APIs play a vital role in facilitating secure data exchange between distributed systems, yet their expanded adoption has introduced critical vulnerabilities exploitable through encrypted parameter manipulation. Traditional rule-based detection methods fail when cryptographic obfuscation eliminates semantic patterns. This paper introduces EncDetect, a novel framework combining convolutional and recurrent neural architectures to analyze encrypted API traffic at the character level. By modeling latent structural relationships between URLs, parameter names, and encrypted payloads without decryption, our approach effectively identifies tampered requests. Comprehensive evaluations on augmented CSIC-2010 datasets demonstrate robust performance across multiple encryption schemes (AES/BASE64 F1 = 0.9705, SHA-256/BASE64 F1 = 0.9693), outperforming baseline methods by 4.8–6.2% in F1-score while maintaining < 2.3% false positive rates. The framework’s key innovation lies in learning cryptographic artifact distributions through hierarchical feature fusion, enabling real-time detection of zero-day attacks in encrypted API ecosystems.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

EncDetect: Encrypted Malicious Parameter Detection for APIs

  • Ye Wang,
  • Xing Liu,
  • Liang Guo

摘要

APIs play a vital role in facilitating secure data exchange between distributed systems, yet their expanded adoption has introduced critical vulnerabilities exploitable through encrypted parameter manipulation. Traditional rule-based detection methods fail when cryptographic obfuscation eliminates semantic patterns. This paper introduces EncDetect, a novel framework combining convolutional and recurrent neural architectures to analyze encrypted API traffic at the character level. By modeling latent structural relationships between URLs, parameter names, and encrypted payloads without decryption, our approach effectively identifies tampered requests. Comprehensive evaluations on augmented CSIC-2010 datasets demonstrate robust performance across multiple encryption schemes (AES/BASE64 F1 = 0.9705, SHA-256/BASE64 F1 = 0.9693), outperforming baseline methods by 4.8–6.2% in F1-score while maintaining < 2.3% false positive rates. The framework’s key innovation lies in learning cryptographic artifact distributions through hierarchical feature fusion, enabling real-time detection of zero-day attacks in encrypted API ecosystems.