Abstract
The Application Programming Interface provides multiple functionalities in the software development task. Collaboration from third-party developers can also be achieved by using Application Programming Interface. Attackers often target network infrastructure to take advantage of system vulnerabilities for fetching the client's sensitive information or any other machine in the network. In some cases, the attackers can use Application Programming Interface for phishing attacks by spoofing like an authorized interface. This research paper presented a comparative analysis of four supervised machine learning techniques for discovering API attacks early so that the client machine should only respond to the authenticated interface discarding the malicious interface. The results achieved for the evaluation of the algorithm Random Forest Classifier, logistic regression techniques, support vector machine, and K-Nearest neighbour are compared with metric accuracy by computing the confusion matrix. The Random Forest classification and logistic regression techniques outperform the other two supervised learning techniques for the traffic dataset for Application Programming Interfaces and the achieved accuracy is close to 98%. The client machine can be trained to detect malicious application programming interfaces by using supervised machine learning techniques like Random Forest Classifier and logistic regression.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
R. Xu, W. **, D. Kim, Microservice security agent based on API gateway in edge computing. Sensors 19, 4905 (2019)
Y. He, Y. Gu, P. Su, K. Sun, Y. Zhou, Z. Wang, Q. Li, A systematic study of android non-SDK (hidden) service API security. IEEE Trans. Dependable Secur. Comput. (2022)
Q. Nguyen, O.F. Baker, Applying spring security framework and OAuth2 to protect microservice architecture API. J. Softw. 14, 257–264 (2019)
S. Verma, J. Sharma, K. Kaushik, V. Vyas, Mounting cases of cyber-attacks and digital payment, Cybersecurity Issues, Challenges, and Solutions in the Business World, vol. 1 (2022), pp. 59–80. https://doi.org/10.4018/978-1-6684-5827-3.CH005
K. Kaushik, A systematic approach to develop an advanced insider attacks detection module. J. Eng. Appl. Sci. 8, 33 (2021). https://doi.org/10.5455/JEAS.2021050104
A. Bhardwaj, M.D. Alshehri, K. Kaushik, H.J. Alyamani, M. Kumar, Secure framework against cyber attacks on cyber-physical robotic systems. J. Electron. Imaging 31, 061802 (2022). https://doi.org/10.1117/1.JEI.31.6.061802
A. Bhardwaj, K. Kaushik, M.S. Maashi, M. Aljebreen, S. Bharany, Alternate data stream attack framework to perform stealth attacks on active directory hosts. Sustainability 14, 12288 (2022). https://doi.org/10.3390/SU141912288
K. Kaushik, S.A. Yadav, V. Chauhan, A. Rana, An approach for implementing comprehensive reconnaissance for bug bounty hunters, in 2022 5th International Conference on Contemporary Computing and Informatics (IC3I) (2022), pp. 189–193. https://doi.org/10.1109/IC3I56241.2022.10072942
K. Kaushik, I. Punhani, S. Sharma, M. Martolia, An advanced approach for performing cyber fraud using banner grabbing, in 2022 5th International Conference on Contemporary Computing and Informatics (IC3I) (2022), pp. 298–302. https://doi.org/10.1109/IC3I56241.2022.10072445
M.J.H. Faruk, A.J. Patinga, L. Migiro, H. Shahriar, S. Sneha, Leveraging healthcare API to transform interoperability: API security and privacy, in 2022 IEEE 46th Annual Computers, Software, and Applications Conference (COMPSAC) (2022), pp. 444–445
F. Hussain, W. Li, B. Noye, S. Sharieh, A. Ferworn, Intelligent service mesh framework for API security and management, in 2019 IEEE 10th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON) (2019), pp. 735–742
B. Lavanya, C. Shanthi, malicious software detection based on URL-API intensity feature selection using deep spectral neural classification for improving host security. Int. J. Comput. Intell. Appl. 2350002 (2023)
M. Idris, I. Syarif, I. Winarno, Development of vulnerable web application based on OWASP API security risks, in 2021 International Electronics Symposium (IES) (2021), pp. 190–194
L. Boeckmann, P. Kietzmann, L. Lanzieri, T. Schmidt, M. Wählisch, Usable Security for an IoT OS: Integrating the Zoo of Embedded Crypto Components Below a Common API. ar**v preprint ar**v:2208.09281 (2022)
G. Baye, F. Hussain, A. Oracevic, R. Hussain, S.M.A. Kazmi, API security in large enterprises: leveraging machine learning for anomaly detection, in 2021 International Symposium on Networks, Computers and Communications (ISNCC) (2021), pp. 1–6
B. Nokovic, N. Djosic, W.O. Li, API security risk assessment based on dynamic ML models, in 2020 14th International Conference on Innovations in Information Technology (IIT) (2020), pp. 247–252
J. Singh, J. Singh, Assessment of supervised machine learning algorithms using dynamic API calls for malware detection. Int. J. Comput. Appl. 44, 270–277 (2022)
K. Kaushik, H.S. Sandhu, N.K. Gupta, N. Sharma, R. Tanwar, A systematic approach for evading antiviruses using malware obfuscation (2022), pp. 29–37. https://doi.org/10.1007/978-981-16-8774-7_3
S. Rani, D. Koundal, M.F. Ijaz, M. Elhoseny, M.I. Alghamdi, An optimized framework for WSN routing in the context of industry 4.0. Sensors 21(19), 6474 (2021)
T. Alrashed, L. Verou, D.R. Karger, Shapir: standardizing and democratizing access to web APIs, in The 34th Annual ACM Symposium on User Interface Software and Technology (2021), pp. 1282–1304
P.S. Rathore, J.M. Chatterjee, A. Kumar, R. Sujatha, Energy-efficient cluster head selection through relay approach for WSN. J. Supercomput. 77, 7649–7675 (2021)
Z.T. Sworna, C. Islam, M.A. Babar, APIRO: a framework for automated security tools API recommendation. ACM Trans. Softw. Eng. Methodol. 32, 1–42 (2023)
K. Kaushik, R. Tanwar, A.K. Awasthi, Security tools, Information Security and Optimization (2020), pp. 181–188. https://doi.org/10.1201/9781003045854-13
R. Mahmood, J. Pennington, D. Tsang, T. Tran, A. Bogle, A framework for automated API fuzzing at enterprise scale, in 2022 IEEE Conference on Software Testing, Verification and Validation (ICST) (2022), pp. 377–388
K. Kaushik, A. Bhardwaj, Zero-width text steganography in cybercrime attacks. Comput. Fraud Secur. 2021, 16–19 (2021). https://doi.org/10.1016/S1361-3723(21)00130-5
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Sharma, I., Kaur, A., Kaushik, K., Chhabra, G. (2024). Machine Learning-Based Detection of API Security Attacks. In: Nanda, S.J., Yadav, R.P., Gandomi, A.H., Saraswat, M. (eds) Data Science and Applications. ICDSA 2023. Lecture Notes in Networks and Systems, vol 821. Springer, Singapore. https://doi.org/10.1007/978-981-99-7814-4_23
Download citation
DOI: https://doi.org/10.1007/978-981-99-7814-4_23
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-7813-7
Online ISBN: 978-981-99-7814-4
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)