Go to BIGDATACONF 2022 homepageMobile Application Behaviour Anomaly Detection based on API Calls
Abstract: In many sectors, such as banking, mobile applications became the main interaction channel between customers and institutions. This fast-paced market movement forced an increase in the variety of services offered on the mobile applications. Mobile applications usually exchange information via REST APIs. This range of services with the exposure that APIs imposed to the organizations widen the attack surface, where opportunists can try to take advantages of bad implemented APIs. In light of that, our work focuses in detecting malicious attempts to accessing the APIs by analysing the behaviour of the mobile application user sessions and capturing the anomalies that deviates from the expected. To this end, we tested a pipeline that extracts features based on Markov Chain, Levenshtein Distance and LSTM frequencies to create a machine learning model that was tested in 40 days of data from a retail banking mobile application. By mixing the features from Markov Chain and Levenshtein Distance, our model reached over 96.61% of f-measure. We also present results to discourage the use of LSTM for this use case because it is computationally costly and in fact degraded the performance of the model based on the other frequencies.
0 Replies
Loading