Attacks based on token activity - PingIntelligence for APIs

Page created: 12 May 2021 |

Page updated: 1 Nov 2021

| 2 min read

5.0 Capability API Security Advanced API Cybersecurity Linux On-Premises Operating System Hosting Environment PingIntelligence for APIs Product End User Audience IT Operations Security Manager

ABS AI Engine detects attacks based on client activity using an OAuth Token. The following table lists the detected attacks on a single API or across multiple APIs

Attack Type	Description	`type_id`	Single or Across APIs
Data Exfiltration Attack Type 1	Data is being extracted via a REST API service.	`1`	Single API
Stolen Access Token Attack	A stolen access token is being used to attack an API service.	`4`	Single API
API Memory Attack Type 1	Flooding of an API service with data or code.	`5`	Single API
API Memory Attack Type 2	Flooding of an API service with data or code.	`6`	Single API
API Probing Replay Attack	Probing or breach attempts on an API service – also called fuzzing.	`8`	Single API
API DDoS Attack Type 1	A DDoS or distributed attack is disrupting an API service.	`9`	Single API
Extreme Client Activity Attack	Extreme client request activity on an API service.	`10`	Single API
Extreme App Activity	Extreme App Activity may indicate an injection or other CPU intensive attack.	`11`	Single API
Data Deletion	Excessive data deletion activity on an API service.	`14`	Single API
Data Poisoning	Extreme create or update activity received on an API service.	`15`	Single API
Stolen Token Attack Type 2	A stolen token is being used to attack an API service.	`16`	Across API
API Probing Replay Type 2	robing an API service over an extended time period - Token	`19`	Across APIs
Data Exfiltration Attack Type 2	Data is being extracted via a REST API service over an extended time period.	`21`	Single API
Excessive Client Connections Note: The Excessive Client Connections attack type is disabled by default. For more information, see REST API attack types.	Client is establishing an excessive number of TCP connections.	`23`	Across APIs
Content Scraping Type 1	Client abnormally accessing API content	`26`	Across APIs
Content Scraping Type 2	Client abnormally accessing API content over an extended time period	`28`	Single API
Sequence Attack	Abnormal sequence of transactions	`36`	Across APIs
Header Manipulation	Probing an API using malicious headers	`37`	Single API
Query Manipulation Attack	Modifying query string to inject malicious content or impact API service	`41`	Single API

Important: ABS also reports Sequence attack on OAuth token. However, if a username is available, it is first reported against username.