The following table details the range of Tn and Tx for
each attack type.
When manually adjusting the threshold values, the values must fall within the specified ranges.
| Attack Type |
type_id
|
Variable A (Range) | Variable B (Range) | Variable C (Range) | Variable D (Range) | Variable E (Range) | Variable F (Range) |
|---|---|---|---|---|---|---|---|
|
REST API |
|||||||
|
Data Exfiltration |
1 |
Tn = [1-32] Tx = [2-33] |
Tn = [1-19] Tx = [2-20] |
Tn = [1-99] Tx = [2-100] |
NA |
NA |
NA |
|
Single Client Login |
2 |
Tn = [1-19] Tx = [2-20] |
Tn = [1-19] Tx = [2-20] |
NA |
NA |
NA |
NA |
|
Multi Client Login |
3 |
Tn = [1-100] Tx = “na” |
NA |
NA |
NA |
NA |
NA |
|
Stolen Cookie / Access Token |
4 |
Tn = [2-10] |
Tn = [1-19], Tx = [2-20] |
NA |
NA |
NA |
NA |
|
API Memory Attack Type 1 |
5 |
Tn = [1-32] Tx = [2-33] |
Tn = [1-19] Tx = [2-20] |
Tn = [1-99] Tx = [2-100] |
NA |
NA |
NA |
|
API Memory Attack Type 2 |
6 |
Tn = [1-32] Tx = [2-33] |
Tn = [1-19] Tx = [2-20] |
Tn = [1-99] Tx = [2-100] |
NA |
NA |
NA |
|
Cookie DoS |
7 |
Tn = [1-9] Tx = [2-10] |
Tn = [1-19] Tx = [2-20] |
NA |
NA |
NA |
NA |
|
API Probing Replay |
8 |
Tn = [1-99] Tx = [2-100] |
NA |
NA |
NA |
NA |
NA |
|
API DoS Attack Type 1 |
9 |
Tn = [1-100] Tx = “[2-100]” |
NA |
NA |
NA |
NA |
NA |
|
Extreme Client Activity |
10 |
Tn = [1-19] Tx = [2-20] |
NA |
NA |
NA |
NA |
NA |
|
Extreme App Activity |
11 |
Tn = [1-19] Tx = [2-20] |
NA |
NA |
NA |
NA |
NA |
|
API DoS Attack |
12 |
Tn = [1- 100] Tx = “na” |
NA |
NA |
NA |
NA |
NA |
|
API DDoS Attack Type 2 |
13 |
NA |
NA |
NA |
NA |
NA |
NA |
|
Data Deletion |
14 |
Tn = [1- 19] Tx = [2-20] |
Tn = [1-99] Tx = [2-100] |
NA |
NA |
NA |
NA |
|
Data Poisoning |
15 |
Tn = [1- 19] Tx = [2-20] |
Tn = [1-99] Tx = [2-100] |
Tn = [1-32] Tx = [2-33] |
NA |
NA |
NA |
|
Stolen Token Attack Type 2 |
16 |
Tn = [2-10] Tx = “na” |
Tn = [1-100] |
Tn = [1-100] |
NA |
NA |
NA |
|
Stolen Cookie Attack Type 2 |
17 |
Tn = [2-10] Tx = “na” |
Tn = [1-100] |
Tn = [1-100] |
NA |
NA |
NA |
|
API Probing Replay Attack 2 (client identifier: cookie) |
18 |
Tn = [1-99] Tx = [2-100] |
Tn = [1-19] Tx = [2-20] |
NA |
NA |
NA |
NA |
|
API Probing Replay Attack 2 (client identifier: token) |
19 |
Tn = [1-99] Tx = [2-100] |
Tn = [1-19] Tx = [2-20] |
NA |
NA |
NA |
NA |
|
API Probing Replay Attack 2 (client identifier: IP address) |
20 |
Tn = [1-99] Tx = [2-100] |
Tn = [1-19] Tx = [2-20] |
NA |
NA |
NA |
NA |
|
Data Exfiltration Attack Type 2 |
21 |
Tn = [1-42] Tx = [2-43] |
Tn = [0-30] |
Tn = [1-100] |
NA |
NA |
NA |
|
Excessive Client Connections (client identifier : cookie) |
22 |
Tn = [1-19], Tx =[2-20] |
NA |
NA |
NA |
NA |
NA |
|
Excessive Client Connections (client identifier : token) |
23 |
Tn = [1-19], Tx =[2-20] |
NA |
NA |
NA |
NA |
NA |
|
Excessive Client Connections (client identifier : IP address) |
24 |
Tn = [1-19], Tx =[2-20] |
NA |
NA |
NA |
NA |
NA |
|
Content Scraping Type 2 |
28 |
Tn = [1-29] Tx = [2-30] |
Tn = [1-100] |
NA |
NA |
NA |
NA |
|
Unauthorized client attack (client identifier: IP address) |
29 |
Tn = [1-19] Tx = [2-20] |
Tn = [1-19] Tx = [2-20] |
NA |
NA |
NA |
NA |
|
Single Client Login Attack Type 2 (client identifier: IP address) |
30 |
Tn = [1-19] Tx = [2-20] |
Tn = [1-19] Tx = [2-20] |
NA |
NA |
NA |
NA |
|
Stolen API Key Attack- API Key |
31 |
Tn = [1-100] Tx = NA |
Tn = [1-100] Tx = NA |
Tn = [1-100] Tx = NA |
Tn = [1-100] Tx = NA |
NA |
NA |
|
Probing Replay Attack - API Key |
32 |
Tn = [1-100] Tx = NA |
Tn = [1-100] Tx = NA |
NA |
NA |
NA |
NA |
|
Extended Probing Replay Attack - API Key |
33 |
Tn = [1-100] Tx = NA |
Tn = [1-100] Tx = NA |
NA |
NA |
NA |
NA |
|
User Probing Type 1 |
34 |
Tn = [1-99] Tx = [2-100] |
Tn = [1-99] Tx = [2-100] |
Tn = [1-9] Tx = [2-10] |
Tn = [1-9] Tx = [2-20] |
NA |
NA |
|
User Probing Type 2 |
35 |
Tn = [1-99] Tx = [2-100] |
Tn = [1-19] Tx = [2-20] |
Tn = [1-19] Tx = [2-20] |
Tn = [1-29] Tx = [2-30] |
NA |
NA |
|
Sequence attack |
36 |
Tn = [1-19] Tx = [2-20] |
NA |
NA |
NA |
NA |
NA |
|
Header Manipulation |
37 |
Tn = [1-99] Tx = [2-100] |
Tn = [1-20] Tx = NA |
Tn = [1-29] Tx = [2-30] |
Tn = [1-100] Tx = NA |
Tn = [1-2] Tx = NA |
Tn = [1-100] Tx = NA |
|
Account Takeover -UBA |
38 |
Tn = [1-100] Tx = NA |
Tn = [1-99] Tx = [2-100] |
NA |
NA |
NA |
NA |
|
User Data Exfiltration Type 2 |
39 |
Tn = [1-32] Tx = [2-33] |
Tn = [1-32] Tx = [2-33] |
Tn = [1-19] Tx = [2-20] |
NA |
NA |
NA |
|
User Data Injection |
40 |
Tn = [1-32] Tx = [2-33] |
Tn = [1-19] Tx = [2-20] |
NA |
NA |
NA |
NA |
|
Query Manipulation Attack |
41 |
Tn = [1-20] Tx = NA |
Tn = [1-2] Tx = NA |
Tn = [1-2] Tx = NA |
Tn = [1-100] Tx = NA |
Tn = [1-2] Tx = NA |
Tn = [1-100] Tx = NA |
|
Content Scraping Type 1 |
42 |
Tn = [1-19] Tx = [2-20] |
Tn = [1-19] Tx = [2-20] |
Tn = [1-19] Tx = [2-20] |
Tn = [1-19] Tx = [2-20] |
NA |
NA |
|
WebSocket API |
|||||||
|
WS Cookie Attack |
50 |
Tn = [1-99] Tx = [2-100] |
Tn = [1-19] Tx= [2-20] |
NA |
NA |
NA |
NA |
|
WS Identity Attack |
51 |
Tn = [1-19] Tx = [2-20] |
Tn = [1-19] Tx = [2-20] |
NA |
NA |
NA |
NA |
|
WS DoS Attack |
53 |
Tn = [1- 100] Tx = “na” |
NA |
NA |
NA |
NA |
NA |
|
WS Data Exfiltration Attack |
54 |
Tn = [1- 100] Tx = “na” |
NA |
NA |
NA |
NA |
NA |