Threshold range for Tn and Tx
The following table details the range of Tn
and Tx
for each attack type. When manually adjusting the threshold values, the values must fall within the specified ranges.
Attack Type |
type_id
|
Variable A (Range) | Variable B (Range) | Variable C (Range) | Variable D (Range) | Variable E (Range) | Variable F (Range) |
---|---|---|---|---|---|---|---|
REST API |
|||||||
Data Exfiltration |
1 |
Tn = [1-32] Tx = [2-33] |
Tn = [1-19] Tx = [2-20] |
Tn = [1-99] Tx = [2-100] |
NA |
NA |
NA |
Single Client Login |
2 |
Tn = [1-19] Tx = [2-20] |
Tn = [1-19] Tx = [2-20] |
NA |
NA |
NA |
NA |
Multi Client Login |
3 |
Tn = [1-100] Tx = “na” |
NA |
NA |
NA |
NA |
NA |
Stolen Cookie / Access Token |
4 |
Tn = [2-10] |
Tn = [1-19], Tx = [2-20] |
NA |
NA |
NA |
NA |
API Memory Attack Type 1 |
5 |
Tn = [1-32] Tx = [2-33] |
Tn = [1-19] Tx = [2-20] |
Tn = [1-99] Tx = [2-100] |
NA |
NA |
NA |
API Memory Attack Type 2 |
6 |
Tn = [1-32] Tx = [2-33] |
Tn = [1-19] Tx = [2-20] |
Tn = [1-99] Tx = [2-100] |
NA |
NA |
NA |
Cookie DoS |
7 |
Tn = [1-9] Tx = [2-10] |
Tn = [1-19] Tx = [2-20] |
NA |
NA |
NA |
NA |
API Probing Replay |
8 |
Tn = [1-99] Tx = [2-100] |
NA |
NA |
NA |
NA |
NA |
API DoS Attack Type 1 |
9 |
Tn = [1-100] Tx = “[2-100]” |
NA |
NA |
NA |
NA |
NA |
Extreme Client Activity |
10 |
Tn = [1-19] Tx = [2-20] |
NA |
NA |
NA |
NA |
NA |
Extreme App Activity |
11 |
Tn = [1-19] Tx = [2-20] |
NA |
NA |
NA |
NA |
NA |
API DoS Attack |
12 |
Tn = [1- 100] Tx = “na” |
NA |
NA |
NA |
NA |
NA |
API DDoS Attack Type 2 |
13 |
NA |
NA |
NA |
NA |
NA |
NA |
Data Deletion |
14 |
Tn = [1- 19] Tx = [2-20] |
Tn = [1-99] Tx = [2-100] |
NA |
NA |
NA |
NA |
Data Poisoning |
15 |
Tn = [1- 19] Tx = [2-20] |
Tn = [1-99] Tx = [2-100] |
Tn = [1-32] Tx = [2-33] |
NA |
NA |
NA |
Stolen Token Attack Type 2 |
16 |
Tn = [2-10] Tx = “na” |
Tn = [1-100] |
Tn = [1-100] |
NA |
NA |
NA |
Stolen Cookie Attack Type 2 |
17 |
Tn = [2-10] Tx = “na” |
Tn = [1-100] |
Tn = [1-100] |
NA |
NA |
NA |
API Probing Replay Attack 2 (client identifier: cookie) |
18 |
Tn = [1-99] Tx = [2-100] |
Tn = [1-19] Tx = [2-20] |
NA |
NA |
NA |
NA |
API Probing Replay Attack 2 (client identifier: token) |
19 |
Tn = [1-99] Tx = [2-100] |
Tn = [1-19] Tx = [2-20] |
NA |
NA |
NA |
NA |
API Probing Replay Attack 2 (client identifier: IP address) |
20 |
Tn = [1-99] Tx = [2-100] |
Tn = [1-19] Tx = [2-20] |
NA |
NA |
NA |
NA |
Data Exfiltration Attack Type 2 |
21 |
Tn = [1-42] Tx = [2-43] |
Tn = [0-30] |
Tn = [1-100] |
NA |
NA |
NA |
Excessive Client Connections (client identifier : cookie) |
22 |
Tn = [1-19], Tx =[2-20] |
NA |
NA |
NA |
NA |
NA |
Excessive Client Connections (client identifier : token) |
23 |
Tn = [1-19], Tx =[2-20] |
NA |
NA |
NA |
NA |
NA |
Excessive Client Connections (client identifier : IP address) |
24 |
Tn = [1-19], Tx =[2-20] |
NA |
NA |
NA |
NA |
NA |
Content Scraping Type 2 |
28 |
Tn = [1-29] Tx = [2-30] |
Tn = [1-100] |
NA |
NA |
NA |
NA |
Unauthorized client attack (client identifier: IP address) |
29 |
Tn = [1-19] Tx = [2-20] |
Tn = [1-19] Tx = [2-20] |
NA |
NA |
NA |
NA |
Single Client Login Attack Type 2 (client identifier: IP address) |
30 |
Tn = [1-19] Tx = [2-20] |
Tn = [1-19] Tx = [2-20] |
NA |
NA |
NA |
NA |
Stolen API Key Attack- API Key |
31 |
Tn = [1-100] Tx = NA |
Tn = [1-100] Tx = NA |
Tn = [1-100] Tx = NA |
Tn = [1-100] Tx = NA |
NA |
NA |
Probing Replay Attack - API Key |
32 |
Tn = [1-100] Tx = NA |
Tn = [1-100] Tx = NA |
NA |
NA |
NA |
NA |
Extended Probing Replay Attack - API Key |
33 |
Tn = [1-100] Tx = NA |
Tn = [1-100] Tx = NA |
NA |
NA |
NA |
NA |
User Probing Type 1 |
34 |
Tn = [1-99] Tx = [2-100] |
Tn = [1-99] Tx = [2-100] |
Tn = [1-9] Tx = [2-10] |
Tn = [1-9] Tx = [2-20] |
NA |
NA |
User Probing Type 2 |
35 |
Tn = [1-99] Tx = [2-100] |
Tn = [1-19] Tx = [2-20] |
Tn = [1-19] Tx = [2-20] |
Tn = [1-29] Tx = [2-30] |
NA |
NA |
Sequence attack |
36 |
Tn = [1-19] Tx = [2-20] |
NA |
NA |
NA |
NA |
NA |
Header Manipulation |
37 |
Tn = [1-99] Tx = [2-100] |
Tn = [1-20] Tx = NA |
Tn = [1-29] Tx = [2-30] |
Tn = [1-100] Tx = NA |
Tn = [1-2] Tx = NA |
Tn = [1-100] Tx = NA |
Account Takeover -UBA |
38 |
Tn = [1-100] Tx = NA |
Tn = [1-99] Tx = [2-100] |
NA |
NA |
NA |
NA |
User Data Exfiltration Type 2 |
39 |
Tn = [1-32] Tx = [2-33] |
Tn = [1-32] Tx = [2-33] |
Tn = [1-19] Tx = [2-20] |
NA |
NA |
NA |
User Data Injection |
40 |
Tn = [1-32] Tx = [2-33] |
Tn = [1-19] Tx = [2-20] |
NA |
NA |
NA |
NA |
Query Manipulation Attack |
41 |
Tn = [1-20] Tx = NA |
Tn = [1-2] Tx = NA |
Tn = [1-2] Tx = NA |
Tn = [1-100] Tx = NA |
Tn = [1-2] Tx = NA |
Tn = [1-100] Tx = NA |
Content Scraping Type 1 |
42 |
Tn = [1-19] Tx = [2-20] |
Tn = [1-19] Tx = [2-20] |
Tn = [1-19] Tx = [2-20] |
Tn = [1-19] Tx = [2-20] |
NA |
NA |
WebSocket API |
|||||||
WS Cookie Attack |
50 |
Tn = [1-99] Tx = [2-100] |
Tn = [1-19] Tx= [2-20] |
NA |
NA |
NA |
NA |
WS Identity Attack |
51 |
Tn = [1-19] Tx = [2-20] |
Tn = [1-19] Tx = [2-20] |
NA |
NA |
NA |
NA |
WS DoS Attack |
53 |
Tn = [1- 100] Tx = “na” |
NA |
NA |
NA |
NA |
NA |
WS Data Exfiltration Attack |
54 |
Tn = [1- 100] Tx = “na” |
NA |
NA |
NA |
NA |
NA |