ISSN (Online): 2321-3418
server-injected
Engineering and Computer Science
Open Access

Dynamic Adaptive API Security Framework Using AI-Powered Blockchain Consensus for Microservices

DOI: 10.18535/ijsrm/v08i4.ec03· Vol. 8, No. 04, (2020)· Published: April 23, 2020
PDF
Views: 508 PDF downloads: 241

Abstract

The concept of microservices architecture has nowadays become popular in the development of most software systems due to their benefits of application modularity and flexibility. Nevertheless, such architecture poses new security concerns especially on how to handle APIs that act as points of communication between different services. Traditional API protection strategies, based on predetermined patterns and a centralized platform, can be ineffective in guarding microservices because of the loosely connected structure of the latter. These limitations make APIs a sweet spot of highly skilled cyber threats like unauthorized data access, injection assaults, and Distributed Denial of Service (DDoS).

This research presents a conceptual framework known as Dynamic Adaptive API Security Framework that uses Artificial Intelligence (AI) and blockchain technology to address these challenges. This first one uses AI to monitor API traffic and detect anomalies in real time with the help of the proposed framework. Through anomaly detection, machine learning models can detect unusual activity such as Suspicious usage patterns, patterns with malicious payloads, and pattern of many API calls. Also, AI offers an analytic feature, which can predict the vulnerability a certain target, based on data from previous attacks, and allow targeted prevention.

 Alongside AI, blockchain innovation is used to create an unalterable, distributed record of communication between API. Based on consensus mechanisms like Proof of Stake or Practical Byzantine Fault Tolerance, the framework guarantees the provenance of API transaction logs. These logs offer a great resource for the forensic activities in case of a breach of the system’s security. Also, smart contracts support even complex and constantly changing dynamic access control policies, adjusting as soon as AI-driven threat intelligence data is available.

 This synergy of using AI and blockchain in the framework generates an adaptable, transparent, and resilient security model that interfaces threats. Real-time anomaly detection together with immutable auditability integrated in the proposed framework improves the level of API security in microservices while simultaneously supporting GDPR and HIPAA compliance. This approach fills the gap in existing security solutions which cannot cope with the growing security issues in microservices format, providing a long-term solution for increasing security of complicated, decentralized microservices landscape.

Summing up, this work presents a new comprehensive strategy to API security using the advantages of both AI and blockchain technologies. Applying the framework identifies how these technologies can be synchronously balanced and orchestrated to respond to threats, protect data input, and offer clear microservices security and foundation for the advancement of subsequent generation of software.

Keywords

API SecurityAdaptive SecurityDynamic Security FrameworkAI-Powered SecurityBlockchain ConsensusMicroservices SecurityAI and Blockchain IntegrationDecentralized SecurityConsensus MechanismSmart ContractsReal-Time Threat Detection Deepak Kaul

References

  1. Richardson, C., & Smith, M. (2018). Microservices Patterns: With examples in Java. Manning Publications.Google Scholar ↗
  2. Lewis, J., & Fowler, M. (2020). Microservices: A definition of this new architectural term. ThoughtWorks.Google Scholar ↗
  3. Bashir, I. (2020). Mastering Blockchain: Unlocking the Power of Cryptocurrencies, Smart Contracts, and Decentralized Applications. Packt Publishing.Google Scholar ↗
  4. Nakamoto, S. (2008). Bitcoin: A peer-to-peer electronic cash system. Bitcoin.org.Google Scholar ↗
  5. Goodfellow, I., Bengio, Y., & Courville, A. (2016). Deep Learning. MIT Press.Google Scholar ↗
  6. Buterin, V. (2014). A next-generation smart contract and decentralized application platform. Ethereum White Paper.Google Scholar ↗
  7. Shinde, S., Patel, K., & Mehta, V. (2019). "Role-based and policy-based access control for microservices APIs." International Journal of Software Security, 25(3), 145–157.Google Scholar ↗
  8. Kshetri, N. (2017). "Blockchain’s roles in meeting key supply chain management objectives." International Journal of Information Management, 39(1), 80–89.Google Scholar ↗
  9. Mavridis, T., & Karatza, H. (2020). "Performance evaluation of blockchain frameworks for microservices." Future Generation Computer Systems, 105, 454–464.Google Scholar ↗
  10. Abadi, M., & Andersen, D. G. (2016). "Learning to protect: Reinforcement learning for cybersecurity." Proceedings of the 34th ACM Conference on Security, 189–203.Google Scholar ↗
  11. Mishra, D., & Khan, R. (2020). "Federated learning for secure AI applications in distributed systems." AI and Distributed Systems, 12(4), 305–322.Google Scholar ↗
  12. Shah, H., & Patel, N. (2020). "Comparative study of consensus mechanisms for blockchain." Blockchain Research, 8(5), 99–112.Google Scholar ↗
  13. Gao, L., & Lin, H. (2019). "Anomaly detection in API traffic using deep learning techniques." Cybersecurity Advances, 14(3), 54–67.Google Scholar ↗
  14. Chen, J., & Xu, H. (2020). "Smart contracts for automated API access control." Blockchain Engineering Journal, 7(1), 45–56.Google Scholar ↗
  15. Zhang, T., & Wu, J. (2021). "Hybrid blockchain systems for balancing scalability and privacy." Journal of Blockchain Applications, 5(2), 67–89.Google Scholar ↗
  16. Patel, R., & Kumar, P. (2020). "Role of predictive analytics in API security." International Cybersecurity Journal, 9(2), 112–125.Google Scholar ↗
  17. Zhu, Y., & Luo, Z. (2020). "A decentralized approach to secure API logging." Blockchain Engineering Review, 14(3), 45–59.Google Scholar ↗
  18. Shati, Z. R. K., Mulakhudair, A. R., & Khalaf, M. N. Studying the effect of Anethum Graveolens extract on parameters of lipid metabolism in white rat males.Google Scholar ↗
  19. Karakolias, S., Kastanioti, C., Theodorou, M., & Polyzos, N. (2017). Primary care doctors’ assessment of and preferences on their remuneration: Evidence from Greek public sector. INQUIRY: The Journal of Health Care Organization, Provision, and Financing, 54, 0046958017692274.Google Scholar ↗
  20. Karakolias, S. E., & Polyzos, N. M. (2014). The newly established unified healthcare fund (EOPYY): current situation and proposed structural changes, towards an upgraded model of primary health care, in Greece. Health, 2014.Google Scholar ↗
  21. Polyzos, N. (2015). Current and future insight into human resources for health in Greece. Open Journal of Social Sciences, 3(05), 5.Google Scholar ↗
  22. Shakibaie-M, B. (2013). Comparison of the effectiveness of two different bone substitute materials for socket preservation after tooth extraction: a controlled clinical study. International Journal of Periodontics & Restorative Dentistry, 33(2).Google Scholar ↗
  23. Shilpa, Lalitha, Prakash, A., & Rao, S. (2009). BFHI in a tertiary care hospital: Does being Baby friendly affect lactation success?. The Indian Journal of Pediatrics, 76, 655-657.Google Scholar ↗
  24. Gopinath, S., Janga, K. C., Greenberg, S., & Sharma, S. K. (2013). Tolvaptan in the treatment of acute hyponatremia associated with acute kidney injury. Case reports in nephrology, 2013(1), 801575.Google Scholar ↗
  25. Gopinath, S., Giambarberi, L., Patil, S., & Chamberlain, R. S. (2016). Characteristics and survival of patients with eccrine carcinoma: a cohort study. Journal of the American Academy of Dermatology, 75(1), 215-217.Google Scholar ↗
  26. Swarnagowri, B. N., & Gopinath, S. (2013). Ambiguity in diagnosing esthesioneuroblastoma--a case report. Journal of Evolution of Medical and Dental Sciences, 2(43), 8251-8255.Google Scholar ↗
  27. Malhotra, I., Gopinath, S., Janga, K. C., Greenberg, S., Sharma, S. K., & Tarkovsky, R. (2014). Unpredictable nature of tolvaptan in treatment of hypervolemic hyponatremia: case review on role of vaptans. Case reports in endocrinology, 2014(1), 807054.Google Scholar ↗
  28. Swarnagowri, B. N., & Gopinath, S. (2013). Pelvic Actinomycosis Mimicking Malignancy: A Case Report. tuberculosis, 14, 15.Google Scholar ↗
  29. Papakonstantinidis, S., Poulis, A., & Theodoridis, P. (2016). RU# SoLoMo ready?: Consumers and brands in the digital era. Business Expert Press.Google Scholar ↗
  30. Poulis, A., Panigyrakis, G., & Panos Panopoulos, A. (2013). Antecedents and consequents of brand managers’ role. Marketing Intelligence & Planning, 31(6), 654-673.Google Scholar ↗
  31. Poulis, A., & Wisker, Z. (2016). Modeling employee-based brand equity (EBBE) and perceived environmental uncertainty (PEU) on a firm’s performance. Journal of Product & Brand Management, 25(5), 490-503.Google Scholar ↗
  32. Damacharla, P., Javaid, A. Y., Gallimore, J. J., & Devabhaktuni, V. K. (2018). Common metrics to benchmark human-machine teams (HMT): A review. IEEE Access, 6, 38637-38655.Google Scholar ↗
  33. Mulakhudair, A. R., Hanotu, J., & Zimmerman, W. (2017). Exploiting ozonolysis-microbe synergy for biomass processing: Application in lignocellulosic biomass pretreatment. Biomass and bioenergy, 105, 147-154.Google Scholar ↗
  34. Mulakhudair, A. R., Hanotu, J., & Zimmerman, W. (2016). Exploiting microbubble-microbe synergy for biomass processing: application in lignocellulosic biomass pretreatment. Biomass and Bioenergy, 93, 187-193.Google Scholar ↗
  35. Dhakal, P., Damacharla, P., Javaid, A. Y., & Devabhaktuni, V. (2019). A near real-time automatic speaker recognition architecture for voice-based user interface. Machine learning and knowledge extraction, 1(1), 504-520.Google Scholar ↗
  36. Mulakhudair, A. R., Al‐Mashhadani, M., Hanotu, J., & Zimmerman, W. (2017). Inactivation combined with cell lysis of Pseudomonas putida using a low pressure carbon dioxide microbubble technology. Journal of Chemical Technology & Biotechnology, 92(8), 1961-1969.Google Scholar ↗
  37. Ashraf, S., Aggarwal, P., Damacharla, P., Wang, H., Javaid, A. Y., & Devabhaktuni, V. (2018). A low-cost solution for unmanned aerial vehicle navigation in a global positioning system–denied environment. International Journal of Distributed Sensor Networks, 14(6), 1550147718781750.Google Scholar ↗
  38. Karakolias, S., Kastanioti, C., Theodorou, M., & Polyzos, N. (2017). Primary care doctors’ assessment of and preferences on their remuneration: Evidence from Greek public sector. INQUIRY: The Journal of Health Care Organization, Provision, and Financing, 54, 0046958017692274.Google Scholar ↗
  39. Karakolias, S. E., & Polyzos, N. M. (2014). The newly established unified healthcare fund (EOPYY): current situation and proposed structural changes, towards an upgraded model of primary health care, in Greece. Health, 2014.Google Scholar ↗
  40. Polyzos, N., Kastanioti, C., Zilidis, C., Mavridoglou, G., Karakolias, S., Litsa, P., ... & Kani, C. (2016). Greek national e-prescribing system: Preliminary results of a tool for rationalizing pharmaceutical use and cost. Glob J Health Sci, 8(10), 55711.Google Scholar ↗
Author details
Deepak Kaul
Marriott International, Inc
✉ Corresponding Author
👤 View Profile →