API Anomaly Detection in SAP Integration Suite

ceppek
API Anomaly Detection in SAP Integration Suite
Estimated read time 13 min read

Introduction

In today’s interconnected digital world, where data flows across various systems, ensuring the integrity and security of APIs has become paramount. API Anomaly Detection plays a crucial role in safeguarding these critical communication channels.

API Anomaly Detection refers to the process of identifying unusual or unexpected behaviour within API traffic. It involves continuous monitoring of API requests and responses, analysing patterns, and detecting deviations from established norms. By doing so, organizations can swiftly identify potential security threats, performance bottlenecks, or operational irregularities.

Why is API Anomaly Detection Important?

Performance Optimization: Anomalies in API traffic can impact performance. By detecting irregularities early, organizations can optimize API usage, reduce latency, and enhance overall system efficiency.Business Continuity: APIs are the backbone of modern applications, supporting seamless interactions between services. Anomalies can disrupt critical processes, affecting user experience and business continuity.Security: APIs are gateways to sensitive data and services. Any abnormal activity could signal a cyberattack, data breach, or unauthorized access. Effective anomaly detection helps prevent security breaches and ensures data confidentiality.

Below are some real-world scenarios where API anomalies can have significant consequences. Having a system in place that identifies these anomalies can prove extremely beneficial to organizations and their business:

Flash Sale Traffic Surge:

Scenario: During a flash sale, a financial institution’s payment processing API experiences sudden high traffic.Issue: Without proper anomaly detection, delays in transaction processing may occur, affecting user experience and revenue.Solution: Anomaly detection identifies the traffic surge, allowing efficient load handling.

Flight Booking Availability Drops:

Scenario: An airline’s flight booking API encounters availability drops.Issue: Unavailability can lead to frustrated customers and lost bookings.Solution: Anomaly detection pinpoints the cause (e.g., server failure, network issues), enabling prompt resolution.

Unusually Large Transactions in an Online Marketplace:

Scenario: An online marketplace’s payment API detects unusually large transactions from a single account.Issue: Such transactions may indicate fraud or money laundering.Solution: Anomaly alerts trigger further investigation, safeguarding financial integrity.

Suspicious Login Patterns in E-Commerce Authentication:

Scenario: An e-commerce platform’s authentication API faces multiple failed login attempts from different IP addresses.Issue: Brute-force attacks threaten user accounts and system security.Solution: Anomaly detection identifies suspicious patterns, thwarting unauthorized access.

 

SAP API Management & Anomaly Detection

SAP Integration Suite is an industry-leading and enterprise-grade integration platform-as-a-service that helps businesses seamlessly connect and integrate their applications, data, and processes within their organization and beyond. APIs are the building blocks for many such integrations. The API Management capability in SAP Integration Suite is a complete solution, that addresses all enterprise requirements for API security and governance. It offers advanced analytical capabilities to track API usage and performance. In order to strengthen the API Management capability and empower organizations to further safeguard their digital highways, we introduce the API Anomaly Detection feature as part of the latest release of SAP Integration Suite.  

This is one of the many exciting AI features from BTP that was announced by Mr. Juergen Mueller, CTO in the SAP Sapphire Innovation Keynote! You can find the recording of the entire keynote presentation and demo here.

Note : The feature is in the process of getting updated in our global Data centres. Check this Note for information about regional availability.

Note : The availability of the Anomaly Detection feature is dependent on your SAP Integration Suite service plan. Check this Note for information about the various plans and supported features.

 

Feature overview

API Owners create and deploy APIs using the API Management tools available in the Integration Suite. Their critical task is to ensure that the deployed APIs remain consistently available and deliver optimal performance, thereby ensuring business continuity and satisfying customers. To assist API Owners in fulfilling their responsibilities, we introduce the Machine Learning based API Anomaly Detection feature. It entails educating an AI model to learn the behaviour of managed APIs (API proxies) deployed on a tenant.  It works by comparing a current timeframe of API calls with the corresponding past time-series data.

Enablement

As an Administrator of a specific Integration Suite – API Management tenant, one could decide to turn the feature on from the Settings -> APIs page of the Integration Suite application with a simple toggle switch. As there is a model training involved everytime this configuration is altered, frequent changes to this configuration are not recommended.

A key aspect of the feature is also the ability to send alert notifications on detection of any abnormalities. For this, the BTP Alert Notification Service is utilized. With minimal configurations, the preferred notification channel such as email, SMS etc. could be established that shall then be used to send the alerts in the event of an anomaly.

That’s it! The AI model is set into motion, and it is constantly watching the API traffic flowing through this tenant for any deviations from the normal established patterns. When it encounters such an unusual event, it immediately sends an alert on the preferred channel to the configured contacts so that appropriate actions could be taken.

There is also a possibility that optionally, certain critical APIs could be chosen to be specifically monitored for anomalies. This ensures that the abnormalities in the selected APIs are also flagged explicitly even if the overall system/tenant traffic seems to be behaving as usual.

Anomaly details

The Analytics dashboard is enriched with the Anomaly data as & when they occur. The most recent anomalies are visible upfront, but the historical anomalies could also be found on selection of past dates.

As of today, the AI model is capable of flagging anomalies around API Call count (increase or decrease in call count), API Error count (increase in number of server and client errors) & API Performance (increase in end-to-end response time).  

Each of the anomalies detected has further information such as how much is the deviation from the normal, when did the anomaly occur, which of the APIs or backends were involved, which developers experienced the anomaly etc. All of this is crucial information for the API Owner to understand the root cause of the situation and the impact of the unusual event. This might help them decide on the next set of actions to be undertaken to bring the situation back to normalcy and also to avoid such occurrences in the future.

Apart from the anomaly insights, there are also a set of recommended actions suggested automatically by the tooling that could provide a direction to the API Owners on the next course of remedial action.

Anomaly evaluation

There could be some situations where the AI model recognizes something as unusual but the API Owners could find an explanation to call it a normal occurrence. In such circumstances, the API Owners could mark the event as not an anomaly and let the AI model learn from it for future evaluations.

 

Summary

API Anomaly Detection involves monitoring and identifying abnormalities in time series data related to APIs. It helps API owners detect unexpected patterns or deviations from the norm, ensuring optimal performance and business continuity. SAP Integration Suite offers API Anomaly Detection as part of the API Management capability. The initial release identifies anomalies around API call count, error & performance in a tenant. More information could be found in our help documentation here.

As we continue to enhance and refine our offering, we eagerly await your feedback on this initial feature. Please try it out and share your thoughts with us!

 

 

​ IntroductionIn today’s interconnected digital world, where data flows across various systems, ensuring the integrity and security of APIs has become paramount. API Anomaly Detection plays a crucial role in safeguarding these critical communication channels.API Anomaly Detection refers to the process of identifying unusual or unexpected behaviour within API traffic. It involves continuous monitoring of API requests and responses, analysing patterns, and detecting deviations from established norms. By doing so, organizations can swiftly identify potential security threats, performance bottlenecks, or operational irregularities.Why is API Anomaly Detection Important?Performance Optimization: Anomalies in API traffic can impact performance. By detecting irregularities early, organizations can optimize API usage, reduce latency, and enhance overall system efficiency.Business Continuity: APIs are the backbone of modern applications, supporting seamless interactions between services. Anomalies can disrupt critical processes, affecting user experience and business continuity.Security: APIs are gateways to sensitive data and services. Any abnormal activity could signal a cyberattack, data breach, or unauthorized access. Effective anomaly detection helps prevent security breaches and ensures data confidentiality.Below are some real-world scenarios where API anomalies can have significant consequences. Having a system in place that identifies these anomalies can prove extremely beneficial to organizations and their business:Flash Sale Traffic Surge:Scenario: During a flash sale, a financial institution’s payment processing API experiences sudden high traffic.Issue: Without proper anomaly detection, delays in transaction processing may occur, affecting user experience and revenue.Solution: Anomaly detection identifies the traffic surge, allowing efficient load handling.Flight Booking Availability Drops:Scenario: An airline’s flight booking API encounters availability drops.Issue: Unavailability can lead to frustrated customers and lost bookings.Solution: Anomaly detection pinpoints the cause (e.g., server failure, network issues), enabling prompt resolution.Unusually Large Transactions in an Online Marketplace:Scenario: An online marketplace’s payment API detects unusually large transactions from a single account.Issue: Such transactions may indicate fraud or money laundering.Solution: Anomaly alerts trigger further investigation, safeguarding financial integrity.Suspicious Login Patterns in E-Commerce Authentication:Scenario: An e-commerce platform’s authentication API faces multiple failed login attempts from different IP addresses.Issue: Brute-force attacks threaten user accounts and system security.Solution: Anomaly detection identifies suspicious patterns, thwarting unauthorized access. SAP API Management & Anomaly DetectionSAP Integration Suite is an industry-leading and enterprise-grade integration platform-as-a-service that helps businesses seamlessly connect and integrate their applications, data, and processes within their organization and beyond. APIs are the building blocks for many such integrations. The API Management capability in SAP Integration Suite is a complete solution, that addresses all enterprise requirements for API security and governance. It offers advanced analytical capabilities to track API usage and performance. In order to strengthen the API Management capability and empower organizations to further safeguard their digital highways, we introduce the API Anomaly Detection feature as part of the latest release of SAP Integration Suite.  This is one of the many exciting AI features from BTP that was announced by Mr. Juergen Mueller, CTO in the SAP Sapphire Innovation Keynote! You can find the recording of the entire keynote presentation and demo here.Note : The feature is in the process of getting updated in our global Data centres. Check this Note for information about regional availability.Note : The availability of the Anomaly Detection feature is dependent on your SAP Integration Suite service plan. Check this Note for information about the various plans and supported features. Feature overviewAPI Owners create and deploy APIs using the API Management tools available in the Integration Suite. Their critical task is to ensure that the deployed APIs remain consistently available and deliver optimal performance, thereby ensuring business continuity and satisfying customers. To assist API Owners in fulfilling their responsibilities, we introduce the Machine Learning based API Anomaly Detection feature. It entails educating an AI model to learn the behaviour of managed APIs (API proxies) deployed on a tenant.  It works by comparing a current timeframe of API calls with the corresponding past time-series data.EnablementAs an Administrator of a specific Integration Suite – API Management tenant, one could decide to turn the feature on from the Settings -> APIs page of the Integration Suite application with a simple toggle switch. As there is a model training involved everytime this configuration is altered, frequent changes to this configuration are not recommended.A key aspect of the feature is also the ability to send alert notifications on detection of any abnormalities. For this, the BTP Alert Notification Service is utilized. With minimal configurations, the preferred notification channel such as email, SMS etc. could be established that shall then be used to send the alerts in the event of an anomaly.That’s it! The AI model is set into motion, and it is constantly watching the API traffic flowing through this tenant for any deviations from the normal established patterns. When it encounters such an unusual event, it immediately sends an alert on the preferred channel to the configured contacts so that appropriate actions could be taken.There is also a possibility that optionally, certain critical APIs could be chosen to be specifically monitored for anomalies. This ensures that the abnormalities in the selected APIs are also flagged explicitly even if the overall system/tenant traffic seems to be behaving as usual.Anomaly detailsThe Analytics dashboard is enriched with the Anomaly data as & when they occur. The most recent anomalies are visible upfront, but the historical anomalies could also be found on selection of past dates.As of today, the AI model is capable of flagging anomalies around API Call count (increase or decrease in call count), API Error count (increase in number of server and client errors) & API Performance (increase in end-to-end response time).  Each of the anomalies detected has further information such as how much is the deviation from the normal, when did the anomaly occur, which of the APIs or backends were involved, which developers experienced the anomaly etc. All of this is crucial information for the API Owner to understand the root cause of the situation and the impact of the unusual event. This might help them decide on the next set of actions to be undertaken to bring the situation back to normalcy and also to avoid such occurrences in the future.Apart from the anomaly insights, there are also a set of recommended actions suggested automatically by the tooling that could provide a direction to the API Owners on the next course of remedial action.Anomaly evaluationThere could be some situations where the AI model recognizes something as unusual but the API Owners could find an explanation to call it a normal occurrence. In such circumstances, the API Owners could mark the event as not an anomaly and let the AI model learn from it for future evaluations. SummaryAPI Anomaly Detection involves monitoring and identifying abnormalities in time series data related to APIs. It helps API owners detect unexpected patterns or deviations from the norm, ensuring optimal performance and business continuity. SAP Integration Suite offers API Anomaly Detection as part of the API Management capability. The initial release identifies anomalies around API call count, error & performance in a tenant. More information could be found in our help documentation here.As we continue to enhance and refine our offering, we eagerly await your feedback on this initial feature. Please try it out and share your thoughts with us!    Read More Technology Blogs by SAP articles 

#SAP

#SAPTechnologyblog

Avatar for ceppek
ceppek

You May Also Like

More From Author

+ There are no comments

Add yours