US 12,120,129 B1
Detection of abnormal application programming interface (API) sessions including a sequence of API requests
Itsik Yizhak Mantin, Shoham (IL); Laetitia Kahn, Tel Aviv (IL); Sapir Porat, Hod Hasharon (IL); and Yaron Sheffer, Hod-Hasharon (IL)
Assigned to INTUIT INC., Mountain View, CA (US)
Filed by INTUIT INC., Mountain View, CA (US)
Filed on Jan. 4, 2024, as Appl. No. 18/403,913.
Application 18/403,913 is a division of application No. 18/351,715, filed on Jul. 13, 2023, granted, now 11,900,179.
Int. Cl. H04L 9/40 (2022.01); G06F 9/54 (2006.01); G06F 21/55 (2013.01)
CPC H04L 63/14 (2013.01) [G06F 9/541 (2013.01); G06F 21/552 (2013.01); H04L 63/00 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method comprising:
receiving data comprising a plurality of application programming interface (API) requests from a plurality of client devices;
generating a plurality of API sessions based on the data, wherein each of the plurality of API sessions is associated with a corresponding client device of the plurality of client devices and includes a sequence of API requests originating from the corresponding client device;
comparing each of the plurality of API sessions to one or more of a plurality of different patterns indicative of permissible API sessions determined based on training data;
determining one or more API sessions of the plurality of API sessions generated based on the data are abnormal based, at least in part, on the comparing; and
performing one or more actions based on determining the one or more API sessions are abnormal.