	US 12,470,568 B2
	Tree-based learning of application programming interface specification
Liron Levin, Kefar Sava (IL); Isaac Schnitzer, Ra'anana (IL); Elad Shuster, Petach Tikva (IL); and Pavel Novik, Ashdod (IL)
Assigned to Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed by Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed on Apr. 29, 2024, as Appl. No. 18/650,045.
Application 18/650,045 is a continuation of application No. 17/443,316, filed on Jul. 23, 2021, granted, now 11,997,110.
Prior Publication US 2024/0291829 A1, Aug. 29, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 21/00 (2013.01); G06F 16/901 (2019.01); H04L 9/40 (2022.01); H04L 67/133 (2022.01); H04L 69/22 (2022.01)

CPC H04L 63/1408 (2013.01) [G06F 16/9027 (2019.01); H04L 67/133 (2022.05); H04L 69/22 (2013.01)]

20 Claims

1. A method comprising:

dynamically updating application programming interface (API) trees while filtering application traffic with the API trees, wherein dynamically updating the API trees while filtering application traffic with the API trees comprises,

based on detecting a first API request in application traffic, extracting a first path from the first API request, wherein the first path corresponds to one or more resources corresponding to an API;

determining whether the first path from the first API request corresponds to a second path in a first tree for the API, wherein the first tree comprises at least one of common paths and common nodes in a first plurality of API requests of the application traffic;

based on determining that the first path from the first API request does not correspond to the second path in the first tree for the API, filtering the first API request from the application traffic; and

updating the first tree for the API based on a second plurality of API requests detected in the application traffic including the first API request, wherein updating the first tree for the API comprises removing at least one of malicious nodes and malicious paths from the first tree.