Application program interfaces(API) are some kind of interfaces for providing services for accessing specific features or data that can be used by programmers when they develop software. For example, web API provides the services for accessing the data which is needed for a webpage. Therefore web developers can use those services by making API calls (HTTP requests) to the API for accessing the specific data for the web.
Since these APIs are exposed to public or internal interfaces, hackers can attack the API by making fake API calls to steal sensitive data or to disrupt the services provided by APIs to the intended users. There are several types of attacks that can be done by hackers. The most common attacks are login attacks and distributed denial of service (DDoS) attacks. Most APIs also have authentication mechanisms like secure websites have. But there is no mechanism for preventing continuous login attempts. Therefore hackers can try different combinations of passwords and successfully log in to the system. This attack is called login attacks.
The other type is DDoS attack, in this attack the API services are disturbed by sending a bunch of HTTP requests continuously to the API from multiple clients. Since the API have to handle lots of requests at one time, the API might take a long time to response for the request that comes from the real client. The server that the API is hosted also might be down because of the overflow of the capacity when handling many requests at one time. There are also some other problems because of the DDoS attack. The basic idea of this project is detecting such kind of attacks for preventing fraudulent access to APIs.