International Journal of Sustainability and Innovation in Engineering (IJSIE)
2024
https://www.doi.org/10.56830/IJSIE202411
Author
Ramanan Hariharan
Abstract
WAFs and API gateways are the lowest common denominator in every transaction and, therefore, the logical place to have the backend integrate threat prevention that is made scalable. This paper focuses on proactive, synchronous measures: driver block, driver challenge, rate-limit, sandbox, and step-up reauthentication, as opposed to detection procedures. It proposes an end-to-end design that combines on-path risk ratings with a deterministic policy engine and strictly enforced tail-latency budgets. This evaluation is capable through the use of a privacy-preserving, multi-region month-long corpus (~10B requests) in the form of gateway logs, auth events, WAF flags, and honeypot hits. Only O(1) online operations are supported: the presence of the header, the existence of specific trie paths, the length and entropy of tokens and parameters, rarity statistics, and sliding-window counters based on hashed client and tenant identifiers. The available serving options include in-process WebAssembly or a gRPC scorer with stringent deadlines; isotonic calibration and per-endpoint thresholds (including hysteresis) are available that map risk space to action. Idempotent GET caching, fail-open/closed defaults based on endpoint criticality, and signed audit logs can be used to provide reliability and governance. Offline experiments include traditionally separated splits PR-AUC and recall at specific false-block rates; ablations measure feature and model contributions. Online shadow/canary trials can be used to decrease malicious acceptance rate without increasing latency p95/p99 by more than ≤5-10ms. With 10^5-10^7 requests per second, between tenants and across regions, the strategy achieves SLOs and signed, hot-reloaded policy/model bundles. The artifacts consist of a public schema, feature definitions, a synthetic generator, policy DSL examples, rollback playbooks, config, and release scripts to provide reproducible deployment.
Keywords;
API gateway, Threat prevention, Real-time risk scoring, Policy enforcement, False Block Rate (FBR).
Download Full Article 