CN117596047A - Request processing method, request processing device, electronic equipment and storage medium - Google Patents
Request processing method, request processing device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN117596047A CN117596047A CN202311585270.9A CN202311585270A CN117596047A CN 117596047 A CN117596047 A CN 117596047A CN 202311585270 A CN202311585270 A CN 202311585270A CN 117596047 A CN117596047 A CN 117596047A
- Authority
- CN
- China
- Prior art keywords
- processed
- request
- sequence
- http request
- interface
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012545 processing Methods 0.000 title claims abstract description 44
- 238000003672 processing method Methods 0.000 title claims abstract description 22
- 238000001514 detection method Methods 0.000 claims abstract description 78
- 230000002159 abnormal effect Effects 0.000 claims abstract description 49
- 238000000034 method Methods 0.000 claims abstract description 34
- 230000005856 abnormality Effects 0.000 claims abstract description 30
- 238000010586 diagram Methods 0.000 claims description 27
- 238000004590 computer program Methods 0.000 claims description 16
- 238000013136 deep learning model Methods 0.000 claims description 5
- 230000006854 communication Effects 0.000 abstract description 31
- 238000004891 communication Methods 0.000 abstract description 17
- 238000005516 engineering process Methods 0.000 abstract description 5
- 230000008569 process Effects 0.000 description 6
- 230000006870 function Effects 0.000 description 5
- 239000000243 solution Substances 0.000 description 5
- 230000003287 optical effect Effects 0.000 description 3
- 239000008186 active pharmaceutical agent Substances 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 206010000117 Abnormal behaviour Diseases 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005206 flow analysis Methods 0.000 description 1
- 239000011521 glass Substances 0.000 description 1
- 238000002347 injection Methods 0.000 description 1
- 239000007924 injection Substances 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Abstract
The embodiment of the invention discloses a request processing method, a request processing device, electronic equipment and a storage medium. The method comprises the following steps: determining an HTTP request to be processed, and acquiring request source information and source site information corresponding to the HTTP request to be processed; generating an interface calling sequence corresponding to the HTTP request to be processed based on the request source information and the source site information; based on a preset abnormality detection mode, carrying out abnormality detection on the interface calling sequence, and determining whether the interface calling sequence is abnormal or not according to a detection result; and if not, processing the HTTP request to be processed. The technical scheme of the embodiment of the invention solves the technical problem that logic loopholes in the API communication process can not be found by using the specific characteristic values in the related technology, and realizes more efficient and reliable detection and processing of the HTTP request in the API communication process, thereby improving the API communication safety.
Description
Technical Field
The embodiment of the invention relates to the technical field of computers, in particular to a request processing method, a request processing device, electronic equipment and a storage medium.
Background
With the development of internet technology, API (Application Programming Interface ) attacks are frequent, mainly because of the security defect of the API. Currently, the use of APIs is mainly achieved by sending HTTP (Hypertext Transfer Protocol ) requests.
In the related art, abnormal behavior in the API communication process, such as sql injection, command execution, code execution, and the like, is generally identified based on a set feature value. However, using the set feature value is a logical vulnerability where the API cannot be found. Logical vulnerabilities due to APIs are prevalent in HTTP requests during API communications.
Therefore, there is a need to propose an efficient and reliable solution to detect and process HTTP requests during API communication.
Disclosure of Invention
The invention provides a request processing method, a request processing device, electronic equipment and a storage medium, which are used for detecting and processing HTTP requests in an API communication process more efficiently and reliably, so that the API communication safety is improved.
According to an aspect of the present invention, there is provided a request processing method, including:
determining an HTTP request to be processed, and acquiring request source information and source site information corresponding to the HTTP request to be processed;
generating an interface calling sequence corresponding to the HTTP request to be processed based on the request source information and the source site information;
based on a preset abnormality detection mode, carrying out abnormality detection on the interface calling sequence, and determining whether the interface calling sequence is abnormal or not according to a detection result;
and if not, processing the HTTP request to be processed.
According to another aspect of the present invention, there is provided a request processing apparatus. The device comprises:
the information acquisition module is used for determining an HTTP request to be processed and acquiring request source information and source site information corresponding to the HTTP request to be processed;
the sequence generation module is used for generating an interface call sequence corresponding to the HTTP request to be processed based on the request source information and the source site information;
the sequence detection module is used for detecting the abnormality of the interface calling sequence based on a preset abnormality detection mode, and determining whether the interface calling sequence is abnormal or not according to a detection result;
and the request processing module is used for processing the HTTP request to be processed if not.
According to another aspect of the present invention, there is provided an electronic apparatus including:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the request processing method according to any one of the embodiments of the present invention.
According to another aspect of the present invention, there is provided a computer readable storage medium storing computer instructions for causing a processor to execute a request processing method according to any one of the embodiments of the present invention.
According to the technical scheme, the request source information and the source site information corresponding to the HTTP request to be processed are obtained by determining the HTTP request to be processed; generating an interface calling sequence corresponding to the HTTP request to be processed based on the request source information and the source site information; based on a preset abnormality detection mode, carrying out abnormality detection on the interface calling sequence, and determining whether the interface calling sequence is abnormal or not according to a detection result; and if not, processing the HTTP request to be processed. The technical scheme of the embodiment of the invention solves the technical problem that logic loopholes in the API communication process can not be found by using the specific characteristic values in the related technology, and realizes more efficient and reliable detection and processing of the HTTP request in the API communication process, thereby improving the API communication safety.
It should be understood that the description in this section is not intended to identify key or critical features of the embodiments of the invention or to delineate the scope of the invention. Other features of the present invention will become apparent from the description that follows.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flowchart of a request processing method according to a first embodiment of the present invention;
FIG. 2 is an exemplary diagram of an interface call relationship diagram for a request processing method according to an embodiment of the present invention;
FIG. 3 is a flowchart of a request processing method according to a second embodiment of the present invention;
fig. 4 is a flow chart of a request processing method according to a third embodiment of the present invention;
fig. 5 is a schematic structural diagram of a request processing device according to a fourth embodiment of the present invention;
fig. 6 is a schematic structural diagram of an electronic device according to a fifth embodiment of the present invention.
Detailed Description
In order that those skilled in the art will better understand the present invention, a technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present invention without making any inventive effort, shall fall within the scope of the present invention.
It is noted that the terms "comprises" and "comprising," and any variations thereof, in the description and claims of the present invention and in the foregoing figures, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed or inherent to such process, method, article, or apparatus.
It will be appreciated that the data (including but not limited to the data itself, the acquisition or use of the data) involved in the present technical solution should comply with the corresponding legal regulations and the requirements of the relevant regulations.
Example 1
Fig. 1 is a flow chart of a request processing method according to a first embodiment of the present invention, where the method may be applied to the case of detecting and processing an HTTP request in an API communication process, and the method may be performed by a request processing device, which may be implemented in hardware and/or software, and the request processing device may be configured in an electronic device such as a computer or a server.
As shown in fig. 1, the method of the present embodiment includes:
s110, determining an HTTP request to be processed, and acquiring request source information and source site information corresponding to the HTTP request to be processed.
The HTTP request to be processed may be understood as an HTTP request that needs to be processed currently in the API communication process. The source of the HTTP request to be processed may be a traffic network environment. In the embodiment of the invention, a request header of the HTTP request to be processed may include a request source field and a source site field. The request source field may be used to identify the request source information of the HTTP request during the API communication, i.e. the basic call logic used to identify the API. The request source information may be understood as source information of the HTTP request to be processed. The source site field may be used to identify source site information for HTTP requests during API communication, i.e., the basic call logic used to assist in identifying the API. The source site information may be understood as source site information of the HTTP request to be processed. In the embodiment of the invention, for cross-domain requests, the situation that the domain name and the request source are inconsistent can exist in the request header, and in order to more accurately and effectively identify the basic calling logic of the API, the basic calling logic of the API can be assisted by setting the source site field.
In the embodiment of the invention, the HTTP request needing to be processed in the service network environment can be determined as the HTTP request to be processed. And further, according to the request structure of the to-be-processed HTTP request, a request header of the to-be-processed HTTP request may be determined. So that request header information of the request header can be acquired. And further, according to the request header information, request source information and source site information corresponding to the HTTP request to be processed can be obtained.
It should be noted that, in the embodiment of the present invention, the service network environment includes a plaintext service flow, and by performing flow analysis, protocol analysis and session restoration processing on the plaintext service flow, an HTTP flow in the service network environment may be analyzed, so as to obtain an HTTP request. It should be further noted that, in the service network environment, a switch is included, where the switch is configured with a traffic port mirror and a certificate offload setting, so as to obtain the plain text service traffic.
And S120, generating an interface call sequence corresponding to the HTTP request to be processed based on the request source information and the source site information.
Wherein an interface call sequence may be understood as a sequence generated based on the request source information and the source site information.
In the embodiment of the present invention, the generating, based on the request source information and the source site information, an interface call sequence corresponding to the HTTP request to be processed may include: and based on a preset data structure, combining the request source information and the source site information to obtain a combined sequence, and taking the combined sequence as an interface calling sequence corresponding to the HTTP request to be processed.
The preset data structure may be understood as a preset data structure for combining the request source information and the source site information.
Specifically, a data structure for combining the request source information and the source site information, that is, a data structure of a preset interface call sequence, is preset. Based on a preset data structure, the request source information and the source site information can be subjected to information combination processing according to the preset data structure. Thus, a combined sequence can be obtained. At this time, the sequence which can be combined is used as an interface calling sequence corresponding to the HTTP request to be processed.
S130, based on a preset abnormality detection mode, performing abnormality detection on the interface calling sequence, and determining whether the interface calling sequence is abnormal or not according to a detection result.
The preset exception detection mode can be understood as a preset mode for detecting the exception of the interface call sequence, and can be used for detecting the logic loopholes of the API. The detection results may include anomalies and non-anomalies.
Specifically, after the interface call sequence is obtained, the interface call sequence may be subjected to abnormality detection based on a preset abnormality detection mode. So that a detection result can be obtained. After the detection result is obtained, whether the interface call sequence is abnormal or not can be determined according to the detection result.
And S140, if not, processing the HTTP request to be processed.
Specifically, if the detection result is non-abnormal, it may be characterized that the interface call sequence has no abnormality. At this time, the HTTP request to be processed may be processed.
In the embodiment of the invention, the method may further include: under the condition that the interface calling sequence is determined to be abnormal according to the detection result, the HTTP request to be processed can be intercepted, abnormal prompt information aiming at the HTTP request to be processed is generated, and the abnormal prompt information is displayed.
The abnormality prompting information can be understood as information for performing abnormality prompting, which is generated when it is determined that the interface call sequence is abnormal according to the detection result. The exception hint information may include request information for an HTTP request.
Specifically, under the condition that the interface calling sequence is determined to be abnormal according to the detection result, the HTTP request to be processed can be intercepted, and abnormal prompt information aiming at the HTTP request to be processed is generated. And the abnormal prompt information can be displayed in a preset prompt mode. The preset prompting mode can be set according to actual requirements, and is not limited in this regard, for example, at least one of a text prompt, a warning icon prompt and a voice prompt.
In the embodiment of the invention, the method may further include: and generating an interface call relation graph based on the interface call sequence and displaying the interface call relation graph under the condition that the interface call sequence is not abnormal.
The interface call relation graph can be understood as a relation graph which is generated based on an interface call sequence and used for showing call between interfaces.
Specifically, under the condition that the interface call sequence is not abnormal, the interface call sequence can be analyzed, so that at least one interface in the interface sequence can be determined. In the case where the number of interfaces is one, a node map for the interfaces may be generated as an interface call relationship map. When the number of the interfaces is plural, each interface can be used as an independent node to connect the nodes according to the call relationship between the interfaces. So that an interface call relationship diagram (see fig. 2) can be obtained. After the interface call relation diagram is obtained, the interface call relation diagram can be displayed.
Optionally, the generating an interface call relationship graph based on the interface call sequence may include: and generating a front-end page relation diagram based on the interface call sequence, and generating an interface call relation diagram based on the front-end page relation diagram.
Specifically, based on the interface calling sequence, at least one front-end website corresponding to the interface calling sequence is determined. And further, a front-end page relationship graph can be generated based on the at least one front-end web address. And then an interface call relation diagram can be constructed according to the front-end page relation diagram.
In the implementation of the invention, a single node in the front-end page relation diagram is a front-end website. The connection between nodes may be an association between front-end websites. For example, the association may jump from the first web site to the second web site; alternatively, the second web site may be returned to the first web site.
In the embodiment of the invention, an interface call relation diagram is constructed according to a front-end page relation diagram, specifically, for each node in the front-end page relation diagram, node information of the node is obtained, that is, a front-end website corresponding to the node is obtained. And extracting interface information from the front-end website. And then, an interface call relation graph can be generated based on the association relation of each node in the front-end page relation graph and the interface information corresponding to each node.
According to the technical scheme, the request source information and the source site information corresponding to the HTTP request to be processed are obtained by determining the HTTP request to be processed; generating an interface calling sequence corresponding to the HTTP request to be processed based on the request source information and the source site information; based on a preset abnormality detection mode, carrying out abnormality detection on the interface calling sequence, and determining whether the interface calling sequence is abnormal or not according to a detection result; and if not, processing the HTTP request to be processed. The technical scheme of the embodiment of the invention solves the technical problem that logic loopholes in the API communication process can not be found by using the specific characteristic values in the related technology, and realizes more efficient and reliable detection and processing of the HTTP request in the API communication process, thereby improving the API communication safety.
Example two
Fig. 3 is a flow chart of a request processing method according to a second embodiment of the present invention, on the basis of the foregoing embodiment, optionally, based on a preset anomaly detection manner, performing anomaly detection on the interface call sequence, and determining whether the interface call sequence has an anomaly according to a detection result, where the method includes: inputting the interface calling sequence to a preset detection model to obtain a model output result, and determining whether the interface calling sequence is abnormal or not based on the model output result; the preset detection model is a deep learning model which is trained based on a sample interface calling sequence and an expected label corresponding to the sample interface calling sequence. The technical features that are the same as or similar to those of the above embodiments are not described herein.
As shown in fig. 3, the method in this embodiment specifically includes:
s210, determining an HTTP request to be processed, and acquiring request source information and source site information corresponding to the HTTP request to be processed.
S220, based on the request source information and the source site information, generating an interface call sequence corresponding to the HTTP request to be processed.
S230, inputting the interface calling sequence into a preset detection model to obtain a model output result, and determining whether the interface calling sequence is abnormal or not based on the model output result.
The preset detection model may be a deep learning model trained based on a sample interface calling sequence and an expected label corresponding to the sample interface calling sequence. The expected label sample interface call sequence can be an expected output result after the sample interface call sequence is input into a preset detection model. The model output result can be understood as an actual output result obtained after the interface calling sequence is input into a preset detection model.
Specifically, after the interface call sequence corresponding to the HTTP request to be processed is obtained, the interface call sequence may be input to a preset detection model. Thus, a model output result can be obtained. And then, according to the model output result, whether the interface calling sequence is abnormal or not can be determined.
In the embodiment of the present invention, the manner of obtaining the preset detection model may be to construct an initial network model in advance. And inputting the sample interface calling sequence into the initial network model to obtain an actual output result. And taking the expected label corresponding to the sample interface calling sequence as an expected output result. And further, based on the actual output result and the expected output result, network parameters of the initial network model can be adjusted to obtain a preset detection model.
According to the method and the device for identifying and detecting the interface call sequence, the interface call sequence can be identified and detected more quickly and accurately by using the preset detection model, the fact that the interface call sequence is detected for a long time is avoided, and the processing efficiency of the HTTP request is improved.
S240, if not, processing the HTTP request to be processed.
According to the technical scheme, the interface calling sequence is input into a preset detection model to obtain a model output result, and whether the interface calling sequence is abnormal or not is determined based on the model output result; the preset detection model is a deep learning model which is obtained based on a sample interface calling sequence and expected labels corresponding to the sample interface calling sequence, and the function of detecting HTTP requests in the API communication process in a relatively efficient and reliable mode is achieved.
Example III
Fig. 4 is a flow chart of a request processing method according to a third embodiment of the present invention, on the basis of the foregoing embodiment, optionally, the performing anomaly detection on the interface call sequence based on a preset anomaly detection manner, and determining whether the interface call sequence has an anomaly according to a detection result includes: if the to-be-processed HTTP request is not detected again or the to-be-processed HTTP request is detected again and the time interval between the two to-be-processed HTTP requests is larger than a preset interval, determining that the interface calling sequence is abnormal; and if the to-be-processed HTTP request is detected again and the time interval between the two to-be-processed HTTP requests is smaller than the preset interval, determining that the interface call sequence is not abnormal. The technical features that are the same as or similar to those of the above embodiments are not described herein.
As shown in fig. 4, the method in this embodiment specifically includes:
s310, determining a to-be-processed HTTP request, and acquiring request source information and source site information corresponding to the to-be-processed HTTP request.
S320, based on the request source information and the source site information, generating an interface call sequence corresponding to the HTTP request to be processed.
S330, if the to-be-processed HTTP request is not detected again or the to-be-processed HTTP request is detected again and the time interval between the two to-be-processed HTTP requests is larger than a preset interval, determining that the interface call sequence is abnormal.
The preset interval may be set according to actual requirements, and is not specifically limited herein, for example, 10ms, 100ms, 1s, or the like.
Specifically, if the HTTP request to be processed is not detected again, it may be determined that an abnormality exists in an interface call sequence corresponding to the request to be processed; or if the to-be-processed HTTP request is detected again and the time interval between the two to-be-processed HTTP requests is larger than the preset interval, determining that the interface call sequence corresponding to the to-be-processed request is abnormal.
For example, the HTTP request to be processed is detected again, and the time interval between two HTTP requests to be processed is greater than the preset interval, which may be that when 20ms after the HTTP request of a certain service is currently received, the HTTP request for the certain service is received again.
And S340, if the HTTP request to be processed is detected again and the time interval between the two HTTP requests to be processed is smaller than the preset interval, determining that the interface calling sequence is not abnormal.
Specifically, when the HTTP request to be processed is currently received, a first receiving time of the HTTP request to be processed that is currently received may be determined. When the HTTP request belonging to the same service as the HTTP request to be processed is received again after the HTTP request to be processed is received, a second receiving time of the HTTP request received again may be determined. Further, a time interval between the first receiving time and the second receiving time, i.e. a time interval of two pending HTTP requests, may be calculated. Further, the time interval may be compared with a preset interval. And under the condition that the time interval is smaller than a preset interval, determining that the interface call sequence is not abnormal.
S350, processing the HTTP request to be processed under the condition that the interface calling sequence is determined to be not abnormal.
It should be noted that, if the to-be-processed HTTP request is detected again and the time interval between the two to-be-processed HTTP requests is smaller than the preset interval, after determining that the interface calling sequence is not abnormal, the interface calling sequence may also be input to a preset detection model to obtain a model output result, and further, based on the model output result, it is determined whether the interface calling sequence is abnormal, so that accuracy and reliability of the interface calling sequence may be improved.
According to the technical scheme, if the to-be-processed HTTP request is not detected again or the to-be-processed HTTP request is detected again and the time interval between the two to-be-processed HTTP requests is larger than the preset interval, the interface calling sequence is determined to be abnormal; if the HTTP request to be processed is detected again and the time interval between the two HTTP requests to be processed is smaller than the preset interval, the fact that the interface calling sequence is not abnormal is determined, and the function of detecting the HTTP requests in the API communication process is achieved conveniently and rapidly.
Example IV
Fig. 5 is a schematic structural diagram of a request processing device according to a fourth embodiment of the present invention. As shown in fig. 5, the apparatus includes: an information acquisition module 410, a sequence generation module 420, a sequence detection module 430, and a request processing module 440.
The information obtaining module 410 is configured to determine an HTTP request to be processed, and obtain request source information and source site information corresponding to the HTTP request to be processed; a sequence generating module 420, configured to generate an interface call sequence corresponding to the HTTP request to be processed based on the request source information and the source site information; the sequence detection module 430 is configured to perform anomaly detection on the interface call sequence based on a preset anomaly detection manner, and determine whether the interface call sequence has an anomaly according to a detection result; and the request processing module 440 is configured to process the HTTP request to be processed if not.
According to the technical scheme, an information acquisition module is used for determining an HTTP request to be processed, and request source information and source site information corresponding to the HTTP request to be processed are acquired; the sequence generation module generates an interface call sequence corresponding to the HTTP request to be processed based on the request source information and the source site information; the sequence detection module is used for detecting the abnormality of the interface calling sequence based on a preset abnormality detection mode, and determining whether the interface calling sequence is abnormal or not according to a detection result; and if not, the request processing module processes the HTTP request to be processed. The technical scheme of the embodiment of the invention solves the technical problem that logic loopholes in the API communication process can not be found by using the specific characteristic values in the related technology, and realizes more efficient and reliable detection and processing of the HTTP request in the API communication process, thereby improving the API communication safety.
Optionally, the sequence detection module 430 is specifically configured to:
inputting the interface calling sequence to a preset detection model to obtain a model output result, and determining whether the interface calling sequence is abnormal or not based on the model output result;
the preset detection model is a deep learning model which is trained based on a sample interface calling sequence and an expected label corresponding to the sample interface calling sequence.
Optionally, the sequence detection module 430 is specifically configured to:
if the to-be-processed HTTP request is not detected again or the to-be-processed HTTP request is detected again and the time interval between the two to-be-processed HTTP requests is larger than a preset interval, determining that the interface calling sequence is abnormal;
and if the to-be-processed HTTP request is detected again and the time interval between the two to-be-processed HTTP requests is smaller than the preset interval, determining that the interface call sequence is not abnormal.
Optionally, the device further comprises an interface call relation diagram generating module; the interface call relation diagram generation module is used for:
and generating an interface call relation graph based on the interface call sequence and displaying the interface call relation graph under the condition that the interface call sequence is not abnormal.
Optionally, the interface invokes the relationship graph generating module to:
and generating a front-end page relation diagram based on the interface call sequence, and generating an interface call relation diagram based on the front-end page relation diagram.
Optionally, the device further comprises a prompt information generation module; the prompt information generation module is used for:
under the condition that the interface calling sequence is determined to be abnormal according to the detection result, intercepting the HTTP request to be processed, generating abnormal prompt information aiming at the HTTP request to be processed, and displaying the abnormal prompt information.
Optionally, the sequence generating module 420 is specifically configured to:
and based on a preset data structure, combining the request source information and the source site information to obtain a combined sequence, and taking the combined sequence as an interface calling sequence corresponding to the HTTP request to be processed.
The request processing device provided by the embodiment of the invention can execute the request processing method provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method.
It should be noted that, each unit and module included in the request processing apparatus are only divided according to the functional logic, but not limited to the above division, so long as the corresponding function can be implemented; in addition, the specific names of the functional units are also only for distinguishing from each other, and are not used to limit the protection scope of the embodiments of the present invention.
Example five
Fig. 6 shows a schematic diagram of the structure of an electronic device 10 that may be used to implement an embodiment of the invention. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. Electronic equipment may also represent various forms of mobile devices, such as personal digital processing, cellular telephones, smartphones, wearable devices (e.g., helmets, glasses, watches, etc.), and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the inventions described and/or claimed herein.
As shown in fig. 6, the electronic device 10 includes at least one processor 11, and a memory, such as a Read Only Memory (ROM) 12, a Random Access Memory (RAM) 13, etc., communicatively connected to the at least one processor 11, in which the memory stores a computer program executable by the at least one processor, and the processor 11 may perform various appropriate actions and processes according to the computer program stored in the Read Only Memory (ROM) 12 or the computer program loaded from the storage unit 18 into the Random Access Memory (RAM) 13. In the RAM 13, various programs and data required for the operation of the electronic device 10 may also be stored. The processor 11, the ROM 12 and the RAM 13 are connected to each other via a bus 14. An input/output (I/O) interface 15 is also connected to bus 14.
Various components in the electronic device 10 are connected to the I/O interface 15, including: an input unit 16 such as a keyboard, a mouse, etc.; an output unit 17 such as various types of displays, speakers, and the like; a storage unit 18 such as a magnetic disk, an optical disk, or the like; and a communication unit 19 such as a network card, modem, wireless communication transceiver, etc. The communication unit 19 allows the electronic device 10 to exchange information/data with other devices via a computer network, such as the internet, and/or various telecommunication networks.
The processor 11 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of processor 11 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various processors running machine learning model algorithms, digital Signal Processors (DSPs), and any suitable processor, controller, microcontroller, etc. The processor 11 performs the respective methods and processes described above, such as a request processing method.
In some embodiments, the request processing method may be implemented as a computer program tangibly embodied on a computer-readable storage medium, such as the storage unit 18. In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 10 via the ROM 12 and/or the communication unit 19. When the computer program is loaded into RAM 13 and executed by processor 11, one or more steps of the request processing method described above may be performed. Alternatively, in other embodiments, the processor 11 may be configured to perform the request processing method in any other suitable way (e.g., by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuit systems, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), systems On Chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs, the one or more computer programs may be executed and/or interpreted on a programmable system including at least one programmable processor, which may be a special purpose or general-purpose programmable processor, that may receive data and instructions from, and transmit data and instructions to, a storage system, at least one input device, and at least one output device.
A computer program for carrying out methods of the present invention may be written in any combination of one or more programming languages. These computer programs may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the computer programs, when executed by the processor, cause the functions/acts specified in the flowchart and/or block diagram block or blocks to be implemented. The computer program may execute entirely on the machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of the present invention, a computer-readable storage medium may be a tangible medium that can contain, or store a computer program for use by or in connection with an instruction execution system, apparatus, or device. The computer readable storage medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. Alternatively, the computer readable storage medium may be a machine readable signal medium. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on an electronic device having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) through which a user can provide input to the electronic device. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user may be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic input, speech input, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a background component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such background, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), blockchain networks, and the internet.
The computing system may include clients and servers. The client and server are typically remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server can be a cloud server, also called a cloud computing server or a cloud host, and is a host product in a cloud computing service system, so that the defects of high management difficulty and weak service expansibility in the traditional physical hosts and VPS service are overcome.
It should be appreciated that various forms of the flows shown above may be used to reorder, add, or delete steps. For example, the steps described in the present invention may be performed in parallel, sequentially, or in a different order, so long as the desired results of the technical solution of the present invention are achieved, and the present invention is not limited herein.
The above embodiments do not limit the scope of the present invention. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives are possible, depending on design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included in the scope of the present invention.
Claims (10)
1. A method of processing a request, comprising:
determining an HTTP request to be processed, and acquiring request source information and source site information corresponding to the HTTP request to be processed;
generating an interface calling sequence corresponding to the HTTP request to be processed based on the request source information and the source site information;
based on a preset abnormality detection mode, carrying out abnormality detection on the interface calling sequence, and determining whether the interface calling sequence is abnormal or not according to a detection result;
and if not, processing the HTTP request to be processed.
2. The method according to claim 1, wherein the detecting the abnormality of the interface call sequence based on the preset abnormality detection mode, determining whether the interface call sequence has an abnormality according to the detection result, includes:
inputting the interface calling sequence to a preset detection model to obtain a model output result, and determining whether the interface calling sequence is abnormal or not based on the model output result;
the preset detection model is a deep learning model which is trained based on a sample interface calling sequence and an expected label corresponding to the sample interface calling sequence.
3. The method according to claim 1, wherein the detecting the abnormality of the interface call sequence based on the preset abnormality detection mode, determining whether the interface call sequence has an abnormality according to the detection result, includes:
if the to-be-processed HTTP request is not detected again or the to-be-processed HTTP request is detected again and the time interval between the two to-be-processed HTTP requests is larger than a preset interval, determining that the interface calling sequence is abnormal;
and if the to-be-processed HTTP request is detected again and the time interval between the two to-be-processed HTTP requests is smaller than the preset interval, determining that the interface call sequence is not abnormal.
4. The method according to claim 1, wherein the method further comprises:
and generating an interface call relation graph based on the interface call sequence and displaying the interface call relation graph under the condition that the interface call sequence is not abnormal.
5. The method of claim 4, wherein generating an interface call relationship graph based on the interface call sequence comprises:
and generating a front-end page relation diagram based on the interface call sequence, and generating an interface call relation diagram based on the front-end page relation diagram.
6. The method according to claim 1, wherein the method further comprises:
under the condition that the interface calling sequence is determined to be abnormal according to the detection result, intercepting the HTTP request to be processed, generating abnormal prompt information aiming at the HTTP request to be processed, and displaying the abnormal prompt information.
7. The method of claim 1, wherein generating an interface call sequence corresponding to the pending HTTP request based on the request source information and the source site information comprises:
and based on a preset data structure, combining the request source information and the source site information to obtain a combined sequence, and taking the combined sequence as an interface calling sequence corresponding to the HTTP request to be processed.
8. A request processing apparatus, comprising:
the information acquisition module is used for determining an HTTP request to be processed and acquiring request source information and source site information corresponding to the HTTP request to be processed;
the sequence generation module is used for generating an interface call sequence corresponding to the HTTP request to be processed based on the request source information and the source site information;
the sequence detection module is used for detecting the abnormality of the interface calling sequence based on a preset abnormality detection mode, and determining whether the interface calling sequence is abnormal or not according to a detection result;
and the request processing module is used for processing the HTTP request to be processed if not.
9. An electronic device, the electronic device comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the request processing method of any one of claims 1-7.
10. A computer readable storage medium storing computer instructions for causing a processor to perform the request processing method of any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311585270.9A CN117596047A (en) | 2023-11-24 | 2023-11-24 | Request processing method, request processing device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311585270.9A CN117596047A (en) | 2023-11-24 | 2023-11-24 | Request processing method, request processing device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117596047A true CN117596047A (en) | 2024-02-23 |
Family
ID=89919603
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311585270.9A Pending CN117596047A (en) | 2023-11-24 | 2023-11-24 | Request processing method, request processing device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117596047A (en) |
-
2023
- 2023-11-24 CN CN202311585270.9A patent/CN117596047A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112953938B (en) | Network attack defense method, device, electronic equipment and readable storage medium | |
| CN116010220A (en) | Alarm diagnosis method, device, equipment and storage medium | |
| CN113641544B (en) | Method, apparatus, device, medium and product for detecting application state | |
| CN115687406B (en) | Sampling method, device, equipment and storage medium for call chain data | |
| CN116545905A (en) | Service health detection method and device, electronic equipment and storage medium | |
| CN116561179A (en) | Data query method, device, equipment and program product | |
| CN108390770B (en) | Information generation method and device and server | |
| CN117596047A (en) | Request processing method, request processing device, electronic equipment and storage medium | |
| CN116450176A (en) | Version updating method and device, electronic equipment and storage medium | |
| CN112769595B (en) | Abnormality detection method, abnormality detection device, electronic device, and readable storage medium | |
| CN114598524B (en) | Method, device, equipment and storage medium for detecting agent tool | |
| CN116340097A (en) | Method, device, equipment and storage medium for processing abnormal information | |
| CN117395071B (en) | Abnormality detection method, abnormality detection device, abnormality detection equipment and storage medium | |
| CN113836509B (en) | Information acquisition method, device, electronic equipment and storage medium | |
| CN115859349B (en) | Data desensitization method and device, electronic equipment and storage medium | |
| CN113591088B (en) | Identification recognition method and device and electronic equipment | |
| CN117251769B (en) | Abnormal data identification method, device, equipment and medium based on monitoring component | |
| CN117609801A (en) | Data comparison method, device, equipment and medium | |
| CN116781572A (en) | Service availability detection method, device, equipment and storage medium | |
| CN118041604A (en) | Network proxy detection method and device, electronic equipment and storage medium | |
| CN117729005A (en) | Network asset mapping method | |
| CN117714182A (en) | Data security access method, device and storage medium | |
| CN116185240A (en) | Information interaction method and device | |
| CN115774878A (en) | Request processing method and device, electronic equipment and storage medium | |
| CN117453747A (en) | Data quality detection method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |