EncDetect: Encrypted Malicious Parameter Detection for APIs
摘要
APIs play a vital role in facilitating secure data exchange between distributed systems, yet their expanded adoption has introduced critical vulnerabilities exploitable through encrypted parameter manipulation. Traditional rule-based detection methods fail when cryptographic obfuscation eliminates semantic patterns. This paper introduces EncDetect, a novel framework combining convolutional and recurrent neural architectures to analyze encrypted API traffic at the character level. By modeling latent structural relationships between URLs, parameter names, and encrypted payloads without decryption, our approach effectively identifies tampered requests. Comprehensive evaluations on augmented CSIC-2010 datasets demonstrate robust performance across multiple encryption schemes (AES/BASE64 F1 = 0.9705, SHA-256/BASE64 F1 = 0.9693), outperforming baseline methods by 4.8–6.2% in F1-score while maintaining < 2.3% false positive rates. The framework’s key innovation lies in learning cryptographic artifact distributions through hierarchical feature fusion, enabling real-time detection of zero-day attacks in encrypted API ecosystems.