Abstract: With the rise of cloud services and the widespread use of API technology, many network capabilities of operators are usually outputted and empowered through APIs. API gateways have become an important way for northsouth and eastwest system interconnection and data sharing. This paper proposes a method for API gateway traffic anomaly detection based deep learning. Firstly, a heterogeneous graph is constructed to comprehensively represent the gateway traffic network. Then, based on graph attention neural network, node representations in the heterogeneous graph are learned by considering both structural and temporal dimensions. We introduce graph structure refinement to compensate for sparse connections between entities in the heterogeneous graph and obtain more robust node representation learning; Finally, the meta learning algorithm is used to optimize the model and improve its generalization ability in small sample scenarios. The model can be deployed on gateway devices. The algorithm model was experimentally evaluated on the CICIDS2017 dataset, and the results showed that compared with the baseline algorithm, the detection method proposed in this paper has good performance in small sample and multi classification problems.

Key words: API gateway, network traffic anomaly detection, data imbalance, dynamic heterogeneous network, node embedding, meta lea

摘要： 随着云服务的兴起以及API技术的广泛运用，运营商的很多网络能力通常以API的形式对外输出赋能，API网关已经成为南北向、东西向系统互联、数据共享的一种重要方式.提出了一种基于深度学习的API网关流量异常检测方法，首先构建了一个异构图，全面表征网关流量网络；然后基于图注意力神经网络综合考虑结构和时间维度学习异构图中的节点表示，其中引入图结构细化补偿异构图中实体之间的稀疏连接，获得更鲁棒的节点表示学习；最后利用元学习算法优化模型，提高模型在小样本场景的泛化能力，该模型可以在网关设备上部署.在CICIDS2017数据集上对算法模型进行实验评估.结果表明，与基线算法对比，提出的检测方法在小样本、多分类问题上具有良好的性能.关键词API网关；网络流量异常检测；数据不平衡；动态异构网络；节点嵌入；元学习

关键词: API网关, 网络流量异常检测, 数据不平衡, 动态异构网络, 节点嵌入, 元学习