Detecção de API Scrapers Através do Fluxo de Hyperlinks
Abstract
Web APIs represent an expanding market and today respond to a significant portion of Internet traffic. With the increasing popularity of Web APIs, developers are increasingly faced with malicious agents and, in many cases, current solutions to prevent abuse of web APIs are not able to mitigate unauthorized extraction (leakage) of data. This work presents a new approach for detecting anomalous clients by extracting systematic information from RESTful APIs, based on hyperlink flow analysis.References
Akamai (2019). State of the Internet / Security: Retail Attacks and API Traffic. 5. Booth, D., Haas, H. and Mccabe, F. (2004). Web Services Architecture.
Chandramouli, R. (2019). Security Strategies for Microservices-based Application Systems. [Online; https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-204-draft.pdf].
Cimpanu, C. (2019). Turkey fines Facebook for December 2018 API bug | ZDNet. Fielding, R. T. (2000). Architectural Styles and the Design of Network-based Software Architectures. University of California, Irvine.
Ivanchikj, A., Pautasso, C. and Schreier, S. (2018). Visual modeling of RESTful conversations with RESTalk. Software & Systems Modeling 17, 17.
Jawad, D. (2017). Detection of Web API Content Scraping An Empirical Study of Machine Learning Algorithms. [Online; http://www.nada.kth.se/~ann/exjobb/dina\_jawad.pdf].
Lospinoso, J. (2017). Abrade, a high-throughput web API scraper. [Online;https://lospi.net/cpp/developing/software/2017/09/15/abrade-web-scraper.html].
Mitchell, R. (2014). Web Scraping with Python. O’Reilly.
MITRE Corporation (2019). Common vulnerabilities and exposures - CVE-2019-5678.
OWASP (2019). REST Security Cheat Sheet - OWASP. [Online; https://www.owasp.org/index.php/REST\_Security\_Cheat\_Sheet].
PortSwigger (2019). Burp Suite Scanner - PortSwigger.
Riot Games (2018). Riot Developer Portal. [Online; https://developer.riotgames.com/api-methods/].
Rodríguez, C., Baez, M., Daniel, F., Casati, F., Trabucco, J. C., Canali, L. and Percannella, G. (2016). REST APIs: A large-scale analysis of compliance with principles and best practices.
Scraper API (2019). Scraper API. [Online; https://www.scraperapi.com/].
Simpson, J. (2019). Everything You Need To Know About API Rate
Limiting | Nordic APIs |. [Online; https://nordicapis.com/everything-you-need-to-know-about-api-rate-limiting/].
Vargiu, E. and Urru, M. (2013). Exploiting web scraping in a collaborative filtering-based approach to web advertising. Artificial Intelligence Research 2.
Zaslavskiy, A. (2019). API Scraping in the Real World. [Online; https://www.codementor.io/blog/api-scraping-5fq1gtd4ah].
Chandramouli, R. (2019). Security Strategies for Microservices-based Application Systems. [Online; https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-204-draft.pdf].
Cimpanu, C. (2019). Turkey fines Facebook for December 2018 API bug | ZDNet. Fielding, R. T. (2000). Architectural Styles and the Design of Network-based Software Architectures. University of California, Irvine.
Ivanchikj, A., Pautasso, C. and Schreier, S. (2018). Visual modeling of RESTful conversations with RESTalk. Software & Systems Modeling 17, 17.
Jawad, D. (2017). Detection of Web API Content Scraping An Empirical Study of Machine Learning Algorithms. [Online; http://www.nada.kth.se/~ann/exjobb/dina\_jawad.pdf].
Lospinoso, J. (2017). Abrade, a high-throughput web API scraper. [Online;https://lospi.net/cpp/developing/software/2017/09/15/abrade-web-scraper.html].
Mitchell, R. (2014). Web Scraping with Python. O’Reilly.
MITRE Corporation (2019). Common vulnerabilities and exposures - CVE-2019-5678.
OWASP (2019). REST Security Cheat Sheet - OWASP. [Online; https://www.owasp.org/index.php/REST\_Security\_Cheat\_Sheet].
PortSwigger (2019). Burp Suite Scanner - PortSwigger.
Riot Games (2018). Riot Developer Portal. [Online; https://developer.riotgames.com/api-methods/].
Rodríguez, C., Baez, M., Daniel, F., Casati, F., Trabucco, J. C., Canali, L. and Percannella, G. (2016). REST APIs: A large-scale analysis of compliance with principles and best practices.
Scraper API (2019). Scraper API. [Online; https://www.scraperapi.com/].
Simpson, J. (2019). Everything You Need To Know About API Rate
Limiting | Nordic APIs |. [Online; https://nordicapis.com/everything-you-need-to-know-about-api-rate-limiting/].
Vargiu, E. and Urru, M. (2013). Exploiting web scraping in a collaborative filtering-based approach to web advertising. Artificial Intelligence Research 2.
Zaslavskiy, A. (2019). API Scraping in the Real World. [Online; https://www.codementor.io/blog/api-scraping-5fq1gtd4ah].
Published
2019-09-02
How to Cite
SANTOS FILHO, Ailton; FEITOSA, Eduardo.
Detecção de API Scrapers Através do Fluxo de Hyperlinks. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 19. , 2019, São Paulo.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2019
.
p. 415-420.
DOI: https://doi.org/10.5753/sbseg.2019.13991.
