| CPC G06N 3/08 (2013.01) [G06F 9/541 (2013.01); G06F 9/543 (2013.01); G06F 9/547 (2013.01); G06F 16/9027 (2019.01); G06F 16/9566 (2019.01); G06F 21/552 (2013.01); G06N 3/04 (2013.01); H04L 63/1425 (2013.01); H04L 67/133 (2022.05); G06F 2221/034 (2013.01)] | 18 Claims |
|
1. A method for automatically determining a description of interfaces to APIs for a web service, the method comprising:
receiving, by a server from an agent stored on a remote server, API requests sent from a plurality of users to server APIs, the requests intercepted by the agent on the remote server;
automatically detecting components of the API requests by an application on the server, the components including URL parameters, API request header data, and API request body data;
automatically learning a correct set of request components by the application based on the API components detected by the application; and
detecting anomaly requests to the server API based on comparing subsequent server API requests to the learned correct set of request components,
wherein detecting anomaly requests includes:
detecting a set of multiple API requests having request components that differs from the learned correct set of request components,
detecting that the set of multiple API requests is received from a number of users that does not satisfy a threshold, and
determining that the set of multiple API requests is an anomaly based on the difference from the learned correct set of request components and the number of users not satisfying the threshold.
|