CN-121980574-A - API safety detection method and system based on plug-in architecture

Abstract

The invention relates to the technical field of network security, in particular to an API security detection method and system based on a plug-in architecture, which realize dynamic loading and life cycle management of various functional plug-ins by constructing a universal detection framework and utilizing a plug-in management module; the detection task scheduling module intelligently generates an optimal plug-in execution sequence by adopting a weighted directed acyclic graph-based topological ordering algorithm according to API features and task requirements, and the detection engine module coordinates each plug-in to execute safety detection according to the execution sequence and gathers analysis results, wherein specific detection logic is realized by adopting a multi-level matching mechanism of combining a rule engine with machine learning in each plug-in. According to the method, decoupling of the detection capability and the main program is realized through the standardized plug-in interface, dynamic self-adaptive detection and intelligent plug-in dynamic combination are supported, the expansibility, flexibility and accuracy of API safety detection are improved, and the problems of poor expansibility, low detection efficiency and high false alarm rate in the prior art are solved.

Inventors

• WANG LIN
• ZHANG YUCHEN

Assignees

• 深圳市石犀科技有限公司

Dates

Publication Date

20260505

Application Date

20260407

Claims (8)

1. 1. The API safety detection method based on the plug-in architecture is characterized by comprising the following steps of: Step S1, constructing a plug-in management module for managing a plurality of functional plug-ins, wherein each functional plug-in realizes a unified plug-in interface and focuses on detecting the API security vulnerabilities of specific types; step S2, a detection task scheduling module receives an API detection task, analyzes metadata of a target API to construct an API feature model, matches API features with plugin capabilities based on a preset rule base, and generates an optimal plugin execution sequence according to a dependency relationship among plugins and task priorities; Step S3, the detection engine module sequentially calls corresponding functional plug-ins to carry out safety detection on the target API according to the optimal plug-in execution sequence, and receives detection results returned by the plug-ins; and S4, the detection engine module gathers and analyzes all detection results, generates an API safety detection report and outputs the API safety detection report.
2. 2. The method according to claim 1, wherein the generating the optimal plug-in execution sequence in step S2 specifically comprises: S21, constructing a plug-in dependency graph based on dependency relationships declared by each plug-in, wherein the dependency relationships comprise strong dependency, weak dependency and mutual exclusion dependency; Step S22, calculating the execution priority of each plug-in by adopting a multi-factor weighted scoring formula, wherein the formula is as follows: Priority=w 1 *RiskLevel+w 2 *TaskUrgency+w 3 *CoverageScore-w 4 *ResourceCost RISKLEVEL is the risk level of the plug-in for detecting the threat, taskUrgency is the task emergency degree, coverageScore is the coverage of the plug-in to the current API characteristics, resourceCost is the resource consumption coefficient, and w 1 to w 4 are preset weights; And S23, generating the optimal plug-in execution sequence by adopting a topological sorting algorithm based on the plug-in dependency graph and the execution priority.
3. 3. The method of claim 1, wherein the API feature model is constructed based on multi-dimensional features extracted from the target API, the multi-dimensional features including request base features, parameter features, authentication features, data features, and behavior features, and wherein the detection task scheduling module is further configured to dynamically adjust plug-in execution sequences and resource allocation during detection based on API behavior changes and detection progress.
4. 4. The method of claim 1, wherein the security detection is implemented by a multi-level matching mechanism of "rule engine+machine learning" inside the functional plug-in, wherein the multi-level matching mechanism comprises firstly performing accurate matching by using a rule engine through a predefined detection rule, and then inputting the extracted API features into a pre-trained machine learning model for intelligent research and judgment for a complex scene.
5. 5. The method of claim 1, wherein the unified plug-in interface comprises at least an initialization interface for performing an initialization operation when a plug-in is loaded, a detection interface for implementing specific security detection logic and returning a detection result, and a cleaning interface for releasing resources when the plug-in is unloaded.
6. 6. An API security detection system based on a plug-in architecture, comprising: the plug-in management module is used for managing a plurality of functional plug-ins, and each functional plug-in realizes a unified plug-in interface and is focused on detecting the API security vulnerabilities of specific types; The detection task scheduling module is used for receiving the API detection task, analyzing the metadata of the target API to construct an API feature model, matching the API feature with the plugin capacity based on a preset rule base, and generating an optimal plugin execution sequence according to the dependency relationship among plugins and the task priority; The detection engine module is used for sequentially calling corresponding functional plugins to carry out safety detection on the target API according to the optimal plugin execution sequence and receiving detection results returned by each plugin; and the result output module is used for outputting the API safety detection report in a standardized way.
7. 7. The system of claim 6, wherein the plug-in management module is specifically configured to traverse a specified plug-in directory, read a description file of each plug-in, register and load plug-ins conforming to specifications, and build a plug-in metadata information base, and execute plug-in uninstallation and version update according to metadata information, and automatically process dependency relationships between plug-ins.
8. 8. A computer readable storage medium, on which a computer program is stored, characterized in that the program, when being executed by a processor, implements the steps of the method according to any one of claims 1 to 5.

Description

API safety detection method and system based on plug-in architecture Technical Field The invention relates to the technical field of network security, in particular to an API security detection method and system based on a plug-in architecture. Background With the rapid development of information technology, application Programming Interfaces (APIs) play a vital role in modern software systems. However, the widespread use of APIs has also made them a major goal of network attacks, with an increasing number of security attack events against APIs. Currently, common API security detection techniques mainly include the following types: 1. The detection technology based on the blacklist mainly relies on maintaining a blacklist library with known malicious request characteristics, and compares the received API request with the characteristics in the blacklist. The technology needs a large amount of manpower to maintain the blacklist, is difficult to cover novel attack means, and has high report missing rate. 2. Intercepting retransmission class detection tools such as BurpSuite, yakit, etc., intercept HTTP requests by starting a network proxy, allowing testers to retransmit after modification. The tool has low test efficiency when facing a large number of interfaces, cannot perform concurrent test, and the test load may damage a service system, so that report readability is poor. 3. An active detection class tool, such as SQLMap, appScan, AWVS, actively initiates security tests on specified URLs or APIs. The tool has high false alarm rate, insufficient processing capacity for complex request data, high resource consumption and fewer detectable loopholes. 4. Passive detection class tools traditional Intrusion Detection Systems (IDS) conduct automated security testing by monitoring network traffic in real time. However, in HTTP REST API scenarios widely applied in micro-service architecture, the tools have obvious insufficient adaptation, and are difficult to meet the requirement of fine security detection. In summary, the existing API security detection technology cannot meet the increasing security detection requirements, so for the above situation, development of a method and a system for API security detection based on a plug-in architecture is urgently needed to overcome the shortcomings in the current practical application. Disclosure of Invention The invention aims to provide an API safety detection method and system based on a plug-in architecture, which are used for solving the problems in the background technology. In order to achieve the above purpose, the present invention provides the following technical solutions: an API safety detection method based on a plug-in architecture comprises the following steps: Step S1, constructing a plug-in management module for managing a plurality of functional plug-ins, wherein each functional plug-in realizes a unified plug-in interface and focuses on detecting the API security vulnerabilities of specific types; step S2, a detection task scheduling module receives an API detection task, analyzes metadata of a target API to construct an API feature model, matches API features with plugin capabilities based on a preset rule base, and generates an optimal plugin execution sequence according to a dependency relationship among plugins and task priorities; Step S3, the detection engine module sequentially calls corresponding functional plug-ins to carry out safety detection on the target API according to the optimal plug-in execution sequence, and receives detection results returned by the plug-ins; and S4, the detection engine module gathers and analyzes all detection results, generates an API safety detection report and outputs the API safety detection report. The step S2 of generating the optimal plug-in execution sequence specifically comprises the following steps: S21, constructing a plug-in dependency graph based on dependency relationships declared by each plug-in, wherein the dependency relationships comprise strong dependency, weak dependency and mutual exclusion dependency; Step S22, calculating the execution priority of each plug-in by adopting a multi-factor weighted scoring formula, wherein the formula is as follows: Priority=w1*RiskLevel+w2*TaskUrgency+w3*CoverageScore-w4*ResourceCost RISKLEVEL is the risk level (1-10 minutes) of the plug-in detection threat, taskUrgency is the task emergency degree (fast scan=3, normal detection=5, depth detection=8), coverageScore is the coverage of the plug-in on the current API characteristics, resourceCost is the resource consumption coefficient, and w 1 to w 4 are preset weights; And S23, generating the optimal plug-in execution sequence by adopting a topological sorting algorithm based on the plug-in dependency graph and the execution priority. The method comprises the steps of establishing an API feature model based on multi-dimensional features extracted from a target API, wherein the multi-dimensional features compr