Page created: 12 May 2021
|
Page updated: 1 Nov 2021
ABS AI Engine detects attacks based on client activity using an OAuth Token. The following table lists the detected attacks on a single API or across multiple APIs
Attack Type | Description |
type_id
|
Single or Across APIs |
Data Exfiltration Attack Type 1 | Data is being extracted via a REST API service. |
1
|
Single API |
Stolen Access Token Attack | A stolen access token is being used to attack an API service. |
4
|
Single API |
API Memory Attack Type 1 | Flooding of an API service with data or code. |
5
|
Single API |
API Memory Attack Type 2 |
6
|
Single API | |
API Probing Replay Attack | Probing or breach attempts on an API service – also called fuzzing. |
8
|
Single API |
API DDoS Attack Type 1 | A DDoS or distributed attack is disrupting an API service. |
9
|
Single API |
Extreme Client Activity Attack | Extreme client request activity on an API service. |
10
|
Single API |
Extreme App Activity | Extreme App Activity may indicate an injection or other CPU intensive attack. |
11
|
Single API |
Data Deletion | Excessive data deletion activity on an API service. |
14
|
Single API |
Data Poisoning | Extreme create or update activity received on an API service. |
15
|
Single API |
Stolen Token Attack Type 2 | A stolen token is being used to attack an API service. | 16 |
Across API |
API Probing Replay Type 2 | robing an API service over an extended time period - Token |
19
|
Across APIs |
Data Exfiltration Attack Type 2 | Data is being extracted via a REST API service over an extended time period. |
21
|
Single API |
Excessive Client Connections Note: The
Excessive Client Connections attack type is disabled by default. For
more information, see REST API attack types. |
Client is establishing an excessive number of TCP connections. | 23 |
Across APIs |
Content Scraping Type 1 | Client abnormally accessing API content | 26 |
Across APIs |
Content Scraping Type 2 | Client abnormally accessing API content over an extended time period | 28 |
Single API |
Sequence Attack | Abnormal sequence of transactions | 36 |
Across APIs |
Header Manipulation | Probing an API using malicious headers | 37 |
Single API |
Query Manipulation Attack | Modifying query string to inject malicious content or impact API service | 41 |
Single API |
Important: ABS also reports Sequence attack on OAuth token. However, if a
username is available, it is first reported against username.