Hi, I am in the process of implementing *Request pattern change detection* feature for API Manager analytics and the details are as follows.
*Requirement* If a particular user access a set of APIs in a specific sequence. It'll be abnormal to have a different sequence from the same user all of a sudden. We are planning to use a Markov Chain model to identify this type of a change in request pattern. *Design* A state in the markov model is considered as a combination of UserID and the API used. The following state diagram illustrates this case(The state diagram is not complete). The numbers with the arrows are the probabilities from one state to another(the probability of UserA invoking api_A followed by api_B is 0.1). These numbers will be calculated dynamically and populated in a DAS table using Siddhi queries. These numbers will then be used to calculate a metric named as *Miss Probability. *Using this metric and a suitable threshold, an alert will be generated once an abnormal request pattern is detected. If we are to consider a more granular approach for the states, then a single state could be changed into "*UserA_api_A_GET*" , where GET specified the resource method used in this API. in this case *UserA_api_A_GET* and *UserA_api_A_POST* will be two different states. APIM team please clarify on which approach is more useful and needed for the initial implementation. API manager publishes "org.wso2.apimgt.statistics.request" to DAS and this stream has the *userid, api, method *attributes. These three attributes could be used to build the markov chain. Please suggest me if any other combination of attributes would be more suitable than these three. Suggestions are welcome. -- Thanks & Regards, Fazlan Nazeem *Software Engineer* *WSO2 Inc* Mobile : +94772338839 <%2B94%20%280%29%20773%20451194> [email protected]
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
