IP3 2024 – API Level Network Intrusion Detection (Lot 15760)
Disclosed is a system for API-level intrusion detection for monitoring and analyzing API calls to detect malicious or unauthorized activities. Disclosed is an application for interface (API)-level intrusion detection that receives an API call for a service at an API sandbox module, extracts an API call name and API call parameters, and generates a copy of the API call name or the API call parameters. The system has an intrusion detection rules execution engine that determines whether the API call is in violation of security rules obtained from a security rules object and generates an indication of a violation of one or more security rules. The system receives API calls for user-selected developers and user-selected API name references for processing the received API calls for application-specific intrusion detection. The technology may be implemented in e-commerce systems, electronic health records (EHR) protection systems, financial services, IoT devices, etc.