检索结果-内蒙古大学图书馆

An api security Framework for IoT-Enabled Healthcare System with the Application Blockchain-Based Smart Contract

SN Computer Science 2024年第8期5卷 1044页

作者： Kumar, Sandeep Shaw, Dilip Kumar Department of CSE National Institute of Technology Jharkhand Jamshedpur 831014 India

Healthcare (HC) systems must address the security, privacy, and trust issues due to the rapid advancements in technological *** visualizing these concepts, there are different approaches. However, they are inefficient owing to unsecured Application Programming Interfaces (apis), unauthorized data access, cryptanalysis attacks, etc. To tackle these security issues, a scheme that enables api security and data filtering mechanisms to prevent illegitimate actions in the HC system is proposed in this paper. Primarily, in the registration phase, a nominee is elected by each patient for data access in an emergency situation. Afterward, by utilizing the Empirical Resampling based Elliptic Curve Cryptography(ER-ECC) technique, the patient data collected from data sensing are securely stored. In the meantime, a Halving Grid Search-based Argon2 (HGS-A2)-based hashed smart contract is created between doctor and patient. Then, the hashed contract isshared with the nominee and stored in the Blockchain (BC). Authorization is done by matching hashed smart contract while accessing the data. After that, by utilizing the Elliot Symmetric Activation-based Long Short Term Memory (ESA-LSTM), the data filtering layer returns filtered data under the access request. After data downloading, the key update instruction was received for updating new keys for data encryption. During the whole process, by using the Xored-Hills Cipher(XHC) technique, the api security for each step is established. Lastly, the experimental outcomes exhibited that the proposed system attains a higher level of security when contrasted with the existing approaches. © The Author(s), under exclusive licence to Springer Nature Singapore Pte Ltd. 2024.

关键词： api security Elliot symmetric activation based long short term memory (ESA-LSTM) Empirical resampling based elliptic curve cryptography (ER-ECC) Halving grid search based Argon2 (HGS-A2) XoRed-Hills Cipher (XHC)

来源：评论

学校读者我要写书评

暂无评论

Research Towards Key Issues of api security 18th

Research Towards Key Issues of API Security

引用

18th Annual Conference on China Cyber security (CNCERT)

作者： Sun, Ronghua Wang, Qianxun Guo, Liang Data Star Observ Technol Co Ltd Beijing Peoples R China

ISBN: (纸本)9789811692291;9789811692284

With the mass application of virtualization, micro-services, and cloud-native technologies, the interaction between service entities through apis has become a norm. Many platforms are still maintaining a large number of old apis due to business needs. At the same time, many new apis are gradually going online. Both of these statuses put forward higher requirements for api security. Focusing on old apis' security protection and other issues, this article starts from the process of asset discovery, vulnerability detection, and security auditing. Aiming at the problem of api asset discovery, this article summarizes the technical methods of automatically clustering unowned api assets using the characteristics of various commonly used apis. Aiming at new api vulnerability detection, a security analysis method based on finite state machine is proposed. For the first time, the cross-network communication taint propagation based on dynamic taint analysis technology and system-level simulation technology is realized, enabling sensitive data flow tracing in api communication become feasible. We designed a flowbased api security audit system to improve automated api protection. Finally, We analyzed technical opportunities and challenges of api security in detail and prospected for api security research's next direction and development trend.

关键词： api security Asset discovery Vulnerability detection

来源：评论

学校读者我要写书评

暂无评论

Web api security Vulnerabilities and Mitigation Mechanisms: A Systematic Mapping Study 9

Web API Security Vulnerabilities and Mitigation Mechanisms: ...

引用

9th International Conference in Software Engineering Research and Innovation (CONISOFT)

作者： Alejandro Diaz-Rojas, Josue Octavio Ocharan-Hernandez, Jorge Carlos Perez-Arriaga, Juan Limon, Xavier Univ Veracruzana Sch Stat & Informat Xalapa Veracruz Mexico

ISBN: (纸本)9781665443616

The growth of the web over the last couple of decades opened the door for the creation of an increasing number of web-based software systems. This change brought the need for new software solutions to establish communication between distributed software entities. One of the adopted solutions was web apis;however, their appearance brought with itself new challenges that need to be solved. Among these new challenges, we find the necessity to protect the api at a design level from attacks by malicious users, in other words, making the api secure by design. This task is not trivial, and to be able to perform it effectively, it is necessary to know the vulnerabilities which apis are commonly exposed to, alongside the mechanisms which exist to defend against them. The objective of this systematic mapping study is to gather the existing scientific knowledge about security threats that a web api faces, alongside design-level mechanisms for detecting, resisting, reacting, and recovering from attacks. Our results discovered 66 threats described in the literature. We observed that the most reported threats are those related to Spoofing and Tampering, both mostly related to the network traffic the api interacts with. In contrast, the least reported threats are those related to repudiation. We identified 21 techniques, 11 patterns and 34 methods that can be employed at a design level to detect, resist, react to or recover from these threats.

关键词： Web api design security Web api api security Systematic mapping study

来源：评论

学校读者我要写书评

暂无评论

The Application of RNN-based api Data security Detection in Government Cloud Service 10

The Application of RNN-based API Data Security Detection in ...

引用

10th International Conference on Advanced Cloud and Big Data (CBD)

作者： Wen, Jing Tan, Chaohong Chen, Jining Zhao, Qin Li, Sen Zhou, Fei Guangxi Zhuang Autonomous Reg Informat Ctr Joint Innovat Lab Digital GuangXi Smart Infrastru Nanning Peoples R China

ISBN: (纸本)9798350309713

As the government has accelerated the transition to the public service-oriented government and deepened smart government affairs, the electronic government model based on cloud computing has gradually become an important foundation for improving the efficiency of government service and strengthening the government's own construction. Electronic government uses Application Programming Interface (api) to provide user interfaces and manage business communication, resulting in more and more government services exposed its business services through apis to government clouds. Therefore, the security of the government cloud has also become the main concern and key success factor. This paper proposes an api anomaly detection method based on Recurrent Neural Network(RNN). By extracting api call features and analyzing its security, this method can provide security protection for api-based business system, intelligently identify security risks from users and applications during operation and prevent hackers from invading.

关键词： Recurrent Neural Network api security Government Cloud

来源：评论

学校读者我要写书评

暂无评论

Intelligent Service Mesh Framework for api security and Management 10

Intelligent Service Mesh Framework for API Security and Mana...

引用

IEEE 10th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON)

作者： Hussain, Fatima Li, Weiyue Noye, Brett Sharieh, Salah Ferworn, Alexander Royal Bank Canada Toronto ON Canada Ryerson Univ Dept Comp Sci Toronto ON Canada

ISBN: (纸本)9781728125305

With the advancements in enterprise-level business development, the demand for new applications and services is *** the development and delivery of such applications and services, enterprise businesses rely on Application Programming Interfaces (apis). api management and classification is a cumbersome task considering the rapid increase in the number of apis, and api to api calls. api Mashups, domain apis and api service mesh are a few recommended techniques for ease of api creation, management, and monitoring. api service mesh is considered as one of the techniques in this regard, in which the service plane and the control plane are separated for improving efficiency as well as security. In this paper, we propose and implement a security framework for the creation of a secure api service mesh using Istio and Kubernetes. Afterwards, we propose an smart association model for automatic association of new apis to already existing categories of service mesh. To the best of our knowledge, this smart association model is the first of its kind.

关键词： api security Service Mesh Machine Learning enabled security

来源：评论

学校读者我要写书评

暂无评论

LLM-Driven, Self-Improving Framework for security Test Automation: Leveraging Karate DSL for Augmented api Resilience

引用

IEEE ACCESS 2025年 13卷 56861-56886页

作者： Pasca, Emil Marian Delinschi, Daniela Erdei, Rudolf Matei, Oliviu Tech Univ Cluj Napoca North Univ Ctr Baia Mare Dept Elect Elect & Comp Engn Baia Mare 430122 Romania HOLISUN SRL Dept Res & Dev Baia Mare 430397 Romania

Modern software architectures heavily rely on apis, yet face significant security challenges, particularly with Broken Object Level Authorization (BOLA) vulnerabilities, which remain the most critical api security risk according to OWASP. This paper introduces Karate-BOLA-Guard, an innovative framework leveraging Large Language Models (LLMs) and Retrieval-Augmented Generation (RAG) techniques to automate security-focused test case generation for apis. Our approach integrates vector databases for context retrieval, multiple LLM models for test generation, and observability tools for process monitoring. Initial experiments were carried out on three deliberately vulnerable apis (VAmPI, Crapi, and OWASP Juice Shop), with subsequent validation on fifteen additional production apis spanning diverse domains including social media, version control systems, financial services, and transportation services. Our evaluation metrics show Llama 3 8B achieving consistent performance (Accuracy: 3.1-3.4, Interoperability: 3.7-4.3) with an average processing time of 143.76 seconds on GPU. Performance analysis revealed significant GPU acceleration benefits, with 20-25x improvement over CPU processing times. Smaller models demonstrated efficient processing, with Phi-3 Mini averaging 69.58 seconds and Mistral 72.14 seconds, while maintaining acceptable accuracy scores. Token utilization patterns showed Llama 3 8B using an average of 36,591 tokens per session, compared to Mistral's 25,225 and Phi-3 Mini's 31,007. Our framework's effectiveness varied across apis, with notably strong performance in complex platforms (Instagram: A = 4.3, I = 4.4) while maintaining consistent functionality in simpler implementations (VAmPI: A = 3.6, I = 4.3). The iterative refinement process, evaluated through comprehensive metrics including Accuracy (A), Complexity (C), and Interoperability (I), represents a significant advancement in automated api security testing, offering an efficient, accurate, and adapt

关键词： security Testing Retrieval augmented generation Test pattern generators Application programming interfaces Accuracy Software testing Automation Systematics Computer architecture api security automation testing tools cybersecurity restful api software testing

来源：评论

学校读者我要写书评

暂无评论

A Practical Model Driven Approach for Designing security Aware RESTful Web apis Using SOFL

引用

IEICE TRANSACTIONS ON INFORMATION AND SYSTEMS 2023年第5期E106D卷 986-1000页

作者： Emeka, Busalire Onesmus Hidaka, Soichiro Liu, Shaoying Hosei Univ Grad Sch Comp & Informat Sci Koganei 1848584 Japan Hiroshima Univ Grad Sch Adv Sci & Engn Higashihiroshima 7390046 Japan AlpsAlpine Co Ltd Iwaki Fukushima 9701144 Japan

RESTful web apis have become ubiquitous with most modern web applications embracing the micro-service architecture. A RESTful api provides data over the network using HTTP probably in-teracting with databases and other services and must preserve its security properties. However, REST is not a protocol but rather a set of guide-lines on how to design resources accessed over HTTP endpoints. There are guidelines on how related resources should be structured with hierar-chical URIs as well as how the different HTTP verbs should be used to represent well-defined actions on those resources. Whereas security has always been critical in the design of RESTful apis, there are few or no clear model driven engineering techniques utilizing a secure-by-design ap-proach that interweaves both the functional and security requirements. We therefore propose an approach to specifying apis functional and security requirements with the practical Structured-Object-oriented Formal Lan-guage (SOFL). Our proposed approach provides a generic methodology for designing security aware apis by utilizing concepts of domain models, domain primitives, Ecore metamodel and SOFL. We also describe a case study to evaluate the effectiveness of our approach and discuss important issues in relation to the practical applicability of our method.

关键词： RESTful web apis SOFL api security secure by design domain driven design

来源：评论

学校读者我要写书评

暂无评论

A classification-by-retrieval framework for few-shot anomaly detection to detect api injection

引用

COMPUTERS & security 2025年 150卷

作者： Aharon, Udi Dubin, Ran Dvir, Amit Hajaj, Chen Dept Comp & Software Engn Golan Hts 1 IL-4077625 Ariel Israel Ariel Univ Ariel Cyber Innovat Ctr Golan Hts 1 IL-4077625 Ariel Israel Ariel Univ Data Sci & Artificial Intelligence Res Ctr Golan Hts 1 IL-4077625 Ariel Israel Ariel Univ Dept Ind Engn & Management Golan Hts 1 IL-4077625 Ariel Israel

Application Programming Interface (api) Injection attacks refer to the unauthorized or malicious use of apis, which are often exploited to gain access to sensitive data or manipulate online systems for illicit purposes. Identifying actors that deceitfully utilize an api poses a demanding problem. Although there have been notable advancements and contributions in the field of api security, there remains a significant challenge when dealing with attackers who use novel approaches that do not match the well-known payloads commonly seen in attacks. Also, attackers may exploit standard functionalities unconventionally and with objectives surpassing their intended boundaries. Thus, api security needs to be more sophisticated and dynamic than ever, with advanced computational intelligence methods, such as machine learning models that can quickly identify and respond to abnormal behavior. In response to these challenges, we propose a novel unsupervised few-shot anomaly detection framework composed of two main parts: First, we train a dedicated generic language model for api based on FastText embedding. Next, we use Approximate Nearest Neighbor search in a classification- by-retrieval approach. Our framework allows for training a fast, lightweight classification model using only a few examples of normal api requests. We evaluated the performance of our framework using the CSIC 2010 and ATRDF 2023 datasets. The results demonstrate that our framework improves api attack detection accuracy compared to the state-of-the-art (SOTA) unsupervised anomaly detection baselines.

关键词： api security Anomaly detection Few-shot learning Classification-by-retrieval ANN NLP

来源：评论

学校读者我要写书评

暂无评论

Adoption of Deep-Learning Models for Managing Threat in api Calls with Transparency Obligation Practice for Overall Resilience

引用

SENSORS 2024年第15期24卷 4859页

作者： Basheer, Nihala Islam, Shareeful Alwaheidi, Mohammed K. S. Papastergiou, Spyridon Anglia Ruskin Univ Sch Comp & Informat Sci Cambridge CB1 1PT England MAGGIOLI SPA Res & Innovat Andrea Papandreou 19 Marousi Athens 15124 Greece Cybersecur Consultancy Serv Dept Securol Jeddah 23334 Saudi Arabia Univ Piraeus Dept Informat Piraeus 18534 Greece

System-to-system communication via Application Programming Interfaces (apis) plays a pivotal role in the seamless interaction among software applications and systems for efficient and automated service delivery. apis facilitate the exchange of data and functionalities across diverse platforms, enhancing operational efficiency and user experience. However, this also introduces potential vulnerabilities that attackers can exploit to compromise system security, highlighting the importance of identifying and mitigating associated security risks. By examining the weaknesses inherent in these apis using security open-intelligence catalogues like CWE and CAPEC and implementing controls from NIST SP 800-53, organizations can significantly enhance their security posture, safeguarding their data and systems against potential threats. However, this task is challenging due to evolving threats and vulnerabilities. Additionally, it is challenging to analyse threats given the large volume of traffic generated from api calls. This work contributes to tackling this challenge and makes a novel contribution to managing threats within system-to-system communication through api calls. It introduces an integrated architecture that combines deep-learning models, i.e., ANN and MLP, for effective threat detection from large api call datasets. The identified threats are analysed to determine suitable mitigations for improving overall resilience. Furthermore, this work introduces transparency obligation practices for the entire AI life cycle, from dataset preprocessing to model performance evaluation, including data and methodological transparency and SHapley Additive exPlanations (SHAP) analysis, so that AI models are understandable by all user groups. The proposed methodology was validated through an experiment using the Windows PE Malware api dataset, achieving an average detection accuracy of 88%. The outcomes from the experiments are summarized to provide a list of key features, such as

关键词： deep learning SHAP transparency obligation api security threat management control vulnerability

来源：评论

学校读者我要写书评

暂无评论

Enhancing User Authentication: An Approach Utilizing Context-Based Fingerprinting With Random Forest Algorithm

引用

IEEE ACCESS 2024年 12卷 110850-110861页

作者： Al-Rumaim, Akram Pawar, Jyoti D. Goa Univ Goa Business Sch Taleigao 403206 Goa India

In the evolving world of Cyber Attacks, this research presents an innovative approach aimed at fortifying user authentication within the Application Programming Interfaces (apis) Ecosystem. We employ a groundbreaking synthesis of Context-Based fingerprinting attributes alongside the Random Forest algorithm, assessing their efficacy in enhancing security in how the user is authenticated. The study emphasizes the model's potential to advance the precision of identifying legitimate login attempts, positioning it as a superior alternative to conventional methods. A model evaluation investigates the capacity of the Random Forest algorithm, augmented with these attributes, to discern the authenticity of user login attempts. Results unveil an exceptionally accurate model with 99.5 % accuracy, showcasing elevated F1 scores, precision, recall, and a notable MCC. The paper's insights underscore the Random Forest algorithm's potential as a robust tool for user authentication using the user's historical profile, significantly contributing to the domain of Cyber security. As the digital landscape continues to evolve, this research endeavours to provide a pioneering solution, ensuring robust api security and endorsing the broader adoption of this groundbreaking model.

关键词： api ecosystem security api security context-based fingerprinting cyber security random forest user authentication api ecosystem security api security context-based fingerprinting cyber security random forest user authentication

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：