×

System and method for identifying and preventing malicious API attacks

  • US 9,853,996 B2
  • Filed: 04/13/2016
  • Issued: 12/26/2017
  • Est. Priority Date: 04/13/2015
  • Status: Active Grant
First Claim
Patent Images

1. A method for identifying and preventing malicious server-side application programming interface (API) attacks over a network in a client-server architecture, performed on a computer having a processor, a memory, and one or more code sets stored in the memory and executed by the processor, the method comprising:

  • during a learning stage;

    monitoring, by the processor, all requests sent to a server-side API over the network and all responses sent from the server-side API over the network;

    identifying, by the processor, one or more first characteristic data points of each request and response sent during the learning stage; and

    determining, by the processor, based at least in part on the identified one or more first characteristic data points, one or more characteristic data models, wherein a characteristic data model represents at least one of an expected input to the API and an expected output of the API; and

    during a protection stage;

    monitoring, by the processor, all requests sent to the server-side API and all responses sent from the server-side API;

    identifying, by the processor, one or more second characteristic data points of each request and response sent during the protection stage;

    one of validating and invalidating, by the processor, the identified one or more second characteristic data points against the one or more characteristic data models;

    generating, by the processor, one or more attacker profiles based at least in part on the validating step;

    determining, by the processor, one or more suspicion scores for each attacker profile; and

    identifying, by the processor, one or more suspicious profiles based at least in part on respective suspicion scores, wherein all future requests and responses related to an identified suspicious profile are flagged with an alert irrespective of validity.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×