US 11,900,179 B1
Detection of abnormal application programming interface (API) sessions including a sequence of API requests
Itsik Yizhak Mantin, Shoham (IL); Laetitia Kahn, Tel Aviv (IL); Sapir Porat, Hod Hasharon (IL); and Yaron Sheffer, Hod-Hasharon (IL)
Assigned to Intuit, Inc., Mountain View, CA (US)
Filed by INTUIT INC., Mountain View, CA (US)
Filed on Jul. 13, 2023, as Appl. No. 18/351,715.
Int. Cl. G06F 9/54 (2006.01); G06F 21/55 (2013.01); H04L 9/40 (2022.01)
CPC G06F 9/541 (2013.01) [G06F 21/552 (2013.01); H04L 63/00 (2013.01); H04L 63/14 (2013.01)] 17 Claims
OG exemplary drawing
 
1. A computer-implemented method comprising:
receiving training data comprising a plurality of application programming interface (API) requests from a plurality of client devices;
generating a plurality of permissible API sessions based on the training data, wherein each of the plurality of permissible API sessions is associated with a corresponding client device of the plurality of client devices and includes a sequence of API requests originating from the corresponding client device;
applying a sequence embedding technique to the plurality of permissible API sessions to generate a plurality of embeddings, wherein each of the embeddings is representative of a corresponding permissible API session of the plurality of permissible API sessions;
applying a dimensionality reduction technique to the plurality of embeddings to generate a plurality of compact embeddings;
applying a clustering technique to the plurality of compact embeddings to determine a plurality of different clusters of the compact embeddings; and
generating a plurality of patterns based on the plurality of different clusters, wherein each of the plurality of patterns is descriptive of permissible API sessions associated with a corresponding cluster of the plurality of different clusters.