Go to DBLP homepageDAB-LLM: Detection of Anomalies in API Call Behavior Based on Large Language Model
Abstract: APIs are now central to digital transformation, carrying the core business logic and sensitive data of enterprises. Attackers can gain access to important information systems and sensitive data by attacking APIs, allowing them to steal high-value data. Besides being vulnerable to traditional attacks, APIs also face unique threats tailored to their characteristics, such as attacks targeting API business logic threats. This type of API attacks are complex, and the attack requests are very similar to legitimate traffic, making them difficult to distinguish from benign requests. Therefore, traditional single-request detection methods are ineffective against such complex attacks. By employing intelligent context-aware natural language processing techniques, we can understand API call behavior and establish a baseline of normal API call behavior to identify anomalies. In this paper, we propose DAB-LLM, a model for Detecting Anomalies in API call Behavior based on Large Language Model. Our approach utilizes extraction and representation methods for API call chains and API call graphs, prompt optimization algorithm, and LoRA fine-tuning technique to enable the model to deeply understand of API call behavior and enhance detection capabilities. Experimental results indicate that DAB-LLM excels in detecting attack behaviors and anomalies in API calls, achieving an f1-score of 97.35% along with significant improvements in recall rate, accuracy and precision. The overall performance of the model shows that our proposed model significantly outperforms other models in API call behavior anomaly detection.
External IDs:dblp:conf/cscwd/ZhangZLLLL25
Loading