category, sensitivity level, data content;
acquiring the interface sensitive behavior characteristics according to the historical calling data condition of the interface to be graded, wherein the interface sensitive behavior characteristics comprise one or any combination of the following information: interface access source, access frequency, data volume returned to the interface, and access time.
Wherein the processor is further configured to:
classifying the interfaces to be classified according to the interface sensitive data characteristics and the interface sensitive behavior characteristics to obtain at least one class of interfaces to be classified;
determining an interface sensitivity level of the at least one class of interfaces to be classified.
Wherein the processor is further configured to:
and classifying the interfaces to be classified by using an interface classification model to obtain at least one class of interfaces to be classified.
Wherein the processor is further configured to:
determining a training characteristic according to the interface sensitive data characteristic and the interface sensitive behavior characteristic;
and training the interface classification model according to the training characteristics and a preset classification algorithm.
Wherein the processor is further configured to:
performing interface characterization processing on the interface to be defined of the at least one category to obtain interface characteristic description of the interface to be defined of the at least one category;
and determining the interface sensitivity level of the interface to be defined of the at least one category according to the mapping relation between the interface feature description and the interface sensitivity level.
Wherein the processor is further configured to:
according to the training characteristics, describing the corresponding degree of the interface to be defined of the at least one category and the training characteristics until the interface characteristics of the interface to be defined of the at least one category are described;
wherein the training features are features used for training the interface classification model and are selected from the interface sensitive data features and the interface sensitive behavior features.
In the embodiment of the invention, the interface is graded according to the interface sensitive data characteristic and the interface sensitive behavior characteristic of the interface to be graded. In the process, the interface can be graded without manual participation. Therefore, the scheme of the embodiment of the invention can reduce the labor cost of grading the data interface.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments of the present invention will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without inventive exercise.
FIG. 1 is a flow chart of a method for staging data interfaces provided by an embodiment of the present invention;
FIG. 2 is a schematic diagram of a possible location of a data interface provided by an embodiment of the invention;
FIG. 3 is an overall frame diagram of the present invention;
FIG. 4 is a block diagram of an interface classification module provided by an embodiment of the present invention;
FIG. 5 is a block diagram of an interface staging module provided by an embodiment of the present invention;
FIG. 6 is a block diagram of a grading device of a data interface according to an embodiment of the present invention
FIG. 7 is a second block diagram of a grading device of a data interface according to an embodiment of the present invention;
fig. 8 is a block diagram of an electronic device provided in an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, fig. 1 is a flowchart of a method for ranking data interfaces according to an embodiment of the present invention, and as shown in fig. 1, the method includes the following steps:
step 101, obtaining interface sensitive data characteristics and interface sensitive behavior characteristics of an interface to be classified.
In the embodiment of the present invention, the interface may also be referred to as a data interface, and generally refers to an interface that outputs data when performing data interaction, and includes a server URL (Uniform Resource Locator) called by the interface, a REST interface used by a large data platform or a program, and the like.
For example, the process of a user accessing a web page or an application can be regarded as the process of a user initiating a data request. The web page or the application program calls a data interface provided by the server side to return the requested data to the user, and the interface for returning the data is the data interface.
Fig. 2 is a schematic diagram of a location where a data interface may exist. In the embodiment of the present invention, a party requesting to invoke the data interface is referred to as a client, and a party responding to the interface request and providing the data result is referred to as a server. The users using the clients may be general personal users, business hall attendants, maintenance personnel, management personnel, and the like. The type of client may be a web page, software application, program code, etc.; the server side can be a system for providing data services for a database, a big data platform, a data center station and the like. The client can obtain data by calling the data interface.
"sensitive data" may also be understood as data that is more critical or has a higher level of security or is more content sensitive than the data provided by the interface. In practical application, different definitions can be made according to different use cases. For example, the same data content may have differences that can be defined as sensitive data or not due to different usage environments. "sensitive behavior" may include access frequency, access source, etc. of an interface that are characteristics related to access behavior.
Specifically, in the embodiment of the present invention, in a data range that can be called by the interface to be classified, a data feature of sensitive data is obtained, and the data feature of the sensitive data is used as the interface sensitive data feature, where the data feature includes one or any combination of the following information: data category, sensitivity level, data content. The data range that the interface to be classified can call may include a database, a data table, a column, etc. that the interface can call. Meanwhile, acquiring the interface sensitive behavior characteristics according to the historical calling data condition of the interface to be graded, wherein the interface sensitive behavior characteristics comprise one or any combination of the following information: interface access source, access frequency, data volume returned to the interface, and access time.
And 102, determining the interface sensitivity level of the interface to be classified according to the interface sensitive data characteristic and the interface sensitive behavior characteristic.
Wherein the interface to be ranked may comprise one or more interfaces.
If only one interface is included, the interface sensitivity level of the interface to be classified can be determined according to the mapping relation between the interface sensitive data characteristics and the interface sensitive behavior characteristics and the interface sensitivity level.
If the interface to be classified comprises a plurality of interfaces, in order to improve the processing efficiency, in this step, the interface to be classified is classified according to the interface sensitive data characteristic and the interface sensitive behavior characteristic to obtain at least one class of interface to be classified, and then the interface sensitivity level of the interface to be classified of the at least one class is determined.
In the embodiment of the invention, the interface to be classified is mainly classified by using an interface classification model to obtain at least one class of interface to be classified.
In order to further improve the processing efficiency, in the embodiment of the present invention, before classifying the interfaces to be classified according to the interface sensitive data features and the interface sensitive behavior features, training features may be determined according to the interface sensitive data features and the interface sensitive behavior features, and then the interface classification model is trained according to the training features and a preset classification algorithm.
For example, three characteristics of "level related to sensitive data, interface access frequency, interface access source range" may be selected from the interface sensitive data characteristic and the interface sensitive behavior characteristic as training characteristics herein. The preset classification algorithm may be, for example, a feature comparison, a clustering, or a classification algorithm.
In the embodiment of the present invention, the number of training features is not limited.
In this step, in the process of determining the interface sensitivity level of the interface to be classified of the at least one category, the interface to be classified is subjected to interface characterization processing to obtain an interface feature description of the interface to be classified of the at least one category, and then the interface sensitivity level of the interface to be classified of the at least one category is determined according to a mapping relationship between the interface feature description and the interface sensitivity level.
Specifically, in the process of performing interface characterization processing, according to training features, the degree of correspondence between the interface to be defined of the at least one category and the training features is described until the interface features of the interface to be defined of the at least one category are described. Wherein the training features are the training features described above.
That is, in this step, since the interfaces of different classes are obtained by the classification model, and the classification model is obtained based on the training features, the interfaces of different classes should have the training features, and the interfaces of different classes should have different degrees of the training features.
For example, assume that the training features include: the level of sensitive data, the frequency of interface access, and the range of interface access sources. The level of sensitive data related to the interface A is extremely sensitive, the interface access frequency is 2000, and the interface access source range is 5000; the B interface relates to the level of sensitive data as sensitive, interface access frequency 300, interface access source range 50.
Then, the interface feature description of the a interface may be: { relating to extremely sensitive data, high-frequency access, multiple access sources }, the interface characteristics of the B interface may be described as: { relates to sensitive data, low frequency access, few access sources }.
In the embodiment of the invention, the interface is graded according to the interface sensitive data characteristic and the interface sensitive behavior characteristic of the interface to be graded. In the process, the interface can be graded without manual participation. Therefore, the scheme of the embodiment of the invention can reduce the labor cost of grading the data interface.
Fig. 3 is a general block diagram of an embodiment of the present invention. The core function module of the framework comprises an interface classification module and an interface grading module.
The interface classification module is used for classifying the interfaces into different categories by using sensitive data related to the interfaces and historical data called by the interfaces and adopting methods such as machine learning, data mining and the like. The interface grading module is used for grading the sensitivity of the interfaces of different types and outputting interface lists with different sensitivity levels.
Fig. 4 is a block diagram of the interface classification module. And processing the sensitive data of the interface design and the historical data of the calling interface to obtain an interface feature library, and then classifying by using an interface classification model. The working principle of the interface classification module is described below.
1. And establishing an interface feature library.
(1) And establishing an interface sensitive data feature library based on the sensitive data related to the interface.
For a given level of interface, the data range that can be called by the interface, such as a database, a data table, a column, etc., that can be called by the interface, can be obtained. If sensitive data is included within the callable data range, the characteristics of the sensitive data (e.g., known data category, level, content, etc.) serve as the sensitive data characteristics herein.
(2) And establishing an interface sensitive behavior characteristic library based on the interface calling historical data.
In an embodiment of the invention, historical data of the interface is analyzed. And (3) performing statistical analysis on historical data called by the interface, acquiring behavior characteristics of the interface, such as a conventional access source, access frequency, returned data volume, access time and the like, and establishing an interface sensitive behavior characteristic library.
2. And training an interface classification model according to the established feature library, and classifying the interface to be classified.
The features used for training the interface classification model can be selected from the feature library established as described above. For example, three characteristics of { level related to sensitive data, interface access frequency and interface access source range } are adopted for training. The interface classification model distinguishes the interface modes based on the three characteristic values of each interface, and the interfaces with the three similar characteristic values are classified into the same category.
As shown in table 1, the statistics for 8 interfaces.
The interface 1 and the interface 2 are classified into the same category because the behavior pattern is { extremely sensitive data is involved, high frequency access, and multiple access sources }. Interface 3 and interface 4, since the behavior pattern is { extremely sensitive data involved, medium frequency access, few sources of access }, will be classified into the same category.
TABLE 1
Figure BDA0002562799780000091
In practical applications, many algorithms in machine learning can classify objects into different categories based on feature values. Therefore, in the embodiment of the present invention, the method may be implemented in various ways, such as feature comparison, clustering, or classification algorithm, and the specific implementation manner may be determined according to the scene.
For example, when it is unclear which access patterns exist in the system, the interfaces can be distinguished based on the characteristics through a clustering algorithm, and interface categories with different k types of access patterns are obtained. In this case, the optimal clustering algorithm is selected as the interface classification model. For another example, when a business or business has clearly needed to distinguish the interfaces according to what patterns (or characteristics), the expected k-type patterns are first confirmed, and then the interfaces are respectively put into the categories based on the characteristics thereof through a classification learning algorithm. In this case, the optimal classifier is selected as the interface classification model.
Interface classifications with different access modes can be obtained by the interface classification module.
Fig. 5 is a block diagram of an interface ranking module. The working principle of the interface scaling module is described below.
For a plurality of interface classifications obtained by the interface classification module, mapping to different interface sensitivity levels according to the access mode (or) thereof through the interface definition model.
1. And carrying out interface characterization processing on the interfaces of different classes.
In the embodiment of the invention, interface characterization processing is carried out, namely, various interfaces are represented by feature sets. Specifically, according to different training characteristics adopted by the interface classification model, the characteristics of the interfaces of various categories are described according to the corresponding degrees of the sensitive data characteristics, the sensitive behavior characteristics and the training characteristics of the interfaces.
For example, when the interface classification model is trained in the previous step, three features of { level related to sensitive data, interface access frequency, and interface access source range } are used for training, and then the obtained k-class interface can be represented as:
the class 1 interface is represented as: { relates to extremely sensitive data, high frequency access, multiple access sources };
the class 2 interface is represented as: { involves extremely sensitive data, medium frequency access, few access sources };
the class 3 interface is represented as: { relates to sensitive data, high frequency access, few access sources };
……
the kth class interface is represented as: { relates to sensitive data, low frequency access, few access sources }.
2. And establishing a mapping standard library.
In this step, the mapping standard library is established according to industry data classification grading standards, enterprise internal data classification grading standards, or specifications or guidelines established by safety management personnel according to actual scenes.
The content in the mapping standard library is the corresponding relation between the interface feature set and the sensitivity level.
For example, the mapping relationship may be:
{ relates to extremely sensitive data, high frequency access, access source multiple } - >1 level sensitive interface;
{ relates to extremely sensitive data, medium frequency access, few access sources } - > 1-level sensitive interface;
{ relates to sensitive data, high-frequency access, few access sources } - > 2-level sensitive interface;
……
{ relates to sensitive data, low frequency access, few sources of access } - > n-level sensitive interface.
Thus, various interfaces can be mapped to corresponding sensitivity levels through the feature set, and the mapping relation is as follows:
class 1 interface > { relates to extremely sensitive data, high frequency access, access source multiple } - > level 1 sensitive interface;
type 2 interface > { relates to extremely sensitive data, medium frequency access, few access sources } >1 level sensitive interface;
type 3 interface ═ 2 level sensitive interface, involving sensitive data, high frequency access, few sources of access;
……
the k-th interface is { relates to sensitive data, and low-frequency access and few access sources }.
By the method, the k-type interfaces can be mapped to the corresponding sensitivity levels respectively. Each interface in the 1 st interface corresponds to 1-level sensitivity; each interface in the kth class of interfaces corresponds to an n-level sensitivity. In the above corresponding process, each type of interface is corresponding to a sensitivity level, and thus, there may be a case where multiple types of interfaces correspond to the same sensitivity level.
If the interface classification model is trained using only a single feature, for example, the interface classification is based on only the single feature "level of sensitive data involved in the interface", the "interface sensitivity level" is substantially the same as the "level of sensitive data involved in the interface".
In practical application, the interface classification model can be trained by adopting the characteristics of all interfaces to be classified, so that the classification of all the interfaces in the system can be completed at one time. Of course, interface features of a part of interfaces can be selected from the features of the interfaces to be classified, and an interface classification model can be trained. Then, classifying other interfaces in the system by using the trained interface classification model, classifying each interface into the category to which the interface belongs, and corresponding the interface to the sensitive level through the feature set according to the mapping standard library. In addition, with the accumulation of data, the interface classification model and the mapping library can be updated regularly (such as every other one year or half year), so that the classification grading quality can be ensured.
It can be seen from the above description that, by using the scheme of the embodiment of the present invention, the interface can be automatically leveled, and the workload of interface leveling is reduced. Meanwhile, the interface sensitive data characteristic and the interface sensitive behavior characteristic are simultaneously used when the interface is graded, so that the accuracy of interface classification can be improved.
The embodiment of the invention also provides a grading device of the data interface. Referring to fig. 6, fig. 6 is a structural diagram of a grading device of a data interface according to an embodiment of the present invention. Because the principle of the grading device of the data interface for solving the problems is similar to the grading method of the data interface in the embodiment of the invention, the implementation of the grading device of the data interface can refer to the implementation of the method, and repeated parts are not described again.
As shown in fig. 6, the data interface rating device 600 includes:
a first obtaining module 601, configured to obtain an interface sensitive data feature and an interface sensitive behavior feature of an interface to be classified; a first determining module 602, configured to determine an interface sensitivity level of the interface to be classified according to the interface sensitive data characteristic and the interface sensitive behavior characteristic.
Wherein, the first obtaining module 601 includes:
the first obtaining submodule is used for obtaining the data characteristics of sensitive data in the data range which can be called by the interface to be classified, and taking the data characteristics of the sensitive data as the interface sensitive data characteristics, wherein the data characteristics comprise one or any combination of the following information: data category, sensitivity level, data content; the second obtaining submodule is used for obtaining the interface sensitive behavior characteristics according to the historical calling data condition of the interface to be classified, and the interface sensitive behavior characteristics comprise one or any combination of the following information: interface access source, access frequency, data volume returned to the interface, and access time.
Wherein the first determining module 602 comprises:
the first classification submodule is used for classifying the interfaces to be classified according to the interface sensitive data characteristics and the interface sensitive behavior characteristics to obtain at least one class of interfaces to be classified; and the first determining submodule is used for determining the interface sensitivity level of the interface to be classified of the at least one category.
Wherein the first classification submodule comprises: and classifying the interfaces to be classified by using an interface classification model to obtain at least one class of interfaces to be classified.
Wherein the apparatus may further comprise:
the second determining module is used for determining training characteristics according to the interface sensitive data characteristics and the interface sensitive behavior characteristics; and the training module is used for training the interface classification model according to the training characteristics and a preset classification algorithm.
Wherein the first determination submodule includes:
the first processing unit is used for carrying out interface characterization processing on the interface to be defined of the at least one category to obtain interface feature description of the interface to be defined of the at least one category; a first determining unit, configured to determine an interface sensitivity level of the to-be-defined interface of the at least one category according to a mapping relationship between the interface feature description and the interface sensitivity level.
The first processing unit is specifically configured to, according to a training feature, describe a degree of correspondence between the to-be-defined interface of the at least one category and the training feature, to an interface feature description of the to-be-defined interface of the at least one category;
wherein the training features are features used for training the interface classification model and are selected from the interface sensitive data features and the interface sensitive behavior features.
The apparatus provided in the embodiment of the present invention may implement the method embodiments, and the implementation principle and the technical effect are similar, which are not described herein again.
The embodiment of the invention also provides a grading device of the data interface. Referring to fig. 7, fig. 7 is a structural diagram of a grading device of a data interface according to an embodiment of the present invention. Because the principle of the grading device of the data interface for solving the problems is similar to the grading method of the data interface in the embodiment of the invention, the implementation of the grading device of the data interface can refer to the implementation of the method, and repeated parts are not described again.
As shown in fig. 7, the data interface rating apparatus 700 includes: a processor 701 and a transceiver 702.
Wherein the processor 701 is configured to:
acquiring interface sensitive data characteristics and interface sensitive behavior characteristics of an interface to be graded;
and determining the interface sensitivity level of the interface to be classified according to the interface sensitive data characteristics and the interface sensitive behavior characteristics.
Wherein the processor 701 is further configured to:
in a data range which can be called by the interface to be classified, acquiring data characteristics of sensitive data, and taking the data characteristics of the sensitive data as the sensitive data characteristics of the interface, wherein the data characteristics comprise one or any combination of the following information: data category, sensitivity level, data content;
acquiring the interface sensitive behavior characteristics according to the historical calling data condition of the interface to be graded, wherein the interface sensitive behavior characteristics comprise one or any combination of the following information: interface access source, access frequency, data volume returned to the interface, and access time.
Wherein the processor 701 is further configured to:
classifying the interfaces to be classified according to the interface sensitive data characteristics and the interface sensitive behavior characteristics to obtain at least one class of interfaces to be classified;
determining an interface sensitivity level of the at least one class of interfaces to be classified.
Wherein the processor 701 is further configured to:
and classifying the interfaces to be classified by using an interface classification model to obtain at least one class of interfaces to be classified.
Before the interface classification model is used to classify the interface to be classified to obtain at least one class of interface to be classified, the method further includes:
determining a training characteristic according to the interface sensitive data characteristic and the interface sensitive behavior characteristic;
and training the interface classification model according to the training characteristics and a preset classification algorithm.
Wherein the processor 701 is further configured to:
performing interface characterization processing on the interface to be defined of the at least one category to obtain interface characteristic description of the interface to be defined of the at least one category;
and determining the interface sensitivity level of the interface to be defined of the at least one category according to the mapping relation between the interface feature description and the interface sensitivity level.
Wherein the processor 701 is further configured to:
according to the training characteristics, describing the corresponding degree of the interface to be defined of the at least one category and the training characteristics until the interface characteristics of the interface to be defined of the at least one category are described;
wherein the training features are features used for training the interface classification model and are selected from the interface sensitive data features and the interface sensitive behavior features.
The apparatus provided in the embodiment of the present invention may implement the method embodiments, and the implementation principle and the technical effect are similar, which are not described herein again.
As shown in fig. 8, the electronic device according to the embodiment of the present invention includes: the processor 800, which is used to read the program in the memory 820, executes the following processes:
acquiring interface sensitive data characteristics and interface sensitive behavior characteristics of an interface to be graded;
classifying the interfaces to be classified according to the interface sensitive data characteristics and the interface sensitive behavior characteristics to obtain at least one class of interfaces to be classified;
determining an interface sensitivity level of the at least one class of interfaces to be classified.
Where in fig. 8, the bus architecture may include any number of interconnected buses and bridges, with various circuits being linked together, particularly one or more processors represented by processor 800 and memory represented by memory 820. The bus architecture may also link together various other circuits such as peripherals, voltage regulators, power management circuits, and the like, which are well known in the art, and therefore, will not be described any further herein. The bus interface provides an interface. The processor 800 is responsible for managing the bus architecture and general processing, and the memory 820 may store data used by the processor 800 in performing operations.
The processor 800 is responsible for managing the bus architecture and general processing, and the memory 820 may store data used by the processor 800 in performing operations.
The processor 800 is further configured to read the program and execute the following steps:
in a data range which can be called by the interface to be classified, acquiring data characteristics of sensitive data, and taking the data characteristics of the sensitive data as the sensitive data characteristics of the interface, wherein the data characteristics comprise one or any combination of the following information: data category, sensitivity level, data content;
acquiring the interface sensitive behavior characteristics according to the historical calling data condition of the interface to be graded, wherein the interface sensitive behavior characteristics comprise one or any combination of the following information: interface access source, access frequency, data volume returned to the interface, and access time.
The processor 800 is further configured to read the program and execute the following steps:
and classifying the interfaces to be classified by using an interface classification model to obtain at least one class of interfaces to be classified.
The processor 800 is further configured to read the program and execute the following steps:
determining a training characteristic according to the interface sensitive data characteristic and the interface sensitive behavior characteristic;
and training the interface classification model according to the training characteristics and a preset classification algorithm.
The processor 800 is further configured to read the program and execute the following steps:
performing interface characterization processing on the interface to be defined of the at least one category to obtain interface characteristic description of the interface to be defined of the at least one category;
and determining the interface sensitivity level of the interface to be defined of the at least one category according to the mapping relation between the interface feature description and the interface sensitivity level.
The processor 800 is further configured to read the program and execute the following steps:
according to the training characteristics, describing the corresponding degree of the interface to be defined of the at least one category and the training characteristics until the interface characteristics of the interface to be defined of the at least one category are described;
wherein the training features are features used for training the interface classification model and are selected from the interface sensitive data features and the interface sensitive behavior features.
The device provided by the embodiment of the present invention may implement the above method embodiment, and the implementation principle and technical effect are similar, which are not described herein again.
The embodiment of the present invention further provides a readable storage medium, where a program is stored on the readable storage medium, and when the program is executed by a processor, the program implements each process of the foregoing data interface ranking method embodiment, and can achieve the same technical effect, and in order to avoid repetition, details are not repeated here. The readable storage medium may be a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. With such an understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the methods according to the embodiments of the present invention.
While the present invention has been described with reference to the embodiments shown in the drawings, the present invention is not limited to the embodiments, which are illustrative and not restrictive, and it will be apparent to those skilled in the art that various changes and modifications can be made therein without departing from the spirit and scope of the invention as defined in the appended claims.

Claims (11)

1. A method for grading a data interface, comprising:
acquiring interface sensitive data characteristics and interface sensitive behavior characteristics of an interface to be graded;
and determining the interface sensitivity level of the interface to be classified according to the interface sensitive data characteristics and the interface sensitive behavior characteristics.
2. The method of claim 1, wherein the obtaining interface sensitive data characteristics and interface sensitive behavior characteristics of the interface to be ranked comprises:
in a data range which can be called by the interface to be classified, acquiring data characteristics of sensitive data, and taking the data characteristics of the sensitive data as the sensitive data characteristics of the interface, wherein the data characteristics comprise one or any combination of the following information: data category, sensitivity level, data content;
acquiring the interface sensitive behavior characteristics according to the historical calling data condition of the interface to be graded, wherein the interface sensitive behavior characteristics comprise one or any combination of the following information: interface access source, access frequency, data volume returned to the interface, and access time.
3. The method of claim 1, wherein determining the interface sensitivity level of the interface to be classified according to the interface sensitivity data characteristic and the interface sensitivity behavior characteristic comprises:
classifying the interfaces to be classified according to the interface sensitive data characteristics and the interface sensitive behavior characteristics to obtain at least one class of interfaces to be classified;
determining an interface sensitivity level of the at least one class of interfaces to be classified.
4. The method of claim 3, wherein the classifying the interfaces to be classified according to the interface sensitive data characteristics and the interface sensitive behavior characteristics to obtain at least one class of interfaces to be classified comprises:
and classifying the interfaces to be classified by using an interface classification model to obtain at least one class of interfaces to be classified.
5. The method of claim 4, wherein before said classifying the interface to be classified using the interface classification model to obtain at least one class of interface to be classified, the method further comprises:
determining a training characteristic according to the interface sensitive data characteristic and the interface sensitive behavior characteristic;
and training the interface classification model according to the training characteristics and a preset classification algorithm.
6. The method of claim 3, wherein said determining an interface sensitivity level for the at least one class of interfaces to be classified comprises:
performing interface characterization processing on the interface to be defined of the at least one category to obtain interface characteristic description of the interface to be defined of the at least one category;
and determining the interface sensitivity level of the interface to be defined of the at least one category according to the mapping relation between the interface feature description and the interface sensitivity level.
7. The method according to claim 6, wherein the performing interface characterization processing on the interface to be defined of the at least one category to obtain an interface feature description of the interface to be defined of the at least one category includes:
according to the training characteristics, describing the corresponding degree of the interface to be defined of the at least one category and the training characteristics until the interface characteristics of the interface to be defined of the at least one category are described;
wherein the training features are features used for training the interface classification model and are selected from the interface sensitive data features and the interface sensitive behavior features.
8. A rating device for a data interface, comprising:
the first acquisition module is used for acquiring the interface sensitive data characteristics and the interface sensitive behavior characteristics of the interface to be classified;
and the first determining module is used for determining the interface sensitivity level of the interface to be classified according to the interface sensitive data characteristics and the interface sensitive behavior characteristics.
9. A rating device for a data interface, comprising: a processor and a transceiver;
the processor is used for acquiring the interface sensitive data characteristics and the interface sensitive behavior characteristics of the interface to be classified; and determining the interface sensitivity level of the interface to be classified according to the interface sensitive data characteristics and the interface sensitive behavior characteristics.
10. An electronic device, comprising: a memory, a processor, and a program stored on the memory and executable on the processor; processor for reading a program in a memory implementing the steps in the method for rating a data interface according to any of claims 1 to 7.
11. A readable storage medium storing a program, which when executed by a processor implements the steps in the rating method of the data interface of any of claims 1 to 7.
CN202010620246.4A 2020-06-30 2020-06-30 Grading method, grading device, grading equipment and storage medium of data interface Pending CN113868692A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010620246.4A CN113868692A (en) 2020-06-30 2020-06-30 Grading method, grading device, grading equipment and storage medium of data interface

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010620246.4A CN113868692A (en) 2020-06-30 2020-06-30 Grading method, grading device, grading equipment and storage medium of data interface

Publications (1)

Publication Number Publication Date
CN113868692A true CN113868692A (en) 2021-12-31

Family

ID=78981807

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010620246.4A Pending CN113868692A (en) 2020-06-30 2020-06-30 Grading method, grading device, grading equipment and storage medium of data interface

Country Status (1)

Country Link
CN (1) CN113868692A (en)

Similar Documents

Publication Publication Date Title
CN111831636B (en) Data processing method, device, computer system and readable storage medium
CN107305611B (en) Method and device for establishing model corresponding to malicious account and method and device for identifying malicious account
CN103544430A (en) Operation environment safety method and electronic operation system
CN111754044A (en) Employee behavior auditing method, device, equipment and readable storage medium
CN116611411A (en) Business system report generation method, device, equipment and storage medium
CN110245684B (en) Data processing method, electronic device, and medium
CN113609409B (en) Method and system for recommending browsing information, electronic equipment and storage medium
CN111177372A (en) Scientific and technological achievement classification method, device, equipment and medium
CN110275880A (en) Data analysing method, device, server and readable storage medium storing program for executing
CN113850669A (en) User grouping method and device, computer equipment and computer readable storage medium
WO2020119533A1 (en) Public sentiment warning method and apparatus based on recurrent neural network algorithm, terminal and medium
CN113868692A (en) Grading method, grading device, grading equipment and storage medium of data interface
CN116450723A (en) Data extraction method, device, computer equipment and storage medium
CN115147195A (en) Bidding purchase risk monitoring method, apparatus, device and medium
CN114925275A (en) Product recommendation method and device, computer equipment and storage medium
CN110990465A (en) Data export method and device, electronic equipment and storage medium
CN113704251A (en) Method and device for layout of home page of distributed storage database all-in-one machine
CN111209284A (en) Metadata-based table dividing method and device
CN111582648A (en) User policy generation method and device and electronic equipment
CN118228320B (en) Data analysis method based on privacy calculation
CN111178375B (en) Method and device for generating information
CN115604000B (en) Override detection method, device, equipment and storage medium
CN115550259B (en) Flow distribution method based on white list and related equipment
CN113935301B (en) Report generation method and device, storage medium and electronic equipment
CN115208831B (en) Request processing method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination