Advanced API Security uses detection rules to detect unusual patterns in
API traffic that could represent malicious activity. These rules include both
machine learning models, trained on real API data, and descriptive rules,
based on known types of API threats.
The following table lists the detection rules and their descriptions
Detection rule
Description
A machine learning model for detecting anomalies—unusual patterns of events—in API traffic.
Brute Guessor
High proportion of response errors during previous 24 hours
Flooder
High proportion of traffic from an IP in a 5-minute window
OAuth Abuser
Large number of OAuth sessions with small number of user agents during the previous
24 hours
Robot Abuser
Large number of 403 rejection errors in the past 24 hours
Static Content Scraper
High proportion of response payload size from an IP in a 5-minute window
TorListRule
Tor exit nodes IP list. A Tor exit node is the last Tor node that traffic passes through
in the Tor network
before exiting onto the internet. Detecting Tor exit nodes indicates that
an agent has sent traffic to your APIs from the Tor network, possibly for
malicious purposes.
Machine learning and detection rules
Advanced API Security uses models built with Google's machine learning algorithms to
detect security threats to your APIs. These models are pre-trained on real
API traffic data sets (not your current traffic data) that contain known security threats.
As a result,
the models learn to recognize unusual API traffic patterns, such as API scraping and anomalies,
and cluster events together based on similar patterns.
Two of the detection rules listed above are based on machine learning models:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-03-10 UTC."],[[["This page provides information about Advanced API Security features in Apigee and Apigee hybrid."],["Advanced API Security uses detection rules, including machine learning models and descriptive rules, to identify unusual patterns in API traffic that might indicate malicious activity."],["The detection rules include machine learning models like \"Advanced API Scraper\" and \"Advanced Anomaly Detection,\" which are trained on real API traffic data to identify patterns indicative of security threats."],["Other detection rules include \"Brute Guessor,\" \"Flooder,\" \"OAuth Abuser,\" \"Robot Abuser,\" \"Static Content Scraper,\" and \"TorListRule\", each targeting specific types of potential API abuse."],["Security incidents, which are groups of similar events representing security threats, can be triggered by one or multiple detection rules."]]],[]]
