ABS AI Engine detects attacks based on behavior from the username accessing API services. PingIntelligence captures the username information in the following three ways:
Note the following points for ABS AI engine to detect username based attacks:
  • OAuth token parameter, oauth2_access_token, must be configured in API JSON in ASE. For more information on API JSON definition see, Defining an API – API JSON configuration file
  • The incoming request must have an OAuth token in it for ABS AI engine to detect username based attacks
Important: ABS AI engine will not detect username attacks for requests where the server responds with an HTTP 401 Unauthorized Error code. This will prevent blocking of a valid user if an attacker tries to impersonate the user.

Detected attacks based on username

Attack Type Description id Single or Across APIs
API Probing Replay Attack Type 1 Probing or breach attempts on an API service – also called fuzzing - Username 34 Across APIs
API Probing Replay Attack Type 2 Probing an API service over an extended time period - Username 35 Across APIs
Sequence Attack Abnormal sequence of API transactions 36 Across APIs
Abnormal API Access Abnormal user behavior when accessing API services 38 Across APIs
User Data Exfiltration Type 2 A User is extracting excessive data via an API service 39 Single API
User Data Injection A User is injecting excessive data into an API service 40 Single API
Important: While reporting an abnormal sequence, if username is available with the API ecosystem, ABS reports username or else it reports OAuth token.