The following table details the range of Tn
and Tx
for
each attack type. When manually adjusting the threshold values, the values must fall within
the specified ranges.
Attack Type |
type_id
|
Variable A (Range) | Variable B (Range) | Variable C (Range) | Variable D (Range) | Variable E (Range) | Variable F (Range) |
REST API | |||||||
Data Exfiltration | 1 | Tn = [1-32] Tx = [2-33] | Tn = [1-19] Tx = [2-20] | Tn = [1-99] Tx = [2-100] | NA | NA | NA |
Single Client Login | 2 | Tn = [1-19] Tx = [2-20] | Tn = [1-19] Tx = [2-20] | NA | NA | NA | NA |
Multi Client Login | 3 | Tn = [1-100] Tx = “na” | NA | NA | NA | NA | NA |
Stolen Cookie / Access Token | 4 | Tn = [2-10] | Tn = [1-19], Tx = [2-20] | NA | NA | NA | NA |
API Memory Attack Type 1 | 5 | Tn = [1-32] Tx = [2-33] | Tn = [1-19] Tx = [2-20] | Tn = [1-99] Tx = [2-100] | NA | NA | NA |
API Memory Attack Type 2 | 6 | Tn = [1-32] Tx = [2-33] | Tn = [1-19] Tx = [2-20] | Tn = [1-99] Tx = [2-100] | NA | NA | NA |
Cookie DoS | 7 | Tn = [1-9] Tx = [2-10] | Tn = [1-19] Tx = [2-20] | NA | NA | NA | NA |
API Probing Replay | 8 | Tn = [1-99] Tx = [2-100] | NA | NA | NA | NA | NA |
API DoS Attack Type 1 | 9 | Tn = [1-100] Tx = “[2-100]” | NA | NA | NA | NA | NA |
Extreme Client Activity | 10 | Tn = [1-19] Tx = [2-20] | NA | NA | NA | NA | NA |
Extreme App Activity | 11 | Tn = [1-19] Tx = [2-20] | NA | NA | NA | NA | NA |
API DoS Attack | 12 | Tn = [1- 100] Tx = “na” | NA | NA | NA | NA | NA |
API DDoS Attack Type 2 | 13 | NA | NA | NA | NA | NA | NA |
Data Deletion | 14 | Tn = [1- 19] Tx = [2-20] | Tn = [1-99] Tx = [2-100] | NA | NA | NA | NA |
Data Poisoning | 15 | Tn = [1- 19] Tx = [2-20] | Tn = [1-99] Tx = [2-100] | Tn = [1-32] Tx = [2-33] | NA | NA | NA |
Stolen Token Attack Type 2 | 16 | Tn = [2-10] Tx = “na” | Tn = [1-100] | Tn = [1-100] | NA | NA | NA |
Stolen Cookie Attack Type 2 | 17 | Tn = [2-10] Tx = “na” | Tn = [1-100] | Tn = [1-100] | NA | NA | NA |
API Probing Replay Attack 2 (client identifier: cookie) | 18 | Tn = [1-99] Tx = [2-100] | Tn = [1-19] Tx = [2-20] | NA | NA | NA | NA |
API Probing Replay Attack 2 (client identifier: token) | 19 | Tn = [1-99] Tx = [2-100] | Tn = [1-19] Tx = [2-20] | NA | NA | NA | NA |
API Probing Replay Attack 2 (client identifier: IP address) | 20 | Tn = [1-99] Tx = [2-100] | Tn = [1-19] Tx = [2-20] | NA | NA | NA | NA |
Data Exfiltration Attack Type 2 | 21 | Tn = [1-42] Tx = [2-43] | Tn = [0-30] |
Tn = [1-100] |
NA | NA | NA |
Excessive Client Connections (client identifier : cookie) | 22 | Tn = [1-19], Tx =[2-20] | NA | NA | NA | NA | NA |
Excessive Client Connections (client identifier : token) | 23 | Tn = [1-19], Tx =[2-20] | NA | NA | NA | NA | NA |
Excessive Client Connections (client identifier : IP address) | 24 | Tn = [1-19], Tx =[2-20] | NA | NA | NA | NA | NA |
Content Scraping Type 2 | 28 | Tn = [1-29] Tx = [2-30] | Tn = [1-100] | NA | NA | NA | NA |
Unauthorized client attack (client identifier: IP address) | 29 | Tn = [1-19] Tx = [2-20] | Tn = [1-19] Tx = [2-20] | NA | NA | NA | NA |
Single Client Login Attack Type 2 (client identifier: IP address) | 30 | Tn = [1-19] Tx = [2-20] | Tn = [1-19] Tx = [2-20] | NA | NA | NA | NA |
Stolen API Key Attack- API Key | 31 | Tn = [1-100] Tx = NA | Tn = [1-100] Tx = NA | Tn = [1-100] Tx = NA | Tn = [1-100] Tx = NA | NA | NA |
Probing Replay Attack - API Key | 32 | Tn = [1-100] Tx = NA | Tn = [1-100] Tx = NA | NA | NA | NA | NA |
Extended Probing Replay Attack - API Key | 33 | Tn = [1-100] Tx = NA | Tn = [1-100] Tx = NA | NA | NA | NA | NA |
User Probing Type 1 | 34 | Tn = [1-99] Tx = [2-100] | Tn = [1-99] Tx = [2-100] | Tn = [1-9] Tx = [2-10] | Tn = [1-9] Tx = [2-20] | NA | NA |
User Probing Type 2 | 35 | Tn = [1-99] Tx = [2-100] | Tn = [1-19] Tx = [2-20] | Tn = [1-19] Tx = [2-20] | Tn = [1-29] Tx = [2-30] | NA | NA |
Sequence attack | 36 | Tn = [1-19] Tx = [2-20] | NA | NA | NA | NA | NA |
Header Manipulation | 37 | Tn = [1-99] Tx = [2-100] | Tn = [1-20] Tx = NA | Tn = [1-29] Tx = [2-30] | Tn = [1-100] Tx = NA | Tn = [1-2] Tx = NA | Tn = [1-100] Tx = NA |
Account Takeover -UBA | 38 | Tn = [1-100] Tx = NA | Tn = [1-99] Tx = [2-100] | NA | NA | NA | NA |
User Data Exfiltration Type 2 | 39 | Tn = [1-32] Tx = [2-33] | Tn = [1-32] Tx = [2-33] | Tn = [1-19] Tx = [2-20] | NA | NA | NA |
User Data Injection | 40 | Tn = [1-32] Tx = [2-33] | Tn = [1-19] Tx = [2-20] | NA | NA | NA | NA |
Query Manipulation Attack | 41 | Tn = [1-20] Tx = NA | Tn = [1-2] Tx = NA | Tn = [1-2] Tx = NA | Tn = [1-100] Tx = NA | Tn = [1-2] Tx = NA | Tn = [1-100] Tx = NA |
Content Scraping Type 1 | 42 | Tn = [1-19] Tx = [2-20] | Tn = [1-19] Tx = [2-20] | Tn = [1-19] Tx = [2-20] | Tn = [1-19] Tx = [2-20] | NA | NA |
WebSocket API | |||||||
WS Cookie Attack | 50 | Tn = [1-99] Tx = [2-100] | Tn = [1-19] Tx= [2-20] | NA | NA | NA | NA |
WS Identity Attack | 51 | Tn = [1-19] Tx = [2-20] | Tn = [1-19] Tx = [2-20] | NA | NA | NA | NA |
WS DoS Attack | 53 | Tn = [1- 100] Tx = “na” | NA | NA | NA | NA | NA |
WS Data Exfiltration Attack | 54 | Tn = [1- 100] Tx = “na” | NA | NA | NA | NA | NA |