Authorization Drift Detection in Modern Web APIs Using Deep Learning
No Thumbnail Available
Date
2026
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Saudi Digital Library
Abstract
Authorization Drift Detection in Modern Web APIs Using Deep Learning
ABSTRACT
Authorization drift represents a critical security vulnerability in modern microservices ecosystems, where continuous API updates and evolving access control policies create inconsistencies between intended security policies and runtime enforcement. Traditional detection methods treat each service as an isolated entity, failing to capture how authorization anomalies propagate across service dependencies. This study addresses this gap by designing, implementing, and evaluating a deep learning framework, Adaptive Temporal Graph Neural Network (A-TGNN), based on Temporal Graph Neural Networks (TGNN) for dependency-aware authorization drift detection in Web API ecosystems.
The proposed framework models microservice dependencies as a heterogeneous temporal graph with three node types (services, users, endpoints). The A-TGNN architecture integrates three complementary neural components: Relation-Aware Graph Convolutional Networks for spatial feature aggregation across dependency edges, Multi-Head Attention for importance-weighted message passing enabling interpretable drift attribution, and Gated Recurrent Units for temporal sequence modeling capturing authorization state evolution over time. The model was trained and evaluated on The Train-Ticket (2025–2026 Version), Fudan SE Lab. (2025).
The experimental results demonstrate that the A-TGNN framework successfully detects authorization drift with high accuracy, achieving an F1-score of 0.934 and an AUC-ROC of 0.971, exceeding the target thresholds of 0.90 and 0.95. The false positive rate was maintained at 5.2%, well below the 8% operational threshold. The model achieved a mean inference latency of 124.6 milliseconds per temporal snapshot, satisfying the 150-millisecond real-time requirement. Per-drift-type classification yielded F1-scores of 0.947 for privilege escalation, 0.921 for permission reduction, and 0.935 for propagation effects. The propagation path reconstruction algorithm correctly attributed 88.0% of propagation incidents to their source service.
Ablation studies confirmed the critical contribution of each architectural component, with GRU temporal modeling causing the largest performance degradation when removed, followed by relation-aware graph convolutions. Robustness testing demonstrated that the model maintains an F1-score above 0.90 under moderate data loss and noise conditions.
This research provides the first empirical evidence that temporal graph neural networks can effectively model authorization drift propagation across microservices dependency graphs. The framework addresses an urgent operational need by offering a solution that is accurate, real-time capable, and interpretable, enabling security operations teams to detect and respond to authorization anomalies before they cascade across service boundaries.
Keywords: Authorization Drift, API Security, Temporal Graph Neural Networks, Microservices, Deep Learning, Access Control, Drift Detection, R-GCN, GRU, Multi-Head Attention.
Chapter One
Introduction
1.1 Overview
APIs are the main focus of software architecture today. Web APIs (notably REST, GraphQL, and RPC-based paradigms) are the primary means to expose data and functions (Fielding & Taylor, 2002; Sadasivan et al., 2023). The APIs maintain security boundaries of the respective APIs using authorization mechanisms such as role-based access control (RBAC), OAuth 2.1 scopes and attribute-based conditions.
Nonetheless, software development consistently advances in a new direction. Features are getting updated continuously by integrating and deploying code. In such circumstances, “authorization drift” often occurs. This phenomenon refers to a divergence between the enforcement of access control at runtime and the security policy, which occurs despite the well posedness of the security policy (Sadasivan et al, 2023).
Research demonstrates that this issue is severe and taking place frequently. A study from Sadasivan et al. (2023) confirms that over 80% of microservice deployments experience authorization drift. A lot of those deployments had vulnerabilities that allowed privilege escalation. As the authors found, production APIs change their policies often: on average, several policy changes occur every month per service. That increases the probability of inconsistencies.
A change in policy at one service may have a security impact at another. Architectures that are designed for service composition, such as API A using the functions of API B, allow changes to the authorization logic in B to inadvertently give too many privileges to B’s clients. Alternatively, it may disrupt legitimate functionality (Rodriguez et al., 2023). This causes a feedback effect. When drift occurs in a service, the underlying cause of that drift will eventually manifest as a symptom or weakness in another service.
Detecting data drift is becoming an integral part of contemporary AI practices. However, it is still constrained by service silo perspectives. To look for inconsistencies within the boundary of a service, we have differential testing against the OpenAPI specification (Sadasivan et al, 2023)
This study cures the above deficiency. The core question posed is how the dependencies of a modern API on other APIs can be modelled so that authorization drift can be found before it happens? How can we measure the spread of that as it travels through dependency chains? To solve this problem, the research team suggested a deep learning framework for design, implementation, and evaluation. A collection of cooperating Web APIs would be treated as a temporal graph under this framework. In that graph, an API endpoint would have its own authorization state represented by a node. The edges were to represent dependencies and functions and data dependencies. Subsequently, the model uses temporal Graph Neural Networks (GNNs) to learn complex non-linear relationships between policy changes across services connected in the network. This would let it identify irregularities that signal drift, as well as trace the source of the drift and determine its potential effects. The end result would be essentially a more complete, more accurate, and more useful security analysis tool for today’s APIs.
1.2 Motivation
This research begins from a clear observation. Modern online APIs have a very complex authorization drift, but current detection methods are not performing well, so a gap is being created. These methods primarily operate within the confines of a single service. Modern software development has shifted to an API centric model. Evidence suggests that over 80% of microservice deployments exhibit detectable authorization drift. A significant part of those deployments contains serious vulnerabilities related to privilege escalation (Sadasivan et al, 2023).
What types of mistakes happen? There are contradictions in role-based access regulation. Inconsistencies regarding OAuth scopes exist. Conditions based on attributes may sometimes fail. Updating features iteratively along with constant integration leads to these problems often. According to Kim, Gupta, Lee, and Park (2024), production APIs undergo policy modification on a regular basis. In a month, multiple updates arrive for each service. That's more likely to lead to discrepancies.
A change in local policy does not stay local now. When on API changes its authorization mechanism in service composition architectures, 2 things can happen. At first, it might allow an unintended level of access to another API’s clients. Next, it may violate critical functionality (Rodriguez, Schmidt, Johnson, & Wang, 2023).
What are the current detection systems? A few are checking it against the OpenAPI specification. The time-relatedness of policy logs is analyzed by some. In separate services, these methods work quite well. They are still analytically distinct.
What is missing? A common system that portrays the synchronized growth of access rules across many interconnected APIs. Not as separate silos but as a graph with time. A system that uses deep learning to automatically learn how a policy change propagates through APIs and impacts the security of dependent APIs. This gap in literature is an important one.
This study seeks to design, implement and evaluate a new deep-learning framework according to its aim. It is going to make use of Temporal Graph Neural Networks. This would create an interface with linked web APIs, a temporal graph. This will enable full detection of authorization drift in addition to the analysis of causal propagation to clear attribution of root causes in today’s API-connected ecosystem.
1.3 Problem Statement
The central problem this research addresses is the absence of a real-time, unified risk scoring mechanism for REST API requests in microservice architectures, specifically designed to detect session hijacking attacks that unfold across a short sequence of requests (e.g., within 5–10 API calls). This mechanism must dynamically integrate behavioral signals with contextual data and use this assessment to instantly adapt authorization decisions. This problem is both architectural and methodological in nature but is narrowed here to a specific attack vector and architectural scope.
Current API security architectures operate with a critical disconnect between three core functions. Authentication systems verify user identity once at the point of login and grant static permissions that remain unchanged throughout the session, providing no ongoing assurance of identity once access is granted (Tadi, 2023; Kaul & Khurana, 2021). Simultaneously, anomaly detection systems monitor traffic patterns and flag suspicious activities, but these alerts are reactive, generating notifications for manual security team investigation rather than triggering immediate, automated defensive actions (Kaul & Khurana, 2021; Paidy & Chaganti, 2024). Authorization policies remain rigid and role-based, entirely disconnected from the real-time risk signals generated by other security components (Gupta et al., 2024; Magaji, 2025). The result is a fragmented defense posture where a behavioral anomaly—such as a sudden change in a user's interaction pattern signaling a potential session hijacking—is detected but not communicated to the authorization layer to dynamically restrict access to sensitive resources (Tadi, 2023). This study narrows its focus to session hijacking attempts that manifest within the first few requests after a suspected token compromise, rather than all forms of API abuse.
Beyond this architectural fragmentation lies a deeper methodological limitation. API traffic is inherently temporal and relational in nature. A sequence of API calls from a user represents a behavioral trajectory over time, where the order, frequency, and inter-request relationships carry critical security signals. Similarly, the interactions between different API endpoints, users, and services form a complex graph structure where anomalous connections can indicate lateral movement or credential compromise. However, existing approaches treat API requests as independent, isolated events, relying on static classification models, heuristic rule-based pattern matching, or non-temporal clustering algorithms that fail to capture these rich temporal dependencies and relational structures (Mousavi et al., 2025; Kaul & Khurana, 2021). Specifically, no prior study has explored the application of Temporal Graph Neural Networks (TGNN) to model REST API request sequences in a microservice environment for the purpose of detecting session hijacking within a sliding window of 10 sequential requests, simultaneously capturing both the temporal evolution of user behavior and the relational graph of service-to-service interactions.
This dual gap—architectural fragmentation and methodological limitation—leaves organizations vulnerable to session hijacking attacks that exploit the latency between threat detection and manual response, and that manifest not in a single anomalous request but in evolving behavioral deviations across a short sequence of interactions that current point-in-time analysis cannot detect. This study addresses this narrowed gap by developing a unified, AI-driven risk scoring framework that employs a Temporal Graph Neural Network (TGNN) deep learning model to integrate behavioral authentication signals, real-time contextual analysis, and adaptive authorization enforcement into a single, closed-loop system focused on detecting and responding to session hijacking attempts within the first 10 API calls after a behavioral shift.
Current Limitations and Challenges
The existing body of research and current industry practices in API security exhibit a distinct set of interconnected limitations and operational challenges. These constraints collectively define the landscape of inadequacy that necessitates the present research. Each limitation represents a specific dimension of the broader fragmentation and methodological gap that this study aims to resolve.
Fragmented Security Architecture: Existing models focus on isolated flows rather than graph-based propagation, failing to capture how unauthorized states cascade across interconnected services (Zhang et al., 2024). The most pervasive limitation is the fundamental siloed nature of current API security deployments. Authentication, anomaly detection, and authorization functions operate as independent, non-communicating components within the broader security infrastructure. Tadi (2023) established that behavioral authentication systems can effectively profile user interaction patterns and detect subtle anomalies, yet this critical risk intelligence is not programmatically integrated with the authorization layer. Similarly, Kaul and Khurana (2021) demonstrated that AI-driven anomaly detection models can identify sophisticated, slow-evolving threats invisible to static thresholds, but these insights are delivered as retrospective alerts rather than as real-time inputs to access control decisions. This architectural fragmentation creates exploitable time gaps between the moment a threat is detected and the moment defensive action is taken, precisely the window in which sophisticated attacks succeed.
Static and Perimeter-Only Authentication: Traditional authentication mechanisms, including API keys, OAuth 2.0 tokens, and JWTs, are designed as one-time verification events at the point of login. Once a valid credential is presented, the resulting session is implicitly trusted for its entire duration, regardless of any behavioral or contextual changes that may occur. Gupta et al. (2024) critically evaluated this limitation, concluding that static authentication models are fundamentally blind to session hijacking, credential theft, and insider threats where valid credentials are used for malicious purposes. Tadi (2023) reinforced this by arguing that knowledge-based credentials provide no assurance of user identity post-authentication, leaving organizations with a security model that protects the door but leaves every window unmonitored.
Reactive Rather Than Proactive Threat Response: Current anomaly detection systems overwhelmingly operate on a reactive paradigm. They are designed to identify suspicious patterns, generate alerts, and log incidents for subsequent human investigation. Paidy and Chaganti (2024) highlighted this limitation in the context of AI-driven APIs, where novel attacks such as prompt injection require immediate, automated countermeasures rather than delayed manual review. Kaul and Khurana (2021) noted that even sophisticated unsupervised learning models that detect zero-day anomalies are typically configured to alert administrators rather than to autonomously trigger adaptive policy enforcement. This reliance on human-in-the-loop response creates a critical latency that renders the detection itself operationally ineffective for preventing real-time attacks.
Rigid and Non-Adaptive Authorization Policies: There is a critical need for real-time detection in high-traffic microservices, which requires inference latency to remain below 150 ms to prevent attackers from exploiting drifted endpoints (Panahandeh et al., 2024). Authorization frameworks in current API environments are predominantly based on static, predefined policies such as Role-Based Access Control (RBAC) or Attribute-Based Access Control (ABAC). These models assign permissions based on fixed attributes and roles that do not dynamically respond to changing risk conditions. Magaji (2025) identified this as a critical operational bottleneck, arguing that a Zero-Trust mandate for continuous verification is operationally impossible when authorization decisions are not informed by real-time contextual and behavioral risk signals. Gupta et al. (2024) proposed the Computable Compound Identity Measure (CCIM) as a conceptual solution, but acknowledged that no operational framework currently exists to dynamically synthesize identity, behavior, and context into adaptive authorization decisions.
Ambiguity Between Benign Evolution and Malicious Drift: High-velocity development cycles frequently update API signatures. Differentiating between benign architectural evolution and malicious drift remains a significant challenge for current frameworks (Kim & Nam, 2025).
Inability to Model Temporal and Relational Dynamics in API Traffic: A critical methodological limitation cutting across all existing approaches is the failure to capture the temporal and relational structure inherent in API traffic. API calls are not independent events; they occur in sequences that represent behavioral trajectories over time, and they form relational graphs between users, endpoints, and services. Current machine learning applications in API security rely on static classification models, rule-based heuristics, or non-temporal clustering algorithms that treat each request as an isolated data point (Mousavi et al., 2025; Kaul & Khurana, 2021). These methods cannot model how user behavior evolves across sequential API calls, nor can they capture the complex relational structure of service-to-service interactions. A sudden deviation in the temporal pattern of API requests, or an anomalous edge in the interaction graph between two services that have never communicated before, can be an early indicator of a lateral movement attack or credential compromise. Without advanced deep learning architectures specifically designed for temporal and graph-structured data, such as Temporal Graph Neural Networks (TGNN), current security systems remain blind to this critical class of behavioral anomalies.
Scalability Challenges in Cloud-Native Environments: The operational implementation of advanced, AI-driven security mechanisms faces significant scalability barriers in modern multi-cloud and hybrid ecosystems. Magaji (2025) noted that the continuous verification required by Zero-Trust principles generates a volume of dynamic, contextual decisions that cannot be managed by manual or statically configured systems. The computational overhead of running deep learning models for real-time risk scoring on every API request across a distributed architecture presents a non-trivial engineering challenge that has not been adequately addressed in existing research.
Developer-Centric Vulnerabilities: Mousavi et al. (2025), in their comprehensive systematic review, uncovered that a root cause of many API vulnerabilities lies not in architectural flaws but in the unintentional misuse of security APIs by developers. Their analysis of 69 primary studies revealed that 95% of detection techniques rely on heuristic-based static analysis with manually hard-coded rules, while only 3 out of 69 studies employed machine learning for misuse detection. This gap in the tooling available to developers means that many vulnerabilities are introduced at the code level and propagate into production undetected, further complicating the task of runtime security mechanisms.
Lack of Standardized Evaluation Frameworks: The evaluation landscape for API security mechanisms is critically underdeveloped. Mousavi et al. (2025) identified only five public benchmarks specifically designed for security API misuse detection, all limited to Java cryptographic and SSL/TLS test cases. No reviewed studies considered spatial or temporal bias in their experimental design, raising significant questions about the real-world performance validity of proposed solutions. This absence of rigorous, standardized, and realistic evaluation benchmarks hinders the ability to objectively compare and validate the effectiveness of integrated security frameworks.
These limitations collectively define the research space in which this study operates. They establish that the problem is not the absence of individual security capabilities, but the absence of their integration into a unified, real-time, and adaptive architecture, combined with the critical methodological gap in modeling the temporal and relational dynamics of API traffic. This study specifically addresses these interconnected gaps by designing a framework that employs a Temporal Graph Neural Network (TGNN) deep learning model to synthesize behavioral authentication, contextual risk assessment, and adaptive authorization into a single, closed-loop mechanism for proactive API security.
Research Questions:
RQ1: How can a Temporal Graph Neural Network (TGNN), which models API dependencies as temporal graphs, increase the detection accuracy of authorization drift that propagates across service boundaries in modern Web API ecosystems, compared to single-service isolation methods?
RQ2: How capable is the TGNN-based ensemble model at tracking authorization drift in real-time, with a target inference latency of less than 150 milliseconds per temporal snapshot, while maintaining high F1-score and AUC-ROC on both synthetic microservices and production API datasets?
RQ3: How accurately does the proposed temporal graph model detect and classify different types of authorization drift incidents—specifically privilege escalation, permission reduction, and propagation effects—that are significant to interconnected API security in dependency-rich microservices architectures?
1.4 Research Aim and Objectives
The aim of this study is to design, implement, and evaluate a deep learning framework based on Temporal Graph Neural Networks (TGNNs) that enables dependency-aware authorization drift detection in modern Web API ecosystems, addressing the limitations of current single-service isolation mechanisms.
The specific objectives are:
1. To develop a TGNN model that leverages relation-aware graph convolution layers, attention-enhanced message passing, and gated recurrent units to model authorization drift propagation across microservices dependency edges, thereby improving detection accuracy over single-service isolation baselines.
2. To achieve and validate real-time detection with high performance, and inference latency per temporal snapshot on both synthetic and production API datasets.
3. To ensure the model accurately classifies distinct authorization drift types (privilege escalation, permission reduction, and propagation effects) while maintaining false positive rates below 8% in production-like environments, preventing security analyst alert fatigue.
1.5 Thesis Outline
This thesis is organized into five chapters, each addressing a distinct component of the research process from problem identification through to conclusions and future directions.
Chapter One: Introduction
This chapter establishes the foundation for the entire study. It presents the background of API security and the evolution of threats in modern microservices ecosystems, articulates the problem statement focusing on the absence of a unified, real-time risk scoring mechanism that integrates behavioral signals with authorization decisions, defines the three research questions and five specific objectives, and outlines the scope and significance of the study. The chapter also introduces the proposed Temporal Graph Neural Network approach as the methodological foundation for addressing the identified research gap.
Chapter Two :Literature Review
This chapter provides a comprehensive and systematic review of the existing literature in API security, tracing the evolution from static, perimeter-based defenses to intelligent, adaptive architectures. Nine seminal research contributions are critically analyzed, spanning behavioral authentication (Tadi, 2023), API drift detection (Gupta, 2024), AI-driven API security (Paidy & Chaganti, 2024), automated cloud data transfer (Padhy et al., 2020), AI-augmented defense-in-depth (Kaul & Khurana, 2021), security API misuse detection (Mousavi et al., 2025), sequential drift detection (Ackerman et al., 2021), authentication mechanism evaluation (Gupta et al., 2024), and centralized Zero-Trust authorization frameworks (Magaji, 2025). The chapter concludes by synthesizing these contributions to identify the precise research gap: the absence of a unified framework that integrates behavioral authentication, AI-driven anomaly detection, and adaptive authorization using temporal graph neural networks.
Chapter Three: Methodology
This chapter presents the seven-phase methodological framework designed to address the research objectives. Phase 1 covers the acquisition of the The Train-Ticket (2025–2026 Version) as main dataset, and Sawant and Bacchelli (2015) API Usage Dataset, including the controlled drift injection procedure. Phase 2 describes the construction of the heterogeneous microservices dependency graph with three node types and four edge types across 24 temporal snapshots. Phase 3 details the feature engineering process, including domain-specific features for authorization change frequency and user behavior deviation. Phase 4 presents the A-TGNN architecture, integrating R-GCN, Multi-Head Attention, and GRU components. Phase 5 outlines the training protocol with the composite loss function and temporal cross-validation. Phase 6 describes the drift detection and propagation analysis mechanisms. Phase 7 defines the evaluation framework with performance metrics, baseline comparisons, and ablation studies.
Chapter Four: Experimental Results
This chapter presents the empirical findings from executing the methodology on the experimental dataset. Results are organized to directly address each research question: RQ1 is addressed through comparative performance analysis showing the A-TGNN achieving an F1-score of 0.934 and AUC-ROC of 0.971 compared to 0.728 and 0.867 for the best baseline; RQ2 is addressed through inference latency measurements confirming 124.6 milliseconds mean latency per snapshot; and RQ3 is addressed through per-drift-type classification results showing F1-scores of 0.947, 0.921, and 0.935 for privilege escalation, permission reduction, and propagation effects respectively. The chapter also presents ablation studies, statistical significance testing, cross-validation results, robustness analysis, and case studies illustrating the model's operational behavior.
Chapter Five: Conclusion
This chapter synthesizes the study's findings, positions them within the broader literature through detailed comparisons with each of the prior works reviewed in Chapter Two, and articulates the theoretical and practical significance of the contributions. It acknowledges the limitations of the study, including dataset scope, artificial drift injection, and computational requirements. The chapter concludes by outlining seven specific directions for future research, including evaluation on broader datasets, adversarial drift injection, multimodal data integration, automated response mechanisms, model compression for wider deployability, human-centered evaluation of explainability features, and application of the framework to related domains such as IoT security and cloud entitlement management.
CHAPTER TWO
LITERATURE REVIEW
2.1 Overview
The modern digital economy is fundamentally built upon the ubiquitous integration of Application Programming Interfaces (APIs). These interfaces serve as the connective tissue enabling seamless interaction, data exchange, and interoperability between diverse software components, microservices, cloud platforms, and third-party applications. As organizations undergo rapid digital transformation, adopting cloud-native architectures and microservices at an unprecedented scale, APIs have proliferated exponentially, becoming the backbone of enterprise functionality. This centrality, however, comes at a significant cost: APIs have simultaneously emerged as one of the most expansive and vulnerable attack surfaces in contemporary cybersecurity (Tadi, 2023; Gupta, 2024).
The evolution of the threat landscape has rendered traditional, perimeter-based security models fundamentally inadequate for the protection of modern API ecosystems. Conventional defense mechanisms rely heavily on static, knowledge-based credentials such as passwords and API keys, which act as a one-time gatekeeping function at the point of authentication. This approach is critically vulnerable to a wide array of sophisticated attacks, including phishing, brute-force attacks, credential stuffing, and token hijacking. More importantly, once a session is established, these static models provide no assurance of user identity, leaving systems completely blind to session hijacking, insider threats, and the authorized misuse of valid credentials (Tadi, 2023; Kaul & Khurana, 2021). The problem is further compounded by the phenomenon of API Sprawl, where the rapid and often ungoverned multiplication of APIs within large organizations leads to a proliferation of shadow, dormant, redundant, and zombie APIs, creating a massive, unmanaged attack surface. Within this sprawl, the inevitable process of API Drift occurs, where APIs handled by multiple engineering teams and subjected to constant modification deviate from their original design, security, and governance specifications, silently creating gaping security holes invisible to perimeter defenses (Gupta, 2024).
In response to these escalating challenges, the research community has progressively shifted focus from reactive, perimeter-based defenses to intelligent, adaptive, and predictive security paradigms. This evolution is characterized by three major thematic shifts. The first is the movement from static credential verification to behavioral and context-aware authentication, where user identity is continuously validated through the real-time analysis of behavioral biometrics such as keystroke dynamics, mouse movements, and interaction patterns (Tadi, 2023; Kaul & Khurana, 2021). The second thematic shift is the integration of Artificial Intelligence and Machine Learning as core components of the security architecture, moving beyond signature-based detection to unsupervised anomaly detection, predictive threat modeling, and adaptive policy enforcement (Kaul & Khurana, 2021; Magaji, 2025). The third shift is the architectural transformation from distributed, fragmented security controls to centralized, intelligent policy decision points that can enforce consistent, context-aware, and risk-scored authorization across complex multi-cloud ecosystems (Gupta et al., 2024; Magaji, 2025).
A unique and rapidly growing dimension of this landscape is the emergence of AI-driven APIs as a distinct and highly vulnerable class of endpoints. Unlike traditional, deterministic APIs that return predictable, rule-based data, AI-driven APIs—such as Large Language Model (LLM) endpoints—exhibit probabilistic behavior, high computational cost, and sensitivity to nuanced inputs. This introduces a new generation of AI-native attack vectors, including prompt injection, model extraction via algorithm inversion, adversarial inputs, and AI-driven Denial-of-Service attacks that target computational resources rather than network bandwidth. The security of these intelligent endpoints demands that defense mechanisms themselves become "AI-aware," capable of understanding the semantic context and intent of inputs rather than merely inspecting for syntactic signatures (Paidy & Chaganti, 2024).
Parallel to the evolution of threat detection and authentication, a significant body of research has focused on the human and operational dimensions of API security. A systematic review of the literature reveals that a root cause of many vulnerabilities lies in the unintentional misuse of security APIs by developers. This is driven by the inherently complex and non-intuitive design of security APIs, poor documentation that often includes insecure code examples, and a pervasive lack of sufficient cybersecurity training. The result is an empirically proven epidemic where a staggering percentage of applications contain at least one cryptographic API misuse, directly introducing critical vulnerabilities into production software (Mousavi et al., 2025). This highlights the critical need for detection tools and practices that are aligned with developers' needs and cognitive models.
The operational testing and monitoring of APIs in production present another fundamental challenge. In the API economy, the number of ways in which microservices can be composed is combinatorially explosive and practically unbounded, making it physically impossible for Quality Assurance (QA) teams to anticipate and pre-test every potential sequence. This "unexpected usage" is a primary source of production failures, as systems are most likely to break when used in ways they were never tested. Addressing this testability crisis requires the application of statistically rigorous, sequential monitoring techniques that can detect novel, untested API compositions in real-time with mathematically guaranteed control over false positive rates (Ackerman et al., 2021).
At the foundational level, the secure and efficient transmission of data through APIs remains a critical operational concern. Research has demonstrated the development of automated orchestration layers that integrate cloud service authentication, transport-level performance tuning through parallelized data transfer, and file-level cryptography using AES, HMAC, and key management schemes into a single, cohesive pipeline. Empirical evaluation of such systems has produced critical insights, such as the performance bottleneck of cryptographic operations for small files, where AES and HMAC processing can dominate total upload time, informing the design of file-size-aware security strategies (Padhy et al., 2020).
The trajectory of the field converges on a clear architectural end-state defined by two interconnected paradigms. The first is the Zero Trust Architecture (ZTA), which operates on the principle of "never trust, always verify" and mandates continuous verification of every user, device, and service for every access request, regardless of location within or outside the network perimeter. The second is the concept of a Computable Compound Identity Measure (CCIM), which generalizes the traditional user ID into a dynamic data structure incorporating extensive, real-time contextual attributes such as device posture, geolocation, and behavior patterns. This approach dissolves the traditional boundaries between authentication, authorization, and access control, merging them into a single, seamless, and adaptive process (Gupta et al., 2024). The operationalization of these paradigms at scale, particularly across multi-cloud and hybrid ecosystems, requires the development of AI-driven central authorization frameworks. These frameworks consolidate security policies and enforcement logic into a single, intelligent Policy Decision Point (PDP) that can dynamically evaluate contextual risk factors, enforce adaptive policies, and automate regulatory compliance in a unified and auditable manner (Magaji, 2025).
In summary, the API security landscape is characterized by a clear and necessary evolution from static, siloed, and reactive defenses to dynamic, integrated, and predictive architectures. The literature reveals a strong consensus on the individual necessity of behavioral authentication, AI-driven anomaly detection, internal drift governance, and centralized Zero-Trust authorization. However, it also reveals a critical gap: the absence of a unified framework that integrates these four pillars into a single, cohesive, and intelligent security architecture. This gap defines the precise contribution of the present research.
2.2 Background
Understanding the contemporary challenges and solutions in API security requires a comprehensive examination of the historical and technological background against which these developments have occurred. The evolution of API security is a narrative of escalating complexity, where each architectural advancement designed to enhance interoperability and scalability has simultaneously introduced new classes of vulnerabilities, demanding increasingly sophisticated defensive strategies (Tadi, 2023; Kaul & Khurana, 2021).
The foundational role of APIs in modern software systems cannot be overstated. APIs are essentially sets of programming instructions and standardized protocols that allow disparate software components to interact, exchange data, and leverage each other's functionalities. They provide the necessary abstraction and encapsulation that enable modularity in large-scale distributed systems, allowing independent services to evolve without cascading effects on the entire ecosystem. This is achieved through the use of standardized protocols such as HTTP/HTTPS for RESTful APIs, which have gained immense popularity due to their simplicity, statelessness, and use of universally parseable data formats like JSON and XML. The stateless nature of RESTful APIs is a critical architectural feature for scalability, as it allows any server instance to handle any incoming request without needing to synchronize session state with other instances. This design principle, combined with techniques like horizontal scaling and load balancing through API gateways, enables enterprise systems to support massive volumes of requests from millions of users, a fundamental requirement of the modern digital economy (Kaul & Khurana, 2021).
However, the very features that make APIs so powerful—their accessibility, standardized interfaces, and role in decoupling services—are precisely what create an expanded and deeply vulnerable attack surface. This paradox lies at the heart of the API security challenge. Unlike traditional monolithic systems where data and processes are contained within a tightly controlled environment, distributed systems expose multiple endpoints that must be reachable from external networks or other internal services. By their necessary design, APIs expose certain aspects of a system for use, and this accessibility makes them vulnerable to a wide range of cyber intrusions unless adequately secured. The diverse network boundaries that APIs must traverse, including cloud-based services, on-premise systems, and mobile devices, introduce additional complexity in enforcing consistent security policies and maintaining secure connections (Kaul & Khurana, 2021).
The evolution of cyber threats targeting APIs has been relentless. Attackers have developed a sophisticated arsenal that extends far beyond simple unauthorized access attempts. Credential stuffing attacks use automated tools to test compromised username and password combinations from previous data breaches across numerous APIs. Token hijacking exploits weaknesses in token storage or transmission to intercept and reuse valid access tokens. More advanced threats include Advanced Persistent Threats (APTs) that dynamically alter their tactics to evade static defenses, and insider threats where malicious actors with legitimate credentials operate entirely invisible to perimeter-based security controls. The proliferation of Internet of Things (IoT) devices has further expanded the attack surface, with each connected device acting as a potential insecure entry point (Tadi, 2023).
The traditional security defense framework for APIs was built upon three foundational pillars: encryption, authentication, and anomaly detection. Encryption, primarily through Transport Layer Security (TLS), ensures the confidentiality and integrity of data during transit between a client and a server, preventing interception and tampering through man-in-the-middle attacks. Authentication serves as the first line of defense against unauthorized access, verifying the identity of a client or user through mechanisms ranging from simple API keys to sophisticated token-based systems like OAuth 2.0 and JSON Web Tokens (JWT). Authorization, often paired with authentication, defines what resources and actions a verified entity is permitted to access, typically implemented through Role-Based Access Control (RBAC) or Attribute-Based Access Control (ABAC). Finally, anomaly detection monitors for unusual patterns in system activity that could indicate a security threat, traditionally relying on predefined rules and static thresholds (Kaul & Khurana, 2021).
While these traditional pillars remain essential, they have been diagnosed with fundamental brittleness in the face of modern, dynamic environments. The core problem is a fundamental mismatch between static, deterministic security controls and the dynamic, probabilistic, and massively interconnected nature of modern API-driven distributed systems. Encryption is often treated as a binary "checkbox" exercise, where organizations deploy TLS and then fail to monitor for subsequent protocol vulnerabilities, deprecated cipher suites, or anomalous key usage patterns that signal a secret compromise. Authentication remains a static, perimeter-only event; once a valid token is presented at login, the entire session is implicitly trusted, rendering the system blind to credential stuffing, session hijacking, and insider threats. Anomaly detection systems based on hard-coded rules and fixed thresholds can only detect known attack signatures, generating a flood of false positives that erode trust while missing novel, subtle abuse patterns (Kaul & Khurana, 2021).
The architecture of API security has been further challenged by the specific vulnerabilities introduced through the software development lifecycle itself. A significant and often overlooked dimension is the widespread and unintentional misuse of security APIs by developers. Security APIs, which provide developers with functionalities for encryption, authentication, and access control, function correctly only when specific constraints on inputs, outputs, and invocation context are meticulously met as outlined in the API specification. Any deviation from these specifications, known as misuse, can lead to severe vulnerabilities. Systematic reviews have identified 30 distinct types of security API misuses, with insecure cryptographic key management, insecure cryptography algorithms, and improper SSL certificate validation being among the most common and extensively studied. The root causes of this epidemic are multifaceted: the complex and nuanced operation of security APIs, poorly written documentation that often lacks clear usage examples or even includes insecure code, and a critical lack of cybersecurity training for developers. The documented consequences are alarming, with studies revealing that nearly 95% of Android applications and 72% of open-source Java projects contain at least one cryptography API misuse (Mousavi et al., 2025).
Within organizational boundaries, the problem of API governance has emerged as a critical internal threat vector through the phenomenon of API Drift. In large enterprises, the rapid and often chaotic proliferation of APIs—termed API Sprawl—creates an environment where competing standards, inconsistent documentation, and miscommunication between teams become endemic. An API is not a static artifact; it is handled by multiple engineering teams and undergoes constant modification across its lifecycle, from initial design through development, testing, deployment, and numerous version updates. The pressures of tight project deadlines, evolving requirements, and simple human error make it inevitable that the "live" API in production will deviate from its documented specification, its security policy in the central gateway, or its contractual agreement with a third party. This deviation is the essence of API Drift, and it silently undermines all prior governance and security work because controls designed for the original, intended state of the API no longer align with the changed, operational reality. The result is the exposure of sensitive data not through a malicious external attack, but through a broken internal process or a simple configuration change (Gupta, 2024).
This background of escalating complexity, evolving threats, and internal governance failures has set the stage for a fundamental paradigm shift in the approach to API security. The recognition that static, perimeter-based models are obsolete has driven the research community toward intelligent, adaptive, and continuous security models. This new paradigm is characterized by the integration of AI and ML not as optional add-ons, but as core architectural components. It involves a movement from one-time authentication events to continuous, behavioral, and context-aware identity verification. It demands a shift from reactive alerting to predictive and proactive threat neutralization. And it necessitates the consolidation of fragmented security controls into centralized, intelligent policy frameworks capable of enforcing Zero-Trust principles at scale across complex, multi-cloud digital ecosystems (Magaji, 2025; Gupta et al., 2024). This historical and technological background establishes the necessary context for understanding the specific contributions of the research analyzed in this review and the precise gap that the present study aims to fill.
2.3 Behavioral Authentication and Data-Driven Threat Mitigation
A foundational shift in API security strategy is presented by Tadi (2023), who argues for moving beyond static, credential-based defenses to a dynamic "behavior-first" security model. The author posits that the conventional reliance on knowledge-based credentials, such as passwords and API keys, constitutes a critical point of failure in modern systems. These static credentials are highly susceptible to phishing, brute-force attacks, credential stuffing, and theft, yet they provide no assurance of user identity once a session is established. The central problem is the inherent weakness of perimeter-based security models against advanced persistent threats (APTs), adaptive malware, and especially insider threats, where malicious actors with legitimate credentials operate entirely invisibly to conventional controls.
The core insight of the research is the conceptualization of user behavior not as a static attribute but as a continuous, rich data stream that can be modeled and authenticated in real-time. Tadi (2023) proposes a framework where behavioral biometrics, including keystroke dynamics, mouse movement patterns, touchscreen gestures, and application navigation habits, serve as a persistent "digital fingerprint." This raw telemetry data is continuously captured and fed into a machine learning-based anomaly detection engine. The analytical model establishes a dynamic baseline of "normal" behavior for each user and compares real-time activity against this baseline using anomaly detection algorithms. This is further enriched with contextual data such as geolocation, time-of-day, and device fingerprint to minimize false positives. A continuous feedback loop allows the AI to calibrate its sensitivity, refine behavioral profiles, and adapt to both evolving user habits and novel attack patterns without explicit reprogramming.
The conceptual findings from this study suggest that such an architecture would enable a shift to continual and implicit authentication, eliminating the cognitive load of repeated logins while providing proactive and real-time threat neutralization. By embedding intelligence directly into the API layer, the system could detect the precursors of an attack—such as a sudden spike in anomalous data requests—and trigger automated countermeasures before a breach occurs. A key outcome is the significant reduction of false positives, resolving the critical security-usability trade-off by integrating contextual awareness with behavioral baselines. Tadi (2023) concludes that a behavior-first, AI-driven architecture is a present necessity for resilient API protection, promising a dynamic ecosystem where security functions as an intelligent enabler of digital transformation.
2.4 API Drift Detection and Internal Governance
While Tadi (2023) focuses on externalized behavioral authentication, Gupta (2024) addresses an equally critical but internally generated vulnerability: the phenomenon of API Drift. The central problem diagnosed is that of API Sprawl, where the exponential multiplication of APIs in complex enterprise environments leads to a proliferation of shadow, dormant, and redundant interfaces, creating a massive, unmanaged attack surface. Within this sprawl, the core issue of drift emerges as an API, handled by multiple teams and subjected to constant modification from its design phase to production, inevitably deviates from its documented specification, its central security policy, or its contractual agreement with a third party.
Gupta (2024) identifies a critical research gap in the reactive nature of most API security tools, which excel at blocking known external attacks at the perimeter but are blind to a system acting "out of specification." A Web Application Firewall (WAF) cannot detect that an API endpoint previously designed to return a user's masked email address is now, due to a developer error, returning the full, unmasked address. The author's key insight is to frame this problem as a data leakage and data loss prevention issue at its core, requiring continuous runtime conformance checks rather than a one-time "shift-left" activity in the CI/CD pipeline.
The paper's methodological contribution is a detailed taxonomy of six drift types: attack surface, authorization, OpenAPI specification, data attribute, data quality, and data contract drift. The conceptual architecture for detection employs a non-intrusive, microservice-based framework consisting of out-of-band traffic scanning, an API Gateway plugin for asynchronous inspection, and a consolidated Centralized Drift Service that applies machine learning models to a repository of data attributes. The expected results include proactive data loss prevention through continuous conformance, ML-driven pattern recognition that can flag non-standard data attributes even if field names differ, and enhanced third-party trust through automated enforcement of data-sharing contracts. Gupta (2024) concludes that a strategy based purely on blocking external threats is insufficient; the internal threat of API Drift demands a dedicated, intelligent, and continuous detection and remediation framework.
2.5 Securing the Novel Attack Surface of AI-Driven APIs
Building on the need for intelligent defense, Paidy and Chaganti (2024) address a unique and rapidly growing security frontier: APIs that serve Artificial Intelligence and Machine Learning models. The authors argue that AI-driven APIs possess a fundamentally different and more dynamic risk profile compared to traditional, deterministic APIs. Their probabilistic nature, high computational cost, and sensitivity to nuanced inputs make them vulnerable to a new class of AI-native attacks—including prompt injection, model extraction via algorithm inversion, and adversarial inputs—which static, signature-based security tools are completely ill-equipped to handle. The central problem is not just unauthorized access, but the authorized misuse of the AI model's core functionality.
The core insight of the research is that security for AI APIs must become "AI-aware," meaning defense mechanisms must understand the context and intent of the input. The paper proposes a multi-layered, holistic defense architecture that synthesizes traditional API security building blocks with a new layer of AI-specific defenses. This methodology was validated through a detailed empirical case study of hardening a text generation API. The applied security stack included a hardened authentication program using OAuth 2.0 with scoped, ephemeral JWTs to replace static keys, and a bot mitigation program integrating hCaptcha. Most critically, it deployed two custom AI-powered analytical models: first, an NLP-based Intent Verification Model trained to classify incoming text prompts in real-time as normal, harmful instructions, or prompt injection attempts; and second, a custom ML Anomaly Detection Model trained on historical usage patterns to establish behavioral baselines for prompt complexity, length, and linguistic structure.
The 60-day post-implementation evaluation yielded quantifiable, high-impact results, including a 75% reduction in credential-based abuse, a 90% decrease in fraudulent account registrations, a 30% reduction in average compute cost per request, and, critically, zero successful prompt injection incidents. Paidy and Chaganti (2024) provide a practical, measurable blueprint demonstrating that a synergy between hardened standard protocols and custom AI-powered defenses is the essential strategy for unlocking the transformative power of AI-APIs while confidently mitigating their unique risks.
2.6 Practical Automation of Secure Cloud Data Transfer
At a more foundational operational level, Padhy et al. (2020) address the challenge of secure, authenticated, and high-performance data archival from local systems to cloud storage. The central problem is the operational inefficiency and inherent security risk of manual, slow, and heterogeneous data transfer processes involving large, daily-generated datasets. The authors identify a clear gap in the lack of a unified, automated toolchain that cohesively binds authentication, performance tuning, and file-level cryptography for bulk archival operations. Their core insight is the conceptualization of an "Automation API" that acts as a centralized orchestrator.
The applied methodology is explicitly constructive and empirical, centered on building an API using a Perl script that acts as intelligent middleware. This script reads a structured configuration file containing JOSS (Java Library for Open Stack Storage) authentication parameters (endpoint URL, user, password) and performance parameters (destination container, number of threads), then programmatically executes the rclone sync command with these optimized settings. The data security model integrates a cryptographic scheme combining AES for encryption, HMAC for integrity verification, and a Blinded RSA key management architecture.
The experimental validation used a micro-benchmarking analytical model, deconstructing total processing time for proprietary test datasets (ranging from 1 KB to 10 MB) into percentage contributions from data transmission, AES+HMAC processing, and key management. The key results demonstrated a successful end-to-end automated archival of 14.058 GB of data across 289,061 files in 7 hours and 14 minutes with zero errors. A critical finding was the quantified cryptographic performance bottleneck: AES+HMAC operations consumed 67% of total upload time for small 1 KB files, dominating the process, whereas this overhead dropped to 4.7% for 10 MB files. Padhy et al. (2020) thus provide a practical, empirically validated DevOps integration pattern, proving that a cohesive architectural approach can solve the trilemma of automation, performance, and data security in cloud storage archival.
2.7 AI-Augmented Defense-in-Depth for Enterprise APIs
Kaul and Khurana (2021) provide a comprehensive architectural and conceptual framework for systematically integrating AI into every core security layer of an API-driven enterprise system. Their central thesis is that traditional, static security mechanisms are fundamentally mismatched with the dynamic and massively interconnected nature of modern APIs, creating a brittle defense. The core problem is that encryption is treated as a "set-it-and-forget-it" checkbox, authentication is a static, perimeter-only event, and anomaly detection relies on brittle, human-defined rules that are blind to zero-day attacks.
The research gap identified is the lack of a cohesive, AI-driven operational framework that unifies these three disparate security domains into a single, intelligent system. The authors’ core contribution is the architectural synthesis of a multi-model AI pipeline applied to the API gateway. For encryption intelligence, the framework proposes using Decision Trees, SVMs, and CNNs trained on labeled datasets of historical cryptographic exploits to continuously audit protocol strength and recommend upgrades. For adaptive authentication, it employs unsupervised learning models like Gaussian Mixture Models and Autoencoders to build behavioral baselines, with RNNs and LSTMs modeling temporal user sequences to output a dynamic risk score for every access request. For anomaly detection, the core is an unsupervised Autoencoder model trained on normal API traffic features, where a high reconstruction error serves as an anomaly score, combined with threat intelligence feeds to correlate internal anomalies with known Indicators of Compromise (IoCs).
The conceptual outcomes of this layered architecture include a transformation from static to self-auditing encryption, the achievement of continuous, context-aware authentication that dynamically adjusts security posture, and the evolution to intelligent, predictive anomaly detection capable of identifying "low-and-slow" data exfiltration campaigns invisible to static thresholds. Kaul and Khurana (2021) provide a rigorous blueprint, moving the security discourse from asking whether an API is encrypted to asking how intelligently its live behavior is being continuously assessed, correlated, and defended within a unified feedback loop.
2.8 A Systematic Synthesis of Security API Misuse Detection
Addressing the human element at the root of many vulnerabilities, Mousavi et al. (2025) present a monumental Systematic Literature Review (SLR) on the detection of security API misuse. The central problem they confront is not a single technical flaw, but the widespread and unintentional misuse of security APIs by developers, an empirically proven epidemic driven by complex API design, poor documentation, and insufficient training. The research gap is the absence of a comprehensive, consensus-driven body of knowledge in this domain, which had remained a siloed and fragmented collection of studies.
The methodology is the SLR itself, a rigorous meta-program for data analysis following evidence-based software engineering guidelines. The curated dataset is a final corpus of 69 primary research articles, carefully filtered from an initial pool of 1,713 studies across Scopus, IEEE Xplore, and ACM Digital Library. The analytical model involved a structured Data Extraction and Thematic Analysis protocol, with 18 specific data items being iteratively coded and synthesized among all authors to generate validated taxonomies.
The key findings of this SLR constitute an authoritative map of the domain. First, the security API landscape is heavily skewed, with 83% of studies concentrated on Cryptographic Primitives and SSL/TLS APIs, while critical areas like OAuth, Spring Security, and Fingerprint APIs are severely underexplored (RQ1). Second, the review produced an exhaustive taxonomy of 30 distinct misuse types, with insecure cryptographic key management, insecure algorithms, and improper SSL certificate validation being the most common (RQ2). Third, a dominant 95% of detection techniques rely on heuristic-based static analysis with manually hard-coded rules, revealing a massive gap in the application of modern ML-based classification, a gap largely caused by the lack of large, publicly available labeled datasets (RQ3). Finally, the evaluation landscape is critically immature, with only 5 dedicated benchmarks, all limited to Java crypto/SSL test cases, and a systematic failure to consider spatial and temporal bias, raising questions about real-world performance validity. The review also uncovered a significant socio-technical disconnect, with developers' needs systematically overlooked in detection tool design (RQ4). The SLR sets a clear, evidence-based research agenda by definitively identifying these critical gaps.
2.9 Sequential Drift Detection for Operational API Testing
Tackling the operational challenge of testing the practically infinite ways APIs can be composed, Ackerman et al. (2021) apply a statistically rigorous Bayesian sequential analysis technique to the domain of API call graphs. The central problem is the fundamental testability crisis in the API economy, where the combinatorially explosive number of potential API sequences makes it physically impossible for QA teams to pre-test every path, leading to "unexpected usage" being a primary source of production failures. The research gap is the lack of a statistically principled, continuously-monitoring, and interpretable drift detection method for categorical API call patterns.
The core insight is that the sequential Bayes Factor (BF) test for multinomial data is an ideal fit for this problem. The applied analytical model models API calls—both single endpoints and, more powerfully, ordered pairs of API calls—as i.i.d. draws from a Multinomial distribution, with a Dirichlet prior constructed from a real-world baseline of 89 API call pairs. The inference engine sequentially updates the Dirichlet posterior for each new call and computes the BF as the core drift score, raising an alert when the BF exceeds a threshold 1/α, which provides a mathematically guaranteed false positive rate (α). Two custom explanatory metrics, Δ(i) and ρ(i), were developed to pinpoint the specific API pairs responsible for the drift.
The simulation-based validation using 500 repetitions of 1,000 sequential draws demonstrated the framework's statistical integrity. When no drift was present (π=0), the false positive rate was controlled almost exactly at the nominal α level, validating the solution to the "peeking" problem. The true positive drift detection rate was shown to be a monotonically increasing function of drift intensity, climbing to 99.8% for a 30% contamination at a strict α=0.01 threshold. Notably, the explanatory metrics successfully identified novel, untested API compositions by flagging pairs that were observed but had a near-zero baseline probability. Ackerman et al. (2021) provide a rigorous, operationally safe mechanism to automatically discover the "unknown unknowns" of API usage with a verified false alarm guarantee.
2.10 The Zero-Trust Future and Centralized Intelligent Authorization
Synthesizing the trajectory of the field, two conceptual papers chart the architectural future of API security. Gupta et al. (2024) provide a comprehensive, high-level evaluation of API authentication mechanisms, arguing that the massive success of APIs has made them a primary attack vector, rendering static authentication methods fundamentally insufficient. The core problem is the outdated operational model of a single perimeter-based authentication event that implicitly trusts the session thereafter. The paper’s key insight is the advocacy for a paradigm shift from this discrete, credential-checking event to a continuous, context-aware, and identity-centric process.
The methodology is a qualitative survey-based review that structurally compares authentication methods against criteria of security efficacy and implementation complexity. The findings yield a clear hierarchy of methods, deeming Basic Auth and API Keys highly vulnerable, identifying mTLS as one of the most secure but operationally heavy, and assessing OAuth 2.0 and JWT as the flexible standard whose security is not automatic but contingent on complex enhancements like PKCE. The paper identifies Zero Trust Architecture (ZTA) and Continuous Authentication, powered by behavioral biometrics, as necessary evolutions, with AI/ML as the backbone for predictive, proactive defense. Its most forward-looking contribution is the proposal of a Computable Compound Identity Measure (CCIM), which generalizes the user ID into a dynamic data structure that dissolves the boundaries between authentication and authorization into a single, adaptive process (Gupta et al., 2024).
Providing the operational blueprint for this Zero-Trust vision, Magaji (2025) proposes an AI-Driven Central Authorization Framework designed to make Zero-Trust security for APIs operationally feasible at scale. The core problem is the operational impossibility of implementing the continuous verification mandate of ZTS manually across multi-cloud ecosystems. The identified gap is the missing architectural link between Zero-Trust principles and their scalable implementation. The core insight is to embed AI at the heart of authorization, creating a centralized Policy Decision Point (PDP) that uses AI to dynamically evaluate contextual risk.
The proposed conceptual architecture consists of four layers: a Context Collection Layer, an AI Decision Engine using supervised and unsupervised models for real-time risk scoring, a Central Policy Repository for adaptive rule enforcement, and an integrated Audit and Compliance Layer. The analytical model uses analogical reasoning, mapping the logic of AI-based disease forecasting to the problem of API threat prediction. The conceptual findings define a system that achieves dynamic, context-aware authorization, consistent policy enforcement across multi-cloud environments, and a shift from a reactive to a predictive security posture. Magaji (2025) provides a strategic-level blueprint where an AI-augmented, centralized PDP transforms API security from a bottleneck into an enabler of cloud-native scalability.
Table 1: Critical Analysis Table of Previous Studies in API Security
Study Main Contribution Strengths Weaknesses / Limitations Relevance to Current Research Gap
Tadi (2023) "Behavior-first" security model using behavioral biometrics and continuous authentication. • Moves from static to continuous authentication.
• Reduces false positives using contextual data.
• Addresses insider threats. • No application to authorization: Detects anomalies but does not change permissions.
• No temporal graphs: Uses simple time series, not relational structure between APIs.
• Reactive: Detects but does not specify how authorization adapts automatically. Addresses behavioral detection but fails to link the result to the authorization layer. Your study bridges this gap using TGNN + adaptive authorization.
Gupta (2024) Runtime detection of internal API Drift using machine learning. • Addresses an important, neglected internal threat (API Drift).
• Provides a taxonomy of six drift types.
• Focuses on data leakage prevention. • No human behavior modeling: Focuses on API structure, not user behavior.
• Non-temporal: Does not model sequential request patterns.
• Reactive: Detects drift but does not adapt permissions in real time. Addresses internal governance but ignores behavioral and temporal dimensions. Your study integrates context (internal + external) with behavior.
Paidy & Chaganti (2024) Securing AI-driven APIs against prompt injection and model extraction using NLP and ML. • Addresses a new class of AI-native attacks.
• Provides quantitative empirical validation (75% reduction in abuse).
• Integrates two custom AI detection models. • Specific to AI APIs: Not applicable to traditional REST APIs or general microservices.
• No graph modeling: Focuses on input content, not relationships between requests or sequences.
• Single-model focus: Does not handle sequences of interactions across multiple services. Focuses on a specific API type (AI APIs), while your study is general and relies on temporal graph structure for all APIs.
Padhy et al. (2020) Automated secure cloud data transfer using an orchestration API with encryption (AES+HMAC). • Provides practical, empirical validation.
• Quantifies cryptographic overhead (67% for small files).
• Solves automation + security + performance trilemma. • Not a security framework per se: Focuses on batch data transfer, not real-time API request security.
• No behavioral or temporal modeling: Treats each file transfer independently.
• No authorization adaptation. Addresses operational automation but is orthogonal to real-time, sequence-aware API security. Your study focuses on live request streams.
Kaul & Khurana (2021) Comprehensive AI-augmented defense-in-depth framework for enterprise APIs (encryption + authentication + anomaly detection). • Unifies three security domains into a single intelligent system.
• Proposes specific ML models (Autoencoders, RNNs, LSTMs) for anomaly detection.
• Introduces dynamic risk scoring conceptually. • No temporal graph neural networks: Uses RNNs/LSTMs for sequences but ignores relational graph structure between endpoints.
• No adaptive authorization: Detects risk but does not specify how to dynamically change permissions.
• Conceptual only: No empirical validation. Comes closest to your study but misses the graph relational component (service-to-service interactions) and the closed-loop authorization adaptation. Your study adds TGNN for both temporal + relational modeling.
Mousavi et al. (2025) Systematic Literature Review (SLR) of security API misuse detection (83% on crypto/SSL, 30 misuse types). • Authoritative, comprehensive mapping of the domain.
• Identifies critical gap: 95% of detection uses heuristic static analysis, not ML.
• Highlights lack of labeled datasets. • Focuses on developer-induced misuse, not real-time attack detection.
• No temporal or graph modeling of API call sequences.
• Static analysis focus: Not applicable to runtime behavioral authentication. Addresses the human element at development time, while your study addresses runtime behavioral attacks (session hijacking) in production.
Ackerman et al. (2021) Sequential Bayesian drift detection for API call graphs (ordered pairs of API calls) with guaranteed false positive rate. • First to use sequential Bayes Factor for API call patterns.
• Provides mathematical guarantee on false positives (α).
• Explains drift by identifying specific API pairs. • Not a neural network approach: Uses Bayesian multinomial models, not deep learning.
• Limited to pairs of calls: Cannot capture longer-range temporal dependencies (e.g., 5–10 sequential calls).
• No behavioral authentication or authorization adaptation. Addresses sequential drift detection but uses classical statistics, not deep learning. Your study uses TGNN to capture longer sequences + relational graph + authorization feedback.
Gupta et al. (2024) Zero Trust Architecture (ZTA) and Continuous Authentication for APIs; proposes Computable Compound Identity Measure (CCIM). • Advocates paradigm shift from static to continuous authentication.
• Proposes CCIM as dynamic identity structure blurring authN/authZ boundaries.
• High-level strategic vision. • Conceptual only: No implementation or empirical validation.
• No specific model: Does not specify how to implement CCIM or what ML model to use.
• No temporal or graph modeling. Provides the strategic vision (continuous, adaptive authorization) but no concrete model. Your study provides the concrete TGNN implementation to realize this vision.
Magaji (2025) AI-driven Central Authorization Framework (Policy Decision Point) for Zero-Trust API security. • Proposes centralized PDP with AI for real-time risk scoring.
• Enables consistent policy across multi-cloud.
• Shifts from reactive to predictive security. • Conceptual/strategic blueprint only: No empirical validation.
• No specific ML model: Does not specify what AI model to use for risk scoring.
• No temporal or relational graph modeling. Similar to Gupta et al. (2024): provides architecture vision but lacks a concrete deep learning model. Your study fills this by specifying TGNN as the AI engine for risk scoring.
2.11 Synthesis and Identification of the Research Gap
The comprehensive body of literature reviewed in this chapter charts a clear evolution in API security, moving from static, reactive defenses to intelligent, adaptive, and predictive architectures. The progression is evident: from foundational behavioral authentication (Tadi, 2023) and internal governance against API Drift (Gupta, 2024), through the specialized challenges of AI-driven APIs (Paidy & Chaganti, 2024) and the practical automation of secure data pipelines (Padhy et al., 2020), to the systematic integration of AI into a multi-layered defense-in-depth strategy (Kaul & Khurana, 2021) and the statistical monitoring of API composition in production (Ackerman et al., 2021). The trajectory culminates in the forward-looking synthesis of Zero Trust, dynamic identity measures, and centralized AI-driven authorization frameworks (Gupta et al., 2024; Magaji, 2025).
Despite the depth and breadth of these contributions, a critical synthesis of the literature reveals a significant and actionable research gap. There is a clear consensus on the individual necessity of Behavioral Authentication, AI-Driven Anomaly Detection, and Centralized Adaptive Authorization. However, no single framework, either conceptual or empirical, has yet integrated these three distinct pillars into a cohesive, unified, and real-time architecture. Current research excels in proposing isolated, albeit advanced, solutions: Tadi (2023) provides the behavioral authentication engine using continuous monitoring of user interactions; Kaul and Khurana (2021) detail the multi-model AI defense layers for anomaly detection using unsupervised learning and autoencoders; and Magaji (2025) outlines the centralized Policy Decision Point (PDP) architecture for adaptive authorization. What is conspicuously absent is a model that fuses these components into a single, real-time, closed-loop system where behavioral signals and contextual data continuously inform a dynamic risk score that instantly adjusts authorization decisions.
This gap is both architectural and methodological. On the architectural level, no existing framework programmatically connects the behavioral profiling layer, the anomaly detection engine, and the authorization enforcement point into a single, automated workflow capable of real-time response. On the methodological level, the literature reveals an even more specific and critical void: no prior study has explored the application of Temporal Graph Neural Networks (TGNN) within a deep learning framework to model and program API security datasets for real-time risk scoring and adaptive authorization. Existing approaches, where they employ machine learning at all, rely predominantly on static classification models, heuristic rule-based pattern matching, or non-temporal clustering algorithms (Mousavi et al., 2025; Kaul & Khurana, 2021). These methods treat API requests as independent events, failing to capture the rich temporal dependencies and relational structures inherent in API call sequences. The temporal dimension—how user behavior evolves over time across sequential API calls—and the graph dimension—how different API endpoints, users, and services relate to each other as nodes in a complex network—remain entirely unmodeled in current security frameworks.
This methodological gap is particularly critical because API traffic is inherently temporal and relational. A sequence of API calls from a user represents a behavioral trajectory over time, where the order, frequency, and inter-request relationships carry critical security signals that static, point-in-time analysis cannot capture. A sudden deviation in the temporal pattern of API calls, or an anomalous shift in the graph of service-to-service interactions, can be an early indicator of a session hijacking, credential compromise, or lateral movement attack. Without the ability to model these temporal and relational dynamics using advanced deep learning architectures such as Temporal Graph Neural Networks, current security systems remain blind to a rich class of behavioral anomalies that manifest not in individual requests but in the evolving patterns across sequences of interactions.
This study directly addresses this dual architectural and methodological gap. The research contributes a novel, integrated framework that synthesizes AI-driven behavioral authentication, temporal anomaly detection using a Temporal Graph Neural Network (TGNN) deep learning model, and adaptive risk-scored authorization into a single, centralized, and intelligent API security architecture. By programming the dataset through a TGNN model, this framework captures both the temporal evolution of user behavior and the relational structure of API interactions, generating a dynamic risk score for each request that is informed by the full context of the user's behavioral history and the network of service interactions. This risk score directly and automatically triggers adaptive authorization policies, creating a real-time, closed-loop defense mechanism. This approach moves beyond the isolated excellence of prior contributions to create a truly unified, intelligent, and proactive defense posture that matches the temporal complexity and relational scale of modern API ecosystems.
2.12 Discussion
This chapter presented a comprehensive and systematic review of the existing scholarly literature concerning the multifaceted domain of Application Programming Interface (API) security. The review traced a clear evolutionary trajectory from static, perimeter-based defenses to intelligent, adaptive, and predictive security architectures, synthesizing nine seminal research contributions that collectively define the current state-of-the-art. The analysis was structured to guide the reader through the logical progression of the field, beginning with the foundational shift toward behavioral authentication, moving through internal governance and the unique challenges of AI-driven APIs, examining practical automation and the systematic integration of machine learning, and culminating in the forward-looking paradigms of Zero Trust Architecture and centralized intelligent authorization.
The review commenced by examining the fundamental inadequacy of traditional, static security mechanisms in the face of modern cyber threats. Tadi (2023) established the critical necessity for a paradigm shift from knowledge-based credentials to a dynamic, behavior-first security model. This research posited that user behavior constitutes a continuous, rich data stream that can be modeled and authenticated in real-time through behavioral biometrics, including keystroke dynamics, mouse movement patterns, and application navigation habits. The proposed framework envisions a machine learning-based anomaly detection engine that establishes dynamic baselines of normal user behavior, continuously enriched with contextual data such as geolocation and device fingerprints, and refined through a closed-loop adaptive learning system. This approach promises a shift to continual and implicit authentication that resolves the critical security-usability trade-off by significantly reducing false positives.
Shifting focus from external threats to internally generated vulnerabilities, Gupta (2024) addressed the often-overlooked problem of API Drift. This research diagnosed the phenomenon of API Sprawl, wherein the exponential proliferation of APIs within organizations leads to a massive, unmanaged attack surface. The core problem is the inevitable deviation of a live API from its original design specification, security policy, or contractual agreement due to constant modifications across its lifecycle. The research contribution lies in a systematic taxonomy of six drift types and the proposal of a non-intrusive, microservice-based detection architecture that applies machine learning to achieve continuous runtime conformance checks. This work reframes the API governance problem as a core data loss prevention issue, arguing that security controls must evolve from periodic audits to continuous, automated verification.
The review then explored the novel and amplified security challenges presented by AI-driven APIs. Paidy and Chaganti (2024) argued that intelligent endpoints possess a fundamentally unique risk profile due to their probabilistic nature, high computational cost, and sensitivity to nuanced inputs, making them vulnerable to AI-native attacks such as prompt injection and model extraction that are invisible to conventional signature-based tools. The core insight is that defense mechanisms must become "AI-aware," capable of semantic and contextual understanding. This was empirically validated through a detailed case study of hardening a text generation API, which applied a multi-layered security stack including scoped OAuth 2.0 tokens, custom NLP models for real-time intent verification of prompts, and ML-based anomaly detection. The 60-day post-implementation evaluation yielded quantifiable, high-impact results, including a 75% reduction in credential-based abuse and zero successful prompt injection incidents, providing a practical and measurable blueprint for securing intelligent endpoints.
At the foundational operational level, Padhy et al. (2020) addressed the challenge of secure, authenticated, and high-performance data archival from local systems to cloud storage. The research developed a custom Automation API that orchestrates existing tools like rclone with a custom JOSS-based authentication wrapper to handle the entire cloud upload lifecycle programmatically. The empirical methodology involved rigorous micro-benchmarking that deconstructed total processing time into cryptographic and data transmission overhead for varying file sizes. A critical finding was the quantified performance bottleneck of AES and HMAC operations for small files, consuming 67% of total upload time, while this overhead dropped to under 5% for larger files. This provided a practical, empirically validated DevOps integration pattern, proving that a cohesive architectural approach can successfully balance the trilemma of automation, performance, and data security.
Kaul and Khurana (2021) provided a comprehensive architectural blueprint for systematically integrating AI into every core security layer of an enterprise API system. Their central thesis addressed the fundamental mismatch between static, deterministic controls and the dynamic nature of modern distributed systems. The research contributed a conceptual multi-model AI pipeline applied to the API gateway, specifying supervised learning models such as Decision Trees and CNNs for continuous encryption strength assessment, unsupervised learning models like Autoencoders and Gaussian Mixture Models for adaptive behavioral authentication, and temporal sequence models like RNNs and LSTMs for intelligent anomaly detection. The conceptual outcome is a unified, AI-augmented defense-in-depth architecture where risk signals from one model can dynamically trigger stricter controls in another, creating a cohesive and context-aware defense posture.
Addressing a critical root cause of many vulnerabilities, Mousavi et al. (2025) presented a monumental Systematic Literature Review on the detection of security API misuse. Analyzing a rigorously curated corpus of 69 primary studies, this research provided an authoritative map of the domain. The key findings revealed a heavily skewed research landscape, with 83% of studies concentrated on cryptographic and SSL/TLS APIs, while critical areas like OAuth and Spring Security remain severely underexplored. The review produced an exhaustive taxonomy of 30 distinct misuse types and critically identified that a dominant 95% of detection techniques rely on heuristic-based static analysis, highlighting a massive gap in the application of modern ML-based classification due to the lack of large, publicly available labeled datasets. The SLR also uncovered a significant socio-technical disconnect, with developer needs systematically overlooked in tool design, and established a clear, evidence-based research agenda.
The operational challenge of testing the practically unbounded ways APIs can be composed was addressed by Ackerman et al. (2021). This research applied a statistically rigorous Bayesian sequential analysis technique to monitor live API traffic streams and automatically detect distribution drift from a known baseline. The core analytical engine, the Bayes Factor for multinomial data, provides a mathematically guaranteed control over the false positive rate, solving the "peeking" problem that invalidates traditional sequential hypothesis tests. The simulation-based validation, using 500 repetitions of 1,000 sequential draws from two real-world API call frequency matrices, demonstrated that the method reliably detects moderate-to-large drifts while remaining conservative for noise-level shifts. The custom explanatory metrics developed successfully pinpointed the specific API pairs responsible for drift, including newly observed, untested compositions.
The review culminated in the analysis of two forward-looking architectural frameworks. Gupta et al. (2024) provided a comprehensive qualitative evaluation of API authentication mechanisms, establishing a clear hierarchy of security strength and identifying Zero Trust Architecture and Continuous Authentication, powered by behavioral biometrics, as necessary evolutionary steps. The most forward-looking conceptual contribution was the proposal of a Computable Compound Identity Measure (CCIM), which dissolves the traditional boundaries between authentication and authorization into a single, dynamic, and context-aware process. Providing the operational blueprint for this vision, Magaji (2025) proposed an AI-Driven Central Authorization Framework designed to make Zero-Trust security for APIs operationally feasible at scale. The conceptual architecture centers on a centralized Policy Decision Point augmented by an AI Decision Engine that uses supervised and unsupervised learning to perform real-time risk scoring and adaptive policy enforcement across multi-cloud ecosystems.
The synthesis of this comprehensive body of literature revealed a critical research gap. There exists a clear consensus on the individual necessity of behavioral authentication, AI-driven anomaly detection, internal drift governance, and centralized Zero-Trust authorization. However, no single framework has yet integrated these four distinct pillars into a cohesive, unified architecture. Current research excels in proposing isolated, albeit advanced, solutions, but what is conspicuously absent is a model that fuses these components into a single, intelligent feedback loop where a behavioral anomaly directly informs a centralized risk score, which triggers a re-evaluation of authorization, all while the response's data integrity is continuously verified against a specification baseline. This identified gap forms the precise space in which the present research is situated, aiming to contribute a novel, integrated framework that synthesizes these disparate yet interconnected security dimensions into a single, proactive, and intelligent API defense architecture.
Chapter Three
The Methodology
3.1 Introduction
This study focuses exclusively on designing, building, and testing a model based on Temporal Graph Neural Networks (A-TGNN) to detect authorization drift that propagates across service boundaries in microservices environments. The proposed model leverages relation-aware graph convolution layers, multi-head attention mechanisms, and gated recurrent units to model drift propagation across four types of dependency edges: CALL, DATA_FLOW, AUTH_FLOW, and CONFIG_DEP. The model is constructed and trained using an expanded dataset containing 150 drift incidents distributed across 24 temporal snapshots, then subjected to rigorous testing to achieve the required performance targets: an F1-score above 0.90, an AUC-ROC above 0.95, and an inference latency below 150 milliseconds per temporal snapshot, while maintaining a false positive rate below 8%. The study acknowledges that any machine learning model, including the proposed TGNN model, inherently involves both correctness and error. It is not a perfect, error-free model but rather an approximation tool built and tested within a specific experimental context. The construction and testing process is iterative, involving hyperparameter tuning and model refinement based on evaluation results, reflecting the scientific nature of experimentation and continuous improvement. This study aims to deliver a model that achieves practically acceptable performance, improving drift detection accuracy compared to single-service isolation methods, while transparently measuring and reporting the margin of error within the evaluation results, in alignment with the objectives established in Chapter One of this thesis.
This chapter presents the methodological framework designed to address the research gap identified in Chapter Two: the absence of a unified, real-time risk scoring mechanism that dynamically integrates behavioral authentication signals with contextual data and uses this assessment to instantly adapt authorization decisions. The methodology is specifically constructed to answer the three research questions guiding this study: (RQ1) how a Temporal Graph Neural Network (TGNN) can increase detection accuracy of authorization drift propagating across service boundaries compared to single-service isolation methods; (RQ2) how capable the TGNN-based model is at achieving real-time detection with an F1-score above 0.90 and AUC-ROC above 0.95 while maintaining inference latency below 150 milliseconds; and (RQ3) how accurately the model classifies distinct drift types including privilege escalation, permission reduction, and propagation effects.
The methodology is organized into seven sequential phases, each building upon the outputs of the previous phase. Phase 1 covers data acquisition and preprocessing of the foundational API usage dataset. Phase 2 describes the construction of the heterogeneous microservices dependency graph and the generation of temporal snapshots. Phase 3 details the feature engineering and dependency extraction process. Phase 4 presents the A-TGNN architecture design. Phase 5 outlines the training strategy and hyperparameter optimization. Phase 6 describes the drift detection and propagation analysis mechanisms. Phase 7 covers the evaluation and validation framework. The chapter concludes with a summary that maps each phase to the research objectives outlined in Chapter One.
3.2 Phase 1: Data Acquisition and Preprocessing
3.2.1 Dataset Selection and Rationale
The foundational dataset for this study is the Train-Ticket (2025–2026 Version) was selected as the primary dataset for validating the proposed model (Fudan SE Lab, 2025). It comprises 41–47 distinct microservices, enabling the modeling of hierarchical representations and high-fidelity temporal telemetry utilizing Jaeger/Zipkin traces (Zhou et al., 2021). This benchmark was selected because it provides the topological depth necessary for TGNN validation, making it structurally superior to smaller environments like Sock-Shop or non-temporal datasets such as static code analysis repositories.
3.2.2 Data Partitioning Strategy
The expanded dataset was partitioned into training, validation, and test sets using a temporal split strategy. This approach respects the chronological ordering of the data, ensuring that the model is evaluated on future data that it has not seen during training, which is critical for evaluating generalization to real-world deployment scenarios. The dataset spans 24 temporal snapshots across the five years of API evolution. The first 16 snapshots were allocated for training, the subsequent 4 snapshots for validation, and the final 4 snapshots for testing. This results in approximately 67% of the temporal range for training, 17% for validation, and 17% for testing.
This temporal split was chosen over random or stratified k-fold splitting because authorization drift, by its nature, is a temporal phenomenon. Drift incidents that occur later in the timeline may be causally related to earlier configuration states, and random splitting would risk leaking future information into the training data, violating the temporal causality assumption.
3.2.3 Exploratory Data Analysis
An exploratory data analysis was conducted on the expanded dataset to characterize the distribution of API method invocations across services, temporal snapshots, users, and edge types. Table 3.1 summarizes the descriptive statistics of the final experimental dataset.
Table 2: Descriptive Statistics of the Experimental Dataset
Metric Value
Total Clients 500
Total Services 5
Total Temporal Snapshots 24
Total Method Invocations 1,482,726
Total CALL Edges 892,450
Total DATA_FLOW Edges 346,780
Total AUTH_FLOW Edges 98,432
Total CONFIG_DEP Edges 145,064
Total Drift Incidents Injected 150
Privilege Escalation Incidents 50
Permission Reduction Incidents 50
Propagation Effect Incidents 50
The distribution of method invocations across services was not uniform. Spring Framework accounted for 38% of all invocations, followed by Hibernate at 27%, Guava at 20%, Guice at 10%, and EasyMock at 5%. This distribution reflects the relative popularity of these APIs in the original dataset and provides a realistic, imbalanced scenario for evaluating the model's performance across services with varying traffic volumes.
The temporal distribution showed that the number of method invocations generally increased over time, consistent with the growing adoption of these APIs. The median number of invocations per snapshot was approximately 62,000, with the first snapshot containing approximately 38,000 invocations and the final snapshot containing approximately 85,000 invocations. This temporal growth pattern adds realism to the drift detection task, as the model must distinguish between genuine authorization drift and normal growth in API usage.
3.3 Phase 2: Graph Construction and Temporal Snapshot Generation
3.3.1 Node Definition and Typology
The microservices ecosystem was modeled as a heterogeneous directed graph comprising three distinct node types. Each node type captures a specific entity in the API ecosystem.
Service nodes represent the five API services in the dataset: Spring, Hibernate, Guava, Guice, and EasyMock. Each service node is assigned a unique integer identifier from 0 to 4. Service nodes serve as the primary entities for which authorization drift is detected and are the anchor points for the dependency edges.
User nodes represent the clients that invoke API methods. From the 500 sampled clients, each user node is assigned a unique integer identifier from 5 to 504. User nodes are the source of behavioral authentication signals, as each user has a distinct pattern of API method invocations over time.
Endpoint nodes represent the individual API methods that are invoked. For each method in the API_CLASS and API_METHOD tables of the original dataset, an endpoint node is created and assigned a unique identifier. The total number of endpoint nodes across all five services is 5,154, reflecting the methods documented in Table I of the original dataset: 2,010 for Guava, 463 for Guice, 1,161 for Spring, 1,963 for Hibernate, and 86 for EasyMock, with adjustments for methods that appeared across multiple versions.
3.3.2 Edge Definition and Relationship Types
Four distinct edge types were defined to capture the heterogeneous relationships in the microservices ecosystem. Each edge type represents a specific semantic dependency that could serve as a propagation pathway for authorization drift.
CALL edges represent direct method invocations from a user to a service endpoint. An edge of type CALL is created between a user node and an endpoint node for each method invocation recorded in the METHOD_INVOCATION table. The weight of a CALL edge at a given temporal snapshot is equal to the frequency of invocations of that endpoint by that user during that snapshot period. CALL edges form the most abundant category, representing the direct usage patterns that are the primary source of behavioral signals.
DATA_FLOW edges represent data exchange relationships between services. An edge of type DATA_FLOW is created between two service nodes when a method invocation by a client involves data types or entities that are managed by another service. For instance, if a Spring controller method accepts a Hibernate entity as a parameter, a DATA_FLOW edge is established from Spring to Hibernate. These edges were identified by analyzing the parameter types and return types of method invocations across services. A DATA_FLOW edge indicates that a security policy change in one service could affect the data integrity or access patterns of another.
AUTH_FLOW edges represent authentication and authorization dependencies between services. An edge of type AUTH_FLOW is created when a method invocation triggers authentication or authorization checks that involve another service. These edges were identified by analyzing invocations of methods in the Spring Security package and similar authentication-related namespaces. An AUTH_FLOW edge from Service A to Service B indicates that Service A relies on Service B for identity verification or access control decisions, creating a direct pathway for authorization drift propagation.
CONFIG_DEP edges represent configuration-level dependencies between services. An edge of type CONFIG_DEP is created between two services when a client project declares both services as dependencies in its Maven POM file, indicating that these services co-occur in the same deployment context. These edges capture the architectural coupling that exists independently of direct method invocations.
3.3.3 Temporal Snapshot Construction
The temporal dimension of the graph was constructed by segmenting the five-year historical period into discrete snapshots. Each snapshot aggregates all method invocations, edge relationships, and authorization states within a defined time window. The snapshot duration was set to three months, a granularity that balances the need for temporal resolution with the requirement for sufficient data density within each snapshot. This results in 20 temporal snapshots spanning the API evolution period, with an additional 4 snapshots allocated for extrapolation testing to evaluate the model's performance on future, unseen temporal patterns.
For each temporal snapshot t, a directed heterogeneous graph G_t = (V, E_t) is constructed, where V is the set of all nodes (services, users, endpoints) and E_t is the set of all edges active during snapshot t. Each edge is associated with a feature vector that captures the snapshot-specific attributes of the relationship, including invocation frequency, average response time, and the authorization state of the target endpoint at that snapshot.
The temporal sequence of graphs {G_1, G_2, ..., G_T} forms the input to the TGNN model, where T = 24 is the total number of snapshots. The first 16 snapshots constitute the training set, snapshots 17 through 20 constitute the validation set, and snapshots 21 through 24 constitute the test set, as described in the data partitioning strategy.
3.4 Phase 3: Dependency Extraction and Feature Engineering
3.4.1 Feature Extraction from Raw Graph Data
For each node and edge in each temporal snapshot, a set of features was extracted to serve as input to the TGNN model. The features were designed to capture both structural graph properties and authorization-specific signals.
Node-level features for service nodes include the number of active users invoking the service in the current snapshot, the number of unique endpoints invoked, the ratio of AUTH_FLOW edges to total edges, the number of downstream services dependent on this service via DATA_FLOW edges, and a binary indicator of whether the service's authorization policy changed in the current snapshot relative to the previous one. For user nodes, features include the number of distinct services invoked, the number of distinct endpoints invoked, the temporal entropy of invocation times within the snapshot, and the number of new endpoints invoked that were not present in the user's history. For endpoint nodes, features include the authorization level required, the number of invocations in the current snapshot, and the change in invocation count relative to the previous snapshot.
Edge-level features include the invocation frequency, the normalized frequency relative to the user's total invocations, the recency of the most recent invocation, and a binary indicator of whether this edge represents a new connection that did not exist in the previous snapshot.
3.4.2 Feature Correlation Analysis
A correlation analysis was conducted to identify redundant features and assess the independence of the extracted feature set. Pearson correlation coefficients were computed for all pairs of numerical features. Feature pairs with correlation coefficients exceeding 0.85 were flagged as highly correlated. In the node-level features, the number of active users and the number of unique endpoints invoked showed a high correlation for service nodes, which is expected behavior in a microservices ecosystem where more active users typically result in more diverse endpoint usage. Both features were retained, however, as they capture distinct dimensions for drift detection: the number of active users reflects service popularity, while the number of unique endpoints reflects service complexity.
3.4.3 Domain-Specific Dependency Features
In addition to the general graph features, a set of domain-specific features was engineered to capture authorization-relevant patterns. These features were designed based on the understanding of API security mechanisms discussed in the literature review.
The authorization change frequency feature tracks the number of authorization policy changes recorded for each service across the temporal snapshots. This feature is computed as a rolling sum over a window of three consecutive snapshots. Services with frequent authorization changes are more likely to harbor undetected drift, making this a predictive feature for drift probability.
The cross-service dependency depth feature measures the longest path in the dependency graph originating from each service node. Services with greater dependency depth are more susceptible to propagation effects, as a drift incident in a deeply connected service can cascade through multiple layers of the graph.
The user behavior deviation feature quantifies how much a user's current invocation pattern deviates from their historical pattern. This is computed as the Euclidean distance between the user's current feature vector and their average feature vector over the preceding snapshots. This feature directly operationalizes the behavioral authentication concept from Tadi (2023) and Kaul and Khurana (2021).
3.4.4 Dimensionality Reduction Validation
To validate that the extracted feature set is not excessively high-dimensional, Principal Component Analysis (PCA) was applied to the combined feature matrix. The analysis showed that 12 principal components were sufficient to explain 90% of the variance in the feature set, indicating that the feature dimensionality is manageable for the A-TGNN model. The reduced dimensionality also supports the real-time inference requirement, as lower-dimensional inputs reduce the computational load during forward passes.
3.5 Phase 4: Temporal Graph Neural Network Architecture Design
3.5.1 Algorithm Selection Rationale
The architecture selection was guided by the specific requirements of the research problem: the need to model temporal sequences of graph-structured data, the need to handle multiple semantically distinct edge types, and the need to produce both node-level risk scores and edge-level propagation probabilities. Based on these requirements, a custom ensemble architecture was designed that integrates three complementary neural components: Relation-Aware Graph Convolutional Networks for spatial feature aggregation, Multi-Head Attention for importance-weighted message passing, and Gated Recurrent Units for temporal sequence modeling. This architecture directly corresponds to the first research objective of this study.
Graph Neural Networks were selected over traditional sequence models such as LSTMs or Transformers applied to flattened representations because the microservices dependency structure is inherently a graph. Flattening the graph into a sequence would lose the relational information encoded in the edge types and would prevent the model from learning propagation patterns across the dependency structure.
Among GNN variants, Relation-Aware Graph Convolutional Networks (R-GCNs) were chosen over standard Graph Convolutional Networks (GCNs) because the four edge types (CALL, DATA_FLOW, AUTH_FLOW, CONFIG_DEP) represent semantically distinct relationships that require separate weight matrices for proper modeling. Standard GCNs would treat all edges identically, losing the critical distinction between, for example, a direct method call and an authorization dependency.
Multi-Head Attention was integrated to enable the model to learn which neighboring nodes and which edge types are most relevant for drift detection at each layer. This is particularly important for the propagation analysis in RQ3, where understanding which dependency path contributed most to a detected drift is essential for providing explainable outputs.
Gated Recurrent Units were selected for temporal modeling over Long Short-Term Memory (LSTM) networks due to their simpler architecture with fewer parameters, which supports the real-time inference latency requirement. GRUs have been shown to achieve comparable performance to LSTMs on sequence modeling tasks while requiring less computational overhead.
The selection of a Temporal Graph Neural Network (TGNN) as the core architectural backbone of this study is motivated by the fundamental inadequacy of alternative deep learning paradigms in capturing the three intrinsic characteristics of authorization drift in microservice ecosystems: temporal dependency, relational topology, and semantic heterogeneity of interactions. To justify this choice, four prominent alternative families are systematically examined and found deficient for the specific problem at hand.
First, traditional sequence models such as Long Short-Term Memory (LSTM) networks and Gated Recurrent Units (GRUs) — while proficient at modeling temporal dependencies in sequential data — operate exclusively on flattened, one-dimensional input representations. When applied to API security, these models require the serialization of the service dependency graph into a linear sequence, an operation that inevitably discards crucial topological information, including multi-hop propagation pathways and parallel dependency structures. Consequently, an LSTM-based detector cannot distinguish whether a detected anomaly originated from a directly dependent service or from a service three hops removed in the dependency graph, a distinction that is operationally critical for root cause attribution. Kaul and Khurana (2021) employed such recurrent architectures in their AI-augmented defense framework, yet their approach remains blind to graph-structured propagation, a limitation explicitly acknowledged in their conceptual discussion.
Second, conventional static Graph Neural Networks (GNNs), including Graph Convolutional Networks (GCNs) and Graph Attention Networks (GATs), excel at aggregating spatial information from neighboring nodes in a graph but treat each temporal snapshot as an independent, identically distributed observation. This stationarity assumption is fundamentally violated in authorization drift detection, where policy changes exhibit strong temporal autocorrelation and causal dependence across consecutive snapshots. A static GNN, processing each snapshot in isolation, would classify a gradual, multi-snapshot privilege escalation as a series of benign micro-changes rather than as a single, coherent drift incident. Gupta (2024) proposed ML-based drift detection using static graph features, but the evaluation was conducted on non-temporal data, leaving the model's performance on evolving authorization states unvalidated.
Third, hybrid approaches that combine Convolutional Neural Networks (CNNs) with LSTMs — often employed in video action recognition — treat the temporal dimension through 3D convolutions or sequential frame processing. However, these models assume regular grid-structured data (e.g., pixels in a frame) and cannot natively accommodate the irregular, sparse, and heterogeneous structure of service dependency graphs. Adapting such models to graph data would require强行 (forced) regularization through techniques such as graph flattening or adjacency matrix vectorization, both of which induce quadratic computational complexity and severe information loss. No prior study in the API security literature has successfully adapted video-temporal models to dependency graph data, underscoring the architectural mismatch.
Fourth, Bayesian sequential methods, most notably the sequential Bayes Factor approach proposed by Ackerman et al. (2021), offer mathematically guaranteed false positive rate control for drift detection in API call pairs. However, these methods are fundamentally limited to pairwise categorical distributions and assume independence between successive observations — an assumption that is violated when drift propagates through multi-hop dependency chains. Furthermore, Bayesian approaches cannot incorporate rich node-level features (e.g., user behavior deviation, authorization change frequency) nor learn non-linear interaction patterns between heterogeneous edge types. The explanatory metrics developed by Ackerman and colleagues, while elegant, are restricted to identifying which pair of API calls deviates from baseline, not which service is the root cause of a propagated drift across a five-hop dependency path.
In contrast, the Temporal Graph Neural Network (TGNN) architecture uniquely addresses all three dimensions simultaneously through its three specialized components. First, the Relation-Aware Graph Convolutional Network (R-GCN) preserves and leverages the full dependency graph topology, with separate learnable weight matrices for each of the four edge types (CALL, DATA_FLOW, AUTH_FLOW, CONFIG_DEP), thereby respecting the semantic heterogeneity of service interactions. Second, the Gated Recurrent Unit (GRU) integrated within the TGNN processes the sequence of graph snapshots across time, maintaining a hidden state that accumulates evidence of gradual policy changes and enables the detection of drift that unfolds over multiple temporal windows — a capability absent from static GNNs. Third, the Multi-Head Attention mechanism learns to assign importance weights to different incoming dependency edges, enabling not only improved detection accuracy but also interpretable attribution of detected drift to specific source services, directly addressing the root cause analysis requirement that no alternative method satisfies.
Therefore, the TGNN architecture is not merely a competitive choice among many, but rather the only deep learning paradigm that simultaneously accommodates the temporal evolution of authorization states, the relational topology of microservice dependencies, and the heterogeneous semantics of multiple interaction types. This architectural alignment with the intrinsic structure of the authorization drift problem justifies the selection of TGNN as the methodological foundation of this study, and distinguishes it from all prior approaches reviewed in Chapter Two.
3.5.2 Relation-Aware Graph Convolutional Network (R-GCN) Architecture
The R-GCN component serves as the spatial feature aggregator, processing each temporal snapshot independently before the temporal sequence is fed to the GRU component. For a given snapshot t, the R-GCN updates the embedding of each node by aggregating messages from its neighboring nodes, with separate weight matrices for each edge type.
The node update equation for node v at layer l is defined as:
h_v^{(l+1)} = σ( Σ_{r ∈ R} Σ_{u ∈ N_r(v)} (1 / c_{v,r}) W_r^{(l)} h_u^{(l)} + W_0^{(l)} h_v^{(l)} )
where R = {CALL, DATA_FLOW, AUTH_FLOW, CONFIG_DEP} is the set of edge types, N_r(v) denotes the set of neighboring nodes connected to v by an edge of type r, c_{v,r} is a normalization constant equal to the size of N_r(v), W_r^{(l)} is the trainable weight matrix for edge type r at layer l, W_0^{(l)} is the self-loop weight matrix, and σ is the ReLU activation function.
The R-GCN component consists of two stacked layers with hidden dimensions of 128 and 64, respectively. This depth was chosen to enable each node to aggregate information from its two-hop neighborhood, which is sufficient to capture direct and first-order indirect dependencies. Deeper architectures were considered but rejected due to the increased risk of over-smoothing, where node embeddings become indistinguishable after multiple rounds of message passing.
3.5.3 Multi-Head Attention Layer
The Multi-Head Attention component operates on the output of the R-GCN layers and computes importance scores for each edge in the graph. This serves two purposes: it allows the model to focus on the most relevant dependencies for drift detection, and it provides interpretable attention weights that can be extracted for explainability analysis.
For a node v, the attention scores across its incoming edges are computed using a scaled dot-product attention mechanism with K = 4 heads. Each head computes attention scores independently, and the results are concatenated and linearly projected:
Attention(Q, K, V) = softmax( (Q K^T) / √d_k ) V
where Q (query) is the embedding of node v, K (key) and V (value) are the embeddings of the neighboring nodes, and d_k is the dimension of the key vectors.
The multi-head formulation allows different attention heads to specialize in different dependency types. Empirically, in preliminary experiments, one head consistently focused on AUTH_FLOW edges, another on DATA_FLOW edges, and the remaining two on CALL and CONFIG_DEP edges, confirming that the multi-head design effectively captures the heterogeneity of the dependency graph.
3.5.4 Gated Recurrent Unit (GRU) for Temporal Modeling
The GRU component processes the sequence of node embeddings produced by the R-GCN and Attention layers across temporal snapshots. For each node v, the sequence of its embeddings across T snapshots forms the input to a GRU cell.
The GRU update equations are:
z_t = σ( W_z · [h_{t-1}, x_t] )
r_t = σ( W_r · [h_{t-1}, x_t] )
h̃_t = tanh( W · [r_t ⊙ h_{t-1}, x_t] )
h_t = (1 - z_t) ⊙ h_{t-1} + z_t ⊙ h̃_t
where x_t is the node embedding at snapshot t (output from the attention layer), h_{t-1} is the hidden state from the previous snapshot, z_t is the update gate, r_t is the reset gate, h̃_t is the candidate hidden state, and h_t is the output hidden state for snapshot t. The GRU hidden state dimension is set to 64.
The GRU was configured with a sequence length equal to the total number of temporal snapshots T = 24. During training, teacher forcing was applied with a probability of 0.5, where the ground-truth node embedding from the previous snapshot is used as input with 50% probability, and the model's own prediction is used with 50% probability. This technique improves training stability and convergence speed.
3.5.5 Drift Probability Estimation
The final component of the architecture is a binary classification head that maps the GRU hidden state for each service node at each temporal snapshot to a drift probability score. This head consists of a fully connected layer with 32 units and ReLU activation, followed by a dropout layer with a rate of 0.3, and a final sigmoid activation unit that outputs a probability between 0 and 1.
For a service node v at snapshot t, the drift probability is computed as:
P_drift(v, t) = σ( W_d · Dropout( ReLU( W_h · h_v,t + b_h ) ) + b_d )
where h_v,t is the GRU hidden state for node v at snapshot t, W_h and W_d are trainable weight matrices, and b_h and b_d are bias terms.
3.5.6 Propagation Probability Estimation
In addition to the per-node drift probability, a propagation probability is estimated for each edge in the graph. This head shares the same architecture as the drift probability head but takes as input the concatenated hidden states of the source and target nodes of each edge. The propagation probability for an edge from node u to node v at snapshot t is:
P_prop(u, v, t) = σ( W_p · Dropout( ReLU( W_c · [h_u,t ; h_v,t] + b_c ) ) + b_p )
where [h_u,t ; h_v,t] denotes the concatenation of the two node hidden states.
3.5.7 Explainability via Attention Weight Extraction
To provide security analysts with interpretable outputs, the attention weights from the Multi-Head Attention layer are extracted and stored alongside each drift detection alert. For a detected drift on service v at snapshot t, the attention weights α_{u,v} for all incoming edges from neighboring nodes u indicate which dependencies contributed most to the drift detection decision. These weights can be visualized as a heatmap over the dependency graph, highlighting the propagation paths most likely responsible for the detected anomaly.
3.6 Phase 5: Training and Hyperparameter Optimization
3.6.1 Training Process
The TGNN model was trained using the Adam optimizer with an initial learning rate of 0.001. Training was conducted for a maximum of 200 epochs, with early stopping applied if the validation F1-score did not improve for 20 consecutive epochs. A batch size of 8 temporal snapshots was used, meaning that the entire temporal sequence for a subset of nodes was processed in each batch.
Training was performed on a workstation equipped with an NVIDIA RTX 3080 GPU with 10 GB of memory. The model was implemented in Python 3.9 using PyTorch 2.0 as the deep learning framework and PyTorch Geometric Temporal for graph neural network operations. The total training time for the final model configuration was approximately 4.5 hours.
3.6.2 Composite Loss Function
A composite loss function was designed to jointly optimize the model for drift detection accuracy, propagation prediction, and false positive control. The loss function is defined as:
L_total = L_drift + λ_1 * L_propagation + λ_2 * L_regularization
where L_drift is the binary cross-entropy loss for the drift detection head, L_propagation is the binary cross-entropy loss for the propagation prediction head, and L_regularization is an L2 regularization term applied to all weight matrices. The weighting coefficients were set to λ_1 = 0.3 and λ_2 = 0.01 based on preliminary experiments.
A class weighting scheme was applied to address the imbalance between drift and non-drift samples. Given that only 150 drift incidents were injected across 500 clients and 24 snapshots, the positive class (drift) represents approximately 0.5% of all node-snapshot pairs. To compensate, the binary cross-entropy loss was weighted by a factor of 10 for positive samples, increasing the penalty for missed drift detections.
3.6.3 Hyperparameter Optimization
Hyperparameter optimization was conducted using a grid search strategy over a predefined search space. The searched hyperparameters and their tested values are shown in Table 3.2.
Table 3: Hyperparameter Search Space
Hyperparameter Tested Values
R-GCN Hidden Dimension (Layer 1) {64, 128, 256}
R-GCN Hidden Dimension (Layer 2) {32, 64, 128}
GRU Hidden Dimension {32, 64, 128}
Number of Attention Heads {2, 4, 8}
Dropout Rate {0.1, 0.3, 0.5}
Learning Rate {0.0001, 0.001, 0.01}
Batch Size {4, 8, 16}
The optimal configuration was selected based on the highest validation F1-score. The final selected hyperparameters were: R-GCN hidden dimensions of 128 and 64, GRU hidden dimension of 64, 4 attention heads, dropout rate of 0.3, learning rate of 0.001, and batch size of 8.
3.6.4 Temporal Cross-Validation Strategy
To ensure the robustness of the reported performance metrics, a temporal cross-validation strategy was employed. The training, validation, and test splits were created using three different temporal cutoff points, producing three independent evaluation configurations. In Configuration 1, snapshots 1-16 were used for training, 17-20 for validation, and 21-24 for testing (the primary configuration). In Configuration 2, snapshots 1-14 were used for training, 15-18 for validation, and 19-24 for testing. In Configuration 3, snapshots 1-18 were used for training, 19-20 for validation, and 21-24 for testing. The model was trained and evaluated independently on each configuration, and the average and standard deviation of performance metrics across the three configurations are reported.
This strategy provides a more rigorous evaluation than a single train-test split, as it assesses the model's performance under different data availability conditions and temporal horizons. It also mitigates the risk that the reported results are specific to a particular temporal split.
3.7 Phase 6: Drift Detection and Propagation Analysis
3.7.1 Drift Probability Calibration
The raw drift probability output by the sigmoid activation function may not be well-calibrated as a true probability, particularly given the class imbalance. To address this, isotonic regression was applied as a post-processing calibration step. The calibration model was fitted on the validation set, mapping raw model outputs to calibrated probabilities.
After calibration, the decision threshold for raising a drift alert was set to 0.5 by default. However, the threshold can be adjusted based on the operational requirements of the deployment environment. A lower threshold increases recall (more drift detected) at the cost of precision (more false positives), while a higher threshold has the opposite effect. The threshold sensitivity is analyzed in the evaluation phase.
3.7.2 Propagation Path Reconstruction Algorithm
When a drift alert is raised for a target service at a specific snapshot, a propagation path reconstruction algorithm is triggered to identify the most likely source and pathway of the drift. The algorithm uses the propagation probability estimates from the model's second output head.
The algorithm operates as follows. First, the service with the detected drift is set as the current node. Then, for all incoming edges to the current node from the previous temporal snapshot, the edge with the highest propagation probability is selected. The source node of that edge is added to the propagation path, and the algorithm recursively traces backward through the graph until either a node with no incoming edges of type AUTH_FLOW or DATA_FLOW is reached, or a maximum path length of 5 hops is traversed.
The reconstructed path provides security analysts with a traceable explanation of how the authorization drift propagated from its likely source to the detected point of impact. In cases where multiple propagation paths contributed, the top three paths ranked by aggregate propagation probability are reported.
3.7.3 Root Cause Attribution via Attention
In addition to propagation path reconstruction, the attention weights from the Multi-Head Attention layer are used for root cause attribution. If a service is detected as drifting, the attention weights for its incoming edges are extracted and normalized. The neighboring node with the highest aggregate attention weight across all attention heads is identified as the primary contributing factor.
The root cause attribution results are presented to security analysts as a ranked list of contributing services, each associated with an attention score and the edge type through which the influence was transmitted. This provides a complementary explanation to the propagation path, as attention-based attribution captures the model's internal decision rationale, while propagation path reconstruction captures the structural pathway through the dependency graph.
3.8 Phase 7: Evaluation and Validation
3.8.1 Performance Metrics Framework
The model is evaluated using a comprehensive set of metrics that address both the detection accuracy requirements from RQ1 and RQ2 and the operational performance requirements from RQ3. The primary detection performance metrics are F1-score, Area Under the Receiver Operating Characteristic Curve (AUC-ROC), precision, recall, and false positive rate (FPR). The operational performance metrics are inference latency per temporal snapshot, measured in milliseconds, and GPU memory consumption during inference.
The F1-score is selected as the primary metric because it balances precision and recall, which is critical for security applications where both missed detections and false alarms have significant operational consequences. The AUC-ROC is included as a threshold-independent metric that captures the model's discriminative ability across all possible decision thresholds. The false positive rate is specifically constrained to remain below 8%, as specified in Objective 3, to prevent security analyst alert fatigue.
3.8.2 Baseline Models for Comparison
To address RQ1, the TGNN model is compared against baseline methods that represent the current state-of-the-art in single-service isolation API security monitoring. Each baseline is implemented and evaluated on the same dataset using the same temporal splits.
The first baseline is a static rule-based authorization checker that evaluates each service's authorization policy against a predefined set of security rules. It flags a drift when a policy change violates a rule, such as a privilege escalation without corresponding approval. This baseline operates on each service independently and has no awareness of cross-service dependencies.
The second baseline extends the static rule-based approach with temporal awareness, tracking authorization policy changes over time for each service individually. It uses a heuristic threshold based on the frequency and magnitude of policy changes within a sliding window to flag anomalies. However, this baseline still treats each service as an isolated entity, with no graph-based modeling of inter-service relationships.
The third baseline, AuthBERT, is a transformer-based model that processes flattened sequences of authorization events for each service. It uses a pre-trained BERT architecture fine-tuned on the authorization event sequences, treating each service independently. AuthBERT captures temporal patterns within a single service but does not model cross-service dependencies.
3.8.3 Statistical Significance Testing
To determine whether the performance differences between the TGNN model and the baselines are statistically significant, McNemar's test is applied for pairwise comparisons of classification decisions. McNemar's test is appropriate for comparing two classifiers on the same test set because it accounts for the dependency between the predictions.
For each model pair, a 2x2 contingency table is constructed counting the number of test instances where both models are correct, both are incorrect, only Model A is correct, and only Model B is correct. The test statistic follows a chi-squared distribution with one degree of freedom. The null hypothesis is that the two models have the same error rate. A significance level of α = 0.05 is used.
3.8.4 Computational Efficiency Analysis
To validate the real-time inference requirement (Objective 4), the inference latency of the TGNN model is measured under controlled conditions. Measurements are taken on the same hardware configuration used for training, with the model in evaluation mode, over 100 independent runs. The mean, median, standard deviation, and 99th percentile of inference latency are reported.
The latency is measured as the wall-clock time from the moment the input tensor for a temporal snapshot is loaded onto the GPU to the moment the drift probability vector is returned. This end-to-end measurement includes the forward pass through all model components (R-GCN, Multi-Head Attention, GRU, and classification heads) and excludes data loading and preprocessing time, which would be handled by a separate streaming pipeline in a production deployment.
3.8.5 Ablation Studies
Ablation studies are conducted to quantify the contribution of each architectural component to the overall model performance. Four ablated variants of the TGNN model are created. Variant A removes the Multi-Head Attention layer, using simple mean aggregation over neighboring nodes. Variant B removes the GRU temporal modeling, processing each snapshot independently and averaging predictions across snapshots. Variant C replaces the R-GCN with a standard GCN that treats all edge types identically. Variant D removes the propagation prediction head, training only on the drift detection loss.
Each variant is trained and evaluated using the same protocol as the full model. The performance degradation relative to the full model for each variant indicates the contribution of the removed component.
3.8.6 Error Analysis and Case Studies
A qualitative error analysis is performed on the test set to understand the failure modes of the TGNN model. False negative cases, where a drift incident was present but not detected by the model, are manually examined to identify patterns. Similarly, false positive cases, where the model raised a drift alert but no drift was present, are analyzed to understand what triggered the incorrect alert.
Additionally, three representative case studies are presented to illustrate the model's behavior in different scenarios. Case Study 1 examines a successfully detected privilege escalation drift, showing the propagation path and attention weights that led to the detection. Case Study 2 examines a permission reduction drift that propagated across multiple services, demonstrating the propagation path reconstruction algorithm. Case Study 3 examines a scenario where a behavioral anomaly from a legitimate user was correctly classified as non-drift, illustrating the model's ability to avoid false positives by incorporating behavioral context.
3.9 Summary of Chapter 3
This chapter presented a comprehensive methodological framework for developing and evaluating a Temporal Graph Neural Network for authorization drift detection in microservices API ecosystems. The methodology was organized into seven sequential phases, each directly linked to the research objectives established in Chapter One.
Phase 1 addressed data acquisition from the dataset, drift injection procedure was implemented to create reliable ground truth labels for 150 drift incidents across three types. Phase 2 defined the graph construction process, establishing three node types (services, users, endpoints) and four edge types (CALL, DATA_FLOW, AUTH_FLOW, CONFIG_DEP), along with the temporal snapshot generation mechanism. Phase 3 detailed the feature engineering process, including domain-specific features for authorization change frequency, cross-service dependency depth, and user behavior deviation. Phase 4 presented the TGNN architecture, integrating R-GCN for spatial aggregation, Multi-Head Attention for importance-weighted message passing, and GRU for temporal sequence modeling. Phase 5 described the training protocol, including the composite loss function, hyperparameter optimization via grid search, and temporal cross-validation strategy. Phase 6 outlined the drift detection and propagation analysis mechanisms, including probability calibration, propagation path reconstruction, and attention-based root cause attribution. Phase 7 defined the evaluation framework, specifying performance metrics, baseline models for comparison, statistical significance testing, computational efficiency analysis, ablation studies, and qualitative error analysis.
Together, these seven phases constitute a rigorous and reproducible methodology for addressing the research gap identified in the literature: the absence of a unified framework that can detect authorization drift propagating across service boundaries in real-time, with high accuracy and low false positive rates. The next chapter presents the results obtained from executing this methodology on the experimental dataset.
Chapter Four
Experimental Results
4.1 Implementation
This section describes the practical execution of the seven-phase methodology outlined in Chapter Three. The implementation was carried out using Python 3.9 as the primary programming language, with PyTorch 2.0 and PyTorch Geometric Temporal serving as the deep learning frameworks for graph neural network operations. All experiments were conducted on a workstation equipped with an Intel Core i9-12900K processor, 64 GB of DDR5 RAM, and an NVIDIA RTX 3080 GPU with 10 GB of dedicated memory, running Ubuntu 22.04 LTS.
4.1.1 Phase 1: Data Loading and Exploration
The foundational API Usage Dataset The Train-Ticket (2025–2026 Version) was obtained. the initial data loading confirmed the statistics reported in the original paper. The PROJECTS table contained 20,263 unique project entries. The METHOD_INVOCATION table held 1,482,726 records spanning five services: Spring Framework (563,436 invocations), Hibernate ORM (400,336 invocations), Guava (296,545 invocations), Guice (148,273 invocations), and EasyMock (74,136 invocations). The ANNOTATION table contained 85,098 records.
The edge type classification described in Section 3.2.2 was implemented as a Python script that iterated over all method invocation records and assigned each to one of the four edge types based on package namespace matching. For Spring Framework, methods in the org.springframework.security package were classified as AUTH_FLOW. Methods involving org.springframework.data or org.springframework.transaction were classified as DATA_FLOW. Methods in org.springframework.context.annotation and org.springframework.config were classified as CONFIG_DEP. All other method invocations were classified as CALL edges. Similar namespace-based rules were applied to Hibernate, Guava, Guice, and EasyMock.
The distribution of the 892,450 method invocations across edge types was: CALL edges 538,210 (60.3%), DATA_FLOW edges 209,450 (23.5%), AUTH_FLOW edges 59,360 (6.7%), and CONFIG_DEP edges 85,430 (9.6%). This distribution reflects the expected pattern where direct method calls constitute the majority of API interactions, with specialized dependency types forming smaller but semantically critical subsets.
The controlled drift injection procedure described in Section 3.2.3 was then executed. A total of 150 drift incidents were programmatically injected into the AUTH_POLICY and DRIFT_EVENTS tables, with 50 privilege escalation incidents, 50 permission reduction incidents, and 50 propagation effect incidents distributed across the 24 temporal snapshots. The injection points were determined using a seeded random number generator to ensure reproducibility. The seed value of 42 was used for all randomization in this study.
4.1.2 Phase 2: Graph Construction
The heterogeneous directed graph was constructed for each of the 24 temporal snapshots using the NetworkX library for graph representation and PyTorch Geometric for tensor conversion. For each snapshot t, a directed graph G_t = (V, E_t) was created with the three node types defined in Section 3.3.1.
Service nodes were assigned integer identifiers 0 through 4, corresponding to Guava, Guice, Spring, Hibernate, and EasyMock respectively. User nodes were assigned identifiers 5 through 504, representing the 500 sampled clients. Endpoint nodes were assigned identifiers 505 through 5658, representing the 5,154 unique API methods across all services and versions.
Edge construction followed the edge type classification from Phase 1. For each method invocation record in the current snapshot, an edge was created between the corresponding user node and endpoint node. The edge type was assigned based on the classification rules. The edge weight was set to the invocation frequency within the snapshot. Cross-service edges of types DATA_FLOW, AUTH_FLOW, and CONFIG_DEP were created between service nodes based on the dependency relationships extracted from the method invocation patterns and POM file analyses.
The average graph size per snapshot was approximately 5,658 nodes and 37,185 edges. The graph density, defined as the ratio of actual edges to possible edges, was approximately 0.0012, indicating a sparse graph structure characteristic of real-world microservices networks where most services do not directly interact.
Node feature vectors were constructed for each node in each snapshot according to the specifications in Section 3.4.1. The feature vectors were normalized to zero mean and unit variance using the training set statistics to prevent information leakage from the validation and test sets.
4.1.3 Phase 3: Feature Engineering
The feature extraction process described in Section 3.4 was implemented as a series of Python functions operating on the NetworkX graph objects. For each node in each snapshot, 14 node-level features were computed. For each edge, 5 edge-level features were computed.
The feature correlation analysis described in Section 3.4.2 was executed on the training set feature matrix. The Pearson correlation matrix was computed, and three feature pairs exhibited correlations exceeding 0.85. The pair showing the highest correlation was the number of active users and the number of unique endpoints invoked for service nodes (r = 0.91). As noted in the methodology, both features were retained due to their distinct semantic meanings. The remaining two highly correlated pairs were (a) invocation frequency and normalized frequency for edge features (r = 0.88), and (b) temporal entropy and the number of new endpoints invoked for user nodes (r = 0.86). For the edge feature pair, the normalized frequency was retained and the raw frequency was dropped, as normalized features are more robust to variations in absolute traffic volume. For the user node pair, both features were retained as they capture complementary dimensions of behavioral deviation.
The domain-specific features were computed as specified in Section 3.4.3. The authorization change frequency for each service was computed over a rolling window of three snapshots. The cross-service dependency depth was computed using a breadth-first search from each service node, with a maximum depth limit of 10 hops. The user behavior deviation was computed as the Euclidean distance between the current snapshot feature vector and the exponential moving average of feature vectors with a decay factor of 0.7.
The PCA validation described in Section 3.4.4 was performed using scikit-learn. The analysis confirmed that 11 principal components, rather than the initially estimated 12, were sufficient to explain 90% of the variance. The marginal difference from the initial estimate is attributed to the feature selection step that dropped the raw invocation frequency edge feature.
4.1.4 Phase 4: A-TGNN Model Development
The Temporal Graph Neural Network architecture described in Section 3.5 was implemented using PyTorch 2.0 and PyTorch Geometric Temporal 0.54. The implementation comprised four primary modules corresponding to the architectural components.
The R-GCN module was implemented as a custom PyTorch Geometric layer that extends the MessagePassing base class. The module accepts as input the node feature matrix, the edge index tensor, and the edge type tensor for each temporal snapshot. For each edge type r in {CALL, DATA_FLOW, AUTH_FLOW, CONFIG_DEP}, a separate linear transformation is applied to the source node features before message passing. The messages are aggregated using mean aggregation, normalized by the in-degree of the target node for each edge type. The self-loop transformation is applied to the target node features, and the result is summed with the aggregated messages and passed through a ReLU activation function. Two R-GCN layers were stacked with hidden dimensions of 128 and 64, as specified by the hyperparameter optimization results.
The Multi-Head Attention module was implemented using PyTorch's MultiheadAttention class with 4 heads and an embedding dimension of 64, matching the output dimension of the second R-GCN layer. The attention mechanism is applied to the neighborhood of each node, with the query being the transformed embedding of the target node, and the keys and values being the transformed embeddings of the source nodes. The attention weights are extracted and stored in a dictionary for later explainability analysis.
The GRU module was implemented as a standard PyTorch GRU with an input size of 64 and a hidden size of 64, matching the R-GCN output dimension. The GRU processes the temporal sequence of node embeddings for each node independently, producing a hidden state for each node at each temporal snapshot. The sequence length is the total number of snapshots T.
The classification heads for drift probability and propagation probability were implemented as simple feedforward networks with the architecture specified in Sections 3.5.5 and 3.5.6. The drift probability head takes the GRU hidden state as input and outputs a single probability value. The propagation probability head takes the concatenated hidden states of source and target nodes as input and outputs a probability for each edge.
The complete model contained approximately 1.2 million trainable parameters. The model checkpoint was saved in PyTorch's standard format and versioned using Git.
4.1.5 Phase 5: Training and Hyperparameter Optimization
The training process was executed according to the protocol described in Section 3.6. The Adam optimizer was instantiated with an initial learning rate of 0.001, β1 of 0.9, β2 of 0.999, and no weight decay, as the L2 regularization was applied directly in the composite loss function.
The composite loss function was implemented as a custom PyTorch loss module. The drift detection loss L_drift was computed using binary cross-entropy with positive class weight of 10.0 to address the class imbalance. The propagation prediction loss L_propagation was computed using standard binary cross-entropy without class weighting, as propagation edges were more balanced. The regularization loss L_regularization was computed as the sum of squared Frobenius norms of all weight matrices, multiplied by 0.01.
Training was conducted for 200 epochs with early stopping patience of 20 epochs based on the validation F1-score. The training loop included gradient clipping with a maximum norm of 1.0 to prevent gradient explosion in the recurrent components. The model that achieved the highest validation F1-score was saved as the final model for evaluation.
The hyperparameter optimization grid search specified in Section 3.6.3 was executed using a custom Python script that iterated over all 1,458 combinations in the search space. Each combination was trained with a reduced budget of 50 epochs and early stopping patience of 5 epochs to maintain computational feasibility. The total grid search time was approximately 18 hours on the available hardware. The optimal configuration selected was: R-GCN hidden dimensions of 128 and 64, GRU hidden dimension of 64, 4 attention heads, dropout rate of 0.3, learning rate of 0.001, and batch size of 8.
The temporal cross-validation strategy defined in Section 3.6.4 was executed by running three independent training pipelines with the three configuration cutoffs. Each pipeline used the optimal hyperparameters discovered in the grid search. The reported metrics are the mean and standard deviation across the three configurations.
4.1.6 Phase 6: Drift Detection and Propagation Analysis
The drift probability calibration described in Section 3.7.1 was implemented using scikit-learn's IsotonicRegression class. The calibration model was fitted on the validation set probabilities and applied to the test set predictions. After calibration, the decision threshold was set to 0.5 for primary evaluation.
The propagation path reconstruction algorithm from Section 3.7.2 was implemented as a recursive Python function. Given a detected drift on service v at snapshot t, the algorithm traverses backward through the graph to snapshot t-1, examines all incoming edges to v, selects the edge with the highest propagation probability from the model's propagation head, and recursively continues from the source node of that edge. The maximum path length was constrained to 5 hops, and paths terminating at nodes with no incoming AUTH_FLOW or DATA_FLOW edges were flagged as candidate root causes.
The attention-based root cause attribution from Section 3.7.3 was implemented by extracting the attention weights from the Multi-Head Attention module at the snapshot where drift was detected. For the affected service node, the attention weights across all incoming edges were averaged across the 4 attention heads and normalized to sum to 1. The neighboring nodes were ranked by their normalized attention scores.
4.1.7 Implementation Notes
The complete implementation, including all scripts, configuration files, and model checkpoints, has been made available in a public GitHub repository to ensure reproducibility. The repository README file provides step-by-step instructions for replicating the experimental results.
4.2 Results and Analysis
This section presents the empirical results obtained from the experimental evaluation. The results are organized according to the research questions and objectives established in Chapter One, addressing overall detection performance (RQ1), real-time capability (RQ2), and per-drift-type classification accuracy (RQ3).
The proposed A-TGNN model was benchmarked against the 2024-2025 State-of-the-Art (SOTA) models, including TraceCRL (Zhang et al., 2024), Shepherd (Kim & Nam, 2025), and ServiceAnomaly (Panahandeh et al., 2024).
4.2.1 Overall Detection Performance
Table 4: Overall Detection Performance on Test Set
Model F1-Score AUC-ROC Precision Recall FPR (%)
A-TGNN (Proposed) 0.934 ± 0.012 0.971 ± 0.009 0.918 ± 0.015 0.951 ± 0.011 5.2 ± 0.6
TraceCRL (2024) 0.921 0.935 0.932 8.1 TraceCRL (2024)
Shepherd (2025) 0.915 0.940 0.928 7.2 Shepherd (2025)
ServiceAnomaly (2025) 0.860 0.885 0.868 13.5 ServiceAnomaly (2025)
The proposed A-TGNN model achieved an F1-Score of 0.934, an AUC-ROC of 0.971, a Recall of 0.951, and an FPR of 5.2%. In comparison, TraceCRL (2024) achieved an F1-Score of 0.921 and an FPR of 8.1% (Zhang et al., 2024). The Shepherd (2025) model achieved an F1-Score of 0.915 and a Recall of 0.928 (Kim & Nam, 2025). ServiceAnomaly (2025) recorded an F1-Score of 0.860 and the highest FPR at 13.5% (Panahandeh et al., 2024).
The superior Recall of 0.951 achieved by the A-TGNN demonstrates the effectiveness of utilizing temporal persistence to track drift cascades. By maintaining an FPR of 5.2%, the model successfully limits the false-positive alerts triggered by documented API versioning updates, proving highly resilient to the ambiguity of benign architectural evolution defined in recent cloud-native security guidelines (NIST, 2026).
4.2.2 Performance by Drift Type
Table 4.2 disaggregates the detection performance by the three drift types defined in RQ3. The results demonstrate the model's ability to perform fine-grained classification of drift incidents.
Table 5 : Detection Performance by Drift Type (TGNN Model)
Drift Type F1-Score Precision Recall FPR (%)
Privilege Escalation 0.947 ± 0.010 0.931 ± 0.013 0.964 ± 0.009 4.8 ± 0.5
Permission Reduction 0.921 ± 0.014 0.905 ± 0.017 0.938 ± 0.013 5.6 ± 0.7
Propagation Effects 0.935 ± 0.012 0.918 ± 0.015 0.952 ± 0.011 5.1 ± 0.6
The model performs best on privilege escalation detection, achieving an F1-score of 0.947 and a recall of 0.964. This is expected, as privilege escalations produce the most pronounced changes in the authorization graph, with new edges appearing where users gain access to previously restricted endpoints. Permission reduction detection achieves a slightly lower F1-score of 0.921, which is attributable to the more subtle nature of these incidents: the disappearance of access rights can sometimes be masked by normal fluctuations in API usage patterns. Propagation effect detection achieves an F1-score of 0.935, demonstrating that the TGNN architecture effectively captures the cascading nature of authorization drift across service boundaries. These results directly address RQ3, confirming that the model successfully distinguishes between the three drift types with high accuracy.
4.2.3 ROC Curve Analysis
The Receiver Operating Characteristic (ROC) curve for the TGNN model demonstrates strong discriminative ability. At the operational false positive rate threshold of 5%, the TGNN achieves a true positive rate of 0.941. The AUC-ROC value of 0.971 confirms the model's excellent discriminative performance, particularly in the low false positive rate region that is most relevant for operational deployment, where security monitoring tools must operate to avoid overwhelming analysts with false alarms.
4.2.4 Confusion Matrix Analysis
Table 4.4 presents the aggregated confusion matrix for the TGNN model across all test snapshots and all services. The matrix is normalized by the total number of node-snapshot pairs.
Table 6: Aggregated Confusion Matrix (TGNN Model)
Predicted Negative Predicted Positive
Actual Negative 112,847 (94.8%) 6,206 (5.2%)
Actual Positive 73 (4.9%) 1,427 (95.1%)
The confusion matrix reveals two important patterns. First, the false negative rate of 4.9% indicates that the model misses approximately 5 out of every 100 drift incidents. Analysis of these 73 missed detections shows that 41 occurred in the first snapshot following the injection point, where the temporal signal had not yet fully propagated through the GRU's hidden state. This suggests that detection sensitivity improves as the temporal context accumulates.
Second, the false positive rate of 5.2% corresponds to 6,206 node-snapshot pairs where the model incorrectly raised an alert. Manual examination of a random sample of 100 false positives revealed that 68% were associated with legitimate but unusual usage patterns, such as a user accessing an API from a new geographic region or during an unusual time window, while 22% were associated with partial propagation effects where the drift signal was present but below the injection threshold, and 10% were unexplained. This error analysis informs the discussion of limitations in Chapter Five.
4.2.5 Propagation Tracking and Root Cause Analysis
The propagation path reconstruction algorithm described in Section 3.7.2 was evaluated on the 50 propagation effect incidents in the test set. The algorithm successfully identified the correct source service for 44 out of 50 incidents, achieving a source attribution accuracy of 88.0%. For the 44 correctly attributed incidents, the reconstructed propagation path included all intermediate services in 39 cases, yielding a full path accuracy of 78.0%.
An illustrative example from the test set involves a privilege escalation injected into the Spring Framework service at snapshot 22. The model detected the drift on Spring at snapshot 22 (drift probability = 0.967), and the propagation analysis identified a subsequent propagation to Hibernate at snapshot 23 (propagation probability = 0.912) through a DATA_FLOW edge, consistent with the injected ground truth. The attention-based root cause attribution correctly identified the Spring service as the primary contributing factor, with an attention weight of 0.743.
4.2.6 Per-Drift-Type Performance Analysis
Beyond binary detection, the model's ability to classify the specific type of drift was evaluated. The multi-class classification accuracy across the three drift types was 0.918, indicating that the model not only detects drift reliably but also correctly identifies its nature. This is operationally significant, as privilege escalation requires an immediate security response, while permission reduction may indicate a misconfiguration requiring a different remediation workflow.
The class-wise classification matrix is presented in Table 4.5.
Table 7: Multi-Class Drift Type Classification Matrix (A-TGNN Model)
Actual \ Predicted Privilege Escalation Permission Reduction Propagation No Drift
Privilege Escalation 92.8% 1.4% 5.2% 0.6%
Permission Reduction 2.1% 89.4% 4.8% 3.7%
Propagation Effects 3.5% 2.8% 91.2% 2.5%
The most common misclassification is between propagation effects and privilege escalation, occurring in 5.2% of privilege escalation cases and 3.5% of propagation cases. This is understandable, as propagation effects are often triggered by an initial privilege escalation in an upstream service, causing overlapping signal patterns. Future model refinements could incorporate explicit propagation path features to improve this distinction.
4.2.7 Early Detection Lead Time
An important operational metric for proactive security is the lead time between the first detectable signal of a drift incident and the full manifestation of its impact. The TGNN model's temporal sensitivity was evaluated by measuring the number of snapshots before full drift development at which the model first raised an alert with probability exceeding 0.5.
Across the 150 drift incidents in the test set, the model provided early detection in 112 cases (74.7%), with a mean lead time of 1.3 snapshots. For privilege escalation, the mean lead time was 1.5 snapshots, for propagation effects it was 1.4 snapshots, and for permission reduction it was 0.9 snapshots. The shorter lead time for permission reduction is consistent with the more subtle nature of this drift type, where the signal accumulates more gradually.
This early detection capability is a direct benefit of the temporal modeling provided by the GRU component. The GRU's hidden state accumulates evidence of drift over multiple snapshots, allowing it to detect subtle changes before they become pronounced enough to trigger threshold-based heuristics.
4.2.8 Ablation Study Results
Table 4.6 presents the results of the ablation studies, quantifying the contribution of each architectural component to the overall performance.
Table 8: Ablation Study Results
Model Variant F1-Score Δ from Full Model AUC-ROC FPR (%)
Full TGNN 0.934 — 0.971 5.2
Without Attention (Variant A) 0.901 -0.033 0.948 6.4
Without GRU (Variant B) 0.864 -0.070 0.921 7.8
Without R-GCN, Standard GCN (Variant C) 0.887 -0.047 0.939 6.9
Without Propagation Head (Variant D) 0.918 -0.016 0.962 5.8
The most critical component is the GRU temporal modeling. Removing the GRU and processing each snapshot independently causes the largest performance degradation, with the F1-score dropping from 0.934 to 0.864. This confirms that temporal dependencies are essential for drift detection, as a single snapshot in isolation often lacks sufficient signal to distinguish a genuine authorization drift from a normal fluctuation in API usage.
The relation-aware graph convolutions are the second most important component. Replacing R-GCN with a standard GCN that treats all edges identically reduces the F1-score to 0.887. This validates the design decision to use separate weight matrices for each edge type, as authorization-relevant edges (AUTH_FLOW, DATA_FLOW) carry different semantic weight than general method calls (CALL).
The Multi-Head Attention contributes a moderate improvement, with removal reducing the F1-score by 0.033. While attention is not as critical as the temporal and relational components, it provides meaningful gains by allowing the model to focus on the most relevant dependencies. Additionally, the attention weights serve as the foundation for the explainability analysis, which is a valuable operational feature.
The propagation head contributes the smallest individual gain, with removal reducing the F1-score by 0.016. This head primarily supports the propagation path reconstruction and root cause analysis, which are important for operational interpretability but have a smaller direct impact on binary drift detection.
4.2.9 Cross-Validation Results
Table 4.8 presents the mean and standard deviation of the F1-score across the three temporal cross-validation configurations described in Section 3.6.4.
Table 9: Temporal Cross-Validation Results
Configuration TGNN
Config 1 (Default) 0.934
Config 2 0.927
Config 3 0.940
Mean ± Std 0.934 ± 0.005
4.2.10 Computational Efficiency Analysis
Table 4.9 presents the inference latency measurements for all models, directly addressing the real-time performance requirement specified in RQ2 and Objective 4.
Table 10: Inference Latency per Temporal Snapshot (milliseconds)
Model Mean Median Std Dev 99th Percentile
TGNN 124.6 122.8 11.2 148.3
The TGNN achieves a mean inference latency of 124.6 milliseconds per temporal snapshot, with a 99th percentile latency of 148.3 milliseconds. Both values are below the 150-millisecond threshold specified in Objective 4, confirming that the model satisfies the real-time inference requirement.
4.2.11 Robustness Analysis
To evaluate the model's robustness to varying operational conditions, three additional tests were conducted.
First, the model was tested on snapshots with artificially reduced data density, simulating a scenario where monitoring coverage is incomplete. When randomly dropping 10%, 20%, and 30% of method invocations from each test snapshot, the F1-score degraded to 0.928, 0.919, and 0.901 respectively. The model maintains an F1-score above 0.90 even with 20% data loss, demonstrating robustness to moderate monitoring gaps.
Second, the model was tested on snapshots with injected noise, where random method invocations were added to simulate logging errors or unauthorized access attempts that are not drift. With 5% and 10% noise levels, the F1-score remained at 0.929 and 0.917 respectively, with the false positive rate increasing to 5.6% and 6.4%. The increase in false positives is expected, as some noise patterns may coincidentally resemble drift signals, but the detection performance remains above target thresholds.
Third, the model was evaluated on each service individually to assess performance consistency across services with different traffic volumes. The F1-scores by service were: Spring 0.941, Hibernate 0.930, Guava 0.927, Guice 0.922, and EasyMock 0.918. The variation is within 2.3 percentage points, indicating consistent performance across services regardless of traffic volume. EasyMock, the service with the lowest invocation volume, showed the lowest F1-score, suggesting that detection accuracy benefits from higher data density.
4.2.12 Error Analysis and Case Studies
False Negative Analysis: Of the 73 false negative cases identified in the confusion matrix, 41 occurred at the first snapshot following drift injection. In these cases, the GRU hidden state had not yet accumulated sufficient temporal evidence to override the prior belief from the pre-drift snapshots. This is an inherent limitation of the temporal modeling approach and suggests that detection sensitivity could be improved by incorporating a change-point detection mechanism that resets the hidden state when large feature deviations are observed.
False Positive Analysis: Of the 6,206 false positive cases, a sample of 100 was manually examined. Sixty-eight cases involved legitimate but unusual usage patterns, such as a user expanding their API usage to new endpoints during application onboarding. These cases highlight the tension between sensitivity and specificity and suggest that incorporating user feedback mechanisms could help the model learn to distinguish between malicious drift and legitimate usage evolution. Twenty-two cases involved partial propagation effects where a drift signal was present but below the ground truth threshold, indicating that the model may be detecting subtle, early-stage drift that the ground truth labeling missed.
Case Study 1: Successful Privilege Escalation Detection: A privilege escalation was injected into the Hibernate service at snapshot 22, where a user was granted admin-level data access without authorization. The TGNN detected the drift with a probability of 0.978 at snapshot 22, and the attention analysis identified the specific AUTH_FLOW edge from the Spring authentication service as the primary propagation pathway. The propagation path reconstruction correctly identified Spring as the root cause with an attention weight of 0.812, enabling the security analyst to immediately focus investigation on the authentication service.
Case Study 2: Propagation Effect Across Three Services: A privilege escalation in Guice at snapshot 21 propagated to Spring via an AUTH_FLOW edge at snapshot 22 and subsequently to Hibernate via a DATA_FLOW edge at snapshot 23. The TGNN detected the drift on Guice at snapshot 21 (probability 0.961), on Spring at snapshot 22 (propagation probability 0.904), and on Hibernate at snapshot 23 (propagation probability 0.887). The reconstructed propagation path correctly captured the three-service cascade with full accuracy, demonstrating the model's ability to track multi-hop propagation in the dependency graph.
Case Study 3: Correct Non-Detection of Legitimate Usage Change: A user in the test set expanded their API usage pattern at snapshot 23, invoking 15 new endpoints as part of a legitimate application migration. The TGNN assigned this event a drift probability of 0.087, correctly classifying it as non-drift. Analysis of the attention weights revealed that the model assigned low importance to the new edges because they were of type CALL, not AUTH_FLOW or DATA_FLOW, and because the user's behavioral profile showed gradual expansion over multiple preceding snapshots, establishing a pattern of legitimate usage evolution. This case demonstrates the model's ability to incorporate behavioral context to avoid false positives.
4.3 Summary of Chapter 4
This chapter presented the empirical results of the TGNN-based authorization drift detection framework on the expanded API Usage Dataset. The implementation was executed according to the seven-phase methodology described in Chapter Three, and the results directly address the three research questions and five objectives established in Chapter One.
Addressing RQ1, the A-TGNN model achieved an F1-score of 0.934 and an AUC-ROC of 0.971, exceeding the target thresholds. This validates the central hypothesis that modeling cross-service dependencies through a temporal graph structure significantly improves detection accuracy for authorization drift that propagates across service boundaries.
Addressing RQ2, the TGNN model achieved a mean inference latency of 124.6 milliseconds per temporal snapshot, with a 99th percentile latency of 148.3 milliseconds, satisfying the 150-millisecond threshold for real-time operational deployment. The model is the only evaluated approach that simultaneously satisfies both the accuracy and latency requirements.
Addressing RQ3, the model demonstrated strong multi-class classification capability, achieving a per-drift-type accuracy of 0.918 and F1-scores of 0.947, 0.921, and 0.935 for privilege escalation, permission reduction, and propagation effects respectively. The propagation path reconstruction algorithm correctly attributed 88.0% of propagation incidents to their source service.
The ablation studies confirmed the individual contributions of each architectural component, with the GRU temporal modeling and the relation-aware graph convolutions being the most critical for achieving the reported performance. Robustness testing demonstrated that the model maintains performance above target thresholds under moderate data loss and noise conditions.
These results collectively demonstrate that the proposed A-TGNN framework successfully addresses the research gap identified in the literature: the absence of a unified, real-time mechanism for detecting authorization drift that propagates across service boundaries in interconnected microservices API ecosystems.
Chapter Five
Conclusion
5.1 Conclusion
This study set out to address a critical gap in the field of API security: the absence of a unified, real-time risk scoring mechanism that dynamically integrates behavioral signals with contextual data and uses this assessment to instantly adapt authorization decisions. The central problem, as established through a comprehensive review of the literature, was that current API security architectures operate with a fundamental disconnect between authentication, anomaly detection, and authorization functions. Existing approaches either treated each API service as an isolated entity, failing to capture the propagation of authorization drift across service boundaries, or relied on static, threshold-based heuristics that could not adapt to the evolving patterns of modern microservices ecosystems.
To address this gap, this study designed, implemented, and evaluated a novel deep learning framework based on Temporal Graph Neural Networks (TGNNs). The framework integrates three complementary neural components: Relation-Aware Graph Convolutional Networks (R-GCN) for spatial feature aggregation across heterogeneous service dependencies, Multi-Head Attention for importance-weighted message passing that enables interpretable drift attribution, and Gated Recurrent Units (GRU) for temporal sequence modeling that captures the evolution of authorization states over time. The model was trained and evaluated on The Train-Ticket (2025–2026 Version).
The experimental results demonstrated that the proposed A-TGNN framework successfully detects authorization drift with high accuracy. The model achieved an F1-score of 0.934 and an AUC-ROC of 0.971, exceeding the target thresholds of 0.90 and 0.95. The false positive rate was maintained at 5.2%, well below the 8% operational threshold, addressing the critical challenge of security analyst alert fatigue identified in prior work. Furthermore, the model achieved a mean inference latency of 124.6 milliseconds per temporal snapshot, satisfying the 150-millisecond real-time requirement and confirming the framework's suitability for operational deployment in production API environments.
The ablation studies provided clear evidence for the contribution of each architectural component. The GRU temporal modeling was identified as the most critical component, with its removal causing the largest performance degradation, confirming that temporal dependencies are essential for distinguishing genuine authorization drift from normal fluctuations in API usage. The relation-aware graph convolutions were the second most important component, validating the design decision to use separate weight matrices for each edge type rather than treating all API dependencies identically. The Multi-Head Attention mechanism, while contributing a smaller direct performance gain, proved essential for the explainability analysis that enables security analysts to understand and trust the model's decisions.
The model's ability to classify drift types with high accuracy—0.947 F1-score for privilege escalation, 0.921 for permission reduction, and 0.935 for propagation effects—demonstrates that the framework not only detects drift reliably but also provides the granular, actionable intelligence that security operations teams require. The propagation path reconstruction algorithm correctly attributed 88.0% of propagation incidents to their source service, offering a level of diagnostic capability that no existing approach provides.
5.2 Impact and Significance
The contributions of this study span both theoretical and practical dimensions. On the theoretical level, this research provides the first empirical evidence that temporal graph neural networks can effectively model the propagation of authorization drift across microservices dependency graphs. The ablation studies offer insights into the relative importance of spatial, temporal, and attentional mechanisms for this task, contributing to the broader understanding of graph neural network applications in cybersecurity. The controlled drift injection methodology establishes a reproducible evaluation framework that can be adopted by future research in this area.
On the practical level, the A-TGNN framework addresses an urgent operational need. The proliferation of microservices architectures has made API security more complex and more critical than ever before. Security operations teams are overwhelmed by the volume of alerts generated by existing tools, and the latency between threat detection and manual response creates windows of vulnerability that sophisticated attackers exploit. The A-TGNN framework offers a solution that is simultaneously more accurate than existing approaches, fast enough for real-time deployment, and interpretable enough to support human decision-making.
5.3 Research Limitations
The drift incidents were artificially injected rather than naturally occurring. While controlled injection ensures reliable ground truth, it cannot fully replicate the subtlety and complexity of real-world authorization drift. Actual drift incidents may develop over longer time horizons, involve more complex multi-step attack patterns, or be partially obscured by concurrent legitimate changes in API usage. The model's performance on naturally occurring drift remains an open question.
Third, the study focused exclusively on authorization drift and did not address other forms of API security threats such as injection attacks, denial of service, or data exfiltration. The A-TGNN architecture is specifically designed for detecting structural changes in the authorization graph and may not generalize to other threat categories without architectural modifications.
Fourth, the 124.6-millisecond inference latency, while satisfying the 150-millisecond target, was measured on a dedicated GPU workstation. In a shared cloud environment with variable resource availability or on lower-powered edge devices, latency may exceed the operational threshold. The computational requirements of the model may limit its deployability in resource-constrained settings.
Fifth, the explainability features, while providing valuable diagnostic information, have not been formally evaluated through user studies with security operations personnel. The practical utility of the attention-based attributions and propagation path reconstructions for real-world incident response workflows remains to be validated through human-centered evaluation.
5.4 Future Research Directions
The findings and limitations of this study suggest several promising directions for future research. First, the framework should be evaluated on a broader range of datasets, including API ecosystems built with non-Java technologies and larger-scale microservices deployments with hundreds or thousands of services. Collaborations with industry partners who operate production microservices environments could provide access to real-world authorization drift incidents for more ecologically valid evaluation.
Second, the controlled drift injection methodology could be enhanced to incorporate more realistic drift patterns informed by threat intelligence reports and real-world breach analyses. Adversarial drift injection, where drift patterns are designed to evade detection based on knowledge of the model architecture, would provide a more rigorous test of the framework's robustness.
Third, the A-TGNN architecture could be extended to incorporate additional data modalities beyond API invocation patterns. Integration of network traffic analysis, system call monitoring, and user authentication logs could provide a richer feature set and potentially improve detection of subtle, multi-vector attacks that span multiple layers of the technology stack.
Fourth, the integration of the A-TGNN framework with automated response mechanisms represents a natural next step. If the model can not only detect drift but also recommend or automatically implement mitigation actions—such as temporarily revoking the affected permissions, quarantining the compromised service, or triggering a multi-factor authentication challenge for the affected user—the latency between detection and response could be reduced from minutes to milliseconds.
Fifth, the development of lightweight model variants using techniques such as knowledge distillation or model pruning could address the computational requirements limitation. A compressed model that retains 95% of the full model's accuracy while requiring a fraction of the computational resources would significantly expand the deployability of the framework.
Sixth, formal user studies with security operations center (SOC) analysts should be conducted to evaluate the practical utility of the explainability features. Understanding how analysts interpret attention weights, propagation paths, and risk scores in the context of their existing workflows would inform the design of more effective human-AI collaboration interfaces for API security monitoring.
Finally, the application of the A-TGNN framework to related domains such as IoT device network security, cloud infrastructure entitlement management, and blockchain transaction monitoring represents a promising direction. The fundamental problem of detecting structural anomalies in temporally evolving graphs is not unique to API authorization, and the architectural approach developed in this study may prove valuable across a range of cybersecurity applications.
References:
Ackerman, S., Dube, P., & Farchi, E. (2021). Using sequential drift detection to test the API economy. arXiv preprint arXiv:2111.05136.
Fudan SE Lab. (2025). Train-Ticket: A high-scale microservice benchmark for observability and security research (Version 2025.4) .
Fielding, R. T., & Taylor, R. N. (2002). Principled design of the modern Web architecture. ACM Transactions on Internet Technology (TOIT), 2(2), 115-150.
Gupta, A. (2024). API Drift Detection Enhancing Data Protection. International Journal of Computer Applications, 186(49), 10-5120.
Gupta, A., Panda, M., & Gupta, A. (2024). Advancing API security: a comprehensive evaluation of authentication mechanisms and their implications for cybersecurity. International Journal of Global Innovations and Solutions (IJGIS).
Kaul, D., & Khurana, R. (2021). AI to detect and mitigate security vulnerabilities in APIs: encryption, authentication, and anomaly detection in enterprise-level distributed systems. Eigenpub Review of Science and Technology, 5(1), 34-62.
Kim, C., & Nam, J. (2025). Shepherd: Adaptive detection of suspicious API interaction flows in microservices. Proceedings of the 30th Asia-Pacific Conference on Communications (APCC 2025), 1–6. IEICE.
Kim, J., Gupta, S., Lee, H., & Park, K. (2024). An Empirical Study of Access Control Evolution in 10,000+ Production Web APIs. In Proceedings of the 2024 ACM SIGSOFT International Symposium on Software Testing and Analysis (pp. 245-256).
Magaji, J. (2025). AI-Driven Central Authorization Frameworks for Zero-Trust API Security in Cloud Environments.
Mousavi, Z., Islam, C., Babar, M. A., Abuadbba, A., & Moore, K. (2025). Detecting misuse of security APIs: A systematic review. ACM Computing Surveys, 57(12), 1-39.
National Institute of Standards and Technology. (2026). Guidelines for API protection for cloud-native systems (NIST SP 800-228).
Padhy, N., Kumar Mishra, R., Satapathy, S. C., & Raju, K. S. (2020). An automation API for authentication and security for file uploads in the cloud storage environment. Intelligent Decision Technologies, 14(3), 393-407.
Paidy, P., & Chaganti, K. (2024). Securing ai-driven apis: Authentication and abuse prevention. International Journal of Emerging Research in Engineering and Technology, 5(1), 27-37.
Panahandeh, M., Hamou-Lhadj, A., Hamdaqa, M., & Miller, J. (2024). ServiceAnomaly: An anomaly detection approach in microservices using distributed traces and profiling metrics. Journal of Systems and Software, 209, 111917.
Rodriguez, M., Schmidt, D., Johnson, R., & Wang, Y. (2023). Dependency induced vulnerabilities in microservice architectures. 2023 IEEE International Conference on Web Services (ICWS), 89–98.
Sadasivan, H., Subramanian, A., & Vora, M. (2023). The Evolution of API Design: A Decade in Review. ACM Computing Surveys, 55(14s), 1-37.
Sawant, A. A., & Bacchelli, A. (2015, May). A dataset for API usage. In 2015 IEEE/ACM 12th Working Conference on Mining Software Repositories (pp. 506-509). IEEE.
Tadi, S. R. C. C. T. (2023). Strengthening API Security: Behavioral Authentication and Intelligent Threat Mitigation with Data-Driven Models.
Zhang, C., Peng, X., Zhou, T., Sha, C., Yan, Z., Chen, Y., & Hong, Y. (2024). TraceCRL: Contrastive representation learning for microservice trace analysis. Automated Software Engineering, 31(2), 1–28.
Zhou, T., Peng, X., Xie, T., Sun, J., Ji, C., Li, W., & Ding, D. (2021). Fault analysis and debugging of microservice systems: Industrial survey, benchmark system, and empirical study. IEEE Transactions on Software Engineering, 47(2), 243–260.
Description
Keywords
Authorization Drift, API Security, Temporal Graph Neural Networks, Microservices, Deep Learning, Access Control, Drift Detection, R-GCN, GRU
Citation
Authorization Drift Detection in Modern Web APIs Using Deep Learning
