ADAPTIVE STRATEGIES FOR API SECURITY IN MOBILE APPLICATIONS BASED ON MACHINE LEARNING UNDER RESOURCE CONSTRAINTS
DOI:
https://doi.org/10.32689/maup.it.2025.3.7Keywords:
API security, mobile applications, resource constraints, machine learning, cloud computing, hybrid security system, behavioral analysis.Abstract
The article reviews the technical limitations characteristic of the hardware and software environment of mobile applications that use API interfaces to interact with network services. The development of the problem of ensuring cyber protection of mobile APIs in conditions of limited resources is continued, where the key factors are the bandwidth of mobile communication channels, the amount of RAM and the level of available computing resources.The purpose of the article is to form a comprehensive methodology for building an adaptive mobile application API protection system based on machine learning, taking into account device limitations, query variability, threat scenarios and performance requirements.Methodology. The systematization of attack vectors on APIs is used and a multi-level structure of protection methods is implemented, which includes authentication, encryption, access control, anomaly detection, information storage protection andcomponent updates. A classification of machine learning models is carried out according to their suitability for implementationin a mobile environment. The effectiveness of the use of ensemble methods and SVM in local use mode is shown. A hybridarchitecture is proposed that combines a local query filter with a cloud neural network to detect complex and atypical patterns.The scientific novelty lies in the development of an adaptive architecture for the mobile API protection system, which integrates local modules with cloud services and provides a balance between performance and security level. The use of lightweight machine learning models in the mobile environment and behavioral analysis of API requests as a key element of adaptive response to new types of attacks is proposed. Conclusions. The main emphasis was placed on creating a hybrid mobile application API cyber protection system that combines the advantages of local and cloud processing. The features of the application of machine learning methods to detect cyber threats accompanying the use of APIs are analyzed. A methodology for building a comprehensive protection systemis proposed, which includes authentication modules, traffic encryption, code obfuscation, containerization, event capture,incident response, and security policy updates.
References
Acosta-Prado J. C., Rojas J. Rincón S., Mejía A. Martínez M., Riveros A. Tarazona R. Trends in the literature about the adoption of digital banking in emerging economies: A bibliometric analysis. Journal of Risk and Financial Management. 2024. No 17(12). DOI: https://doi.org/10.3390/jrfm17120545
Alshamrani A., Myneni S., Chowdhary A., Huang D. A survey on advanced persistent threats: Techniques, solutions, challenges, and research opportunities. IEEE Communications Surveys & Tutorials. 2019. No 21(2). P. 1851–1877. DOI: https://doi.org/10.1109/COMST.2018.2869441
Alzubaidi A., Kalutarage H., Wills G. B. Edge AI architectures for Internet of Things applications: A survey. Smart Systems and Resilient Technologies. 2023. No 5. DOI: https://doi.org/10.1016/j.ssrt.2023.100038
Beldachi R., Sallabi F., El Khatib H. Lightweight security solutions for resource-constrained mobile devices. International Journal of Network Security & Its Applications (IJNSA). 2018. No 10(3). P. 11–25.
Dantas P. V., da Silva W. Jr S., Cordeiro L. C., Carvalho C. B. A comprehensive review of model compression techniques in machine learning. Applied Intelligence. 2024. Vol. 54. P. 11804–11844. DOI: https://doi.org/10.1007/s10489-024-05747-w
Enck W., Gilbert P., Chun B.-G., Cox L. P., Jung J., McDaniel P., Sheth Taint A. Droid: An information-flow tracking system for realtime privacy monitoring on smartphones. In: Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI ’10). Berkeley: USENIX Association, 2010. P. 1–16.
Gupta A., Lee S. Client-side versus server-side vulnerabilities in mobile APIs: A comparative study. Journal of Systems Architecture. 2021. Vol. 115. DOI: https://doi.org/10.1016/j.sysarc.2021.102061
Gupta P., Sandhu A. A review on API security challenges and solutions in modern web applications. Journal of Network and Computer Applications. 2023. Vol. 213. DOI: https://doi.org/10.1016/j.jnca.2022.103504
Haris N., Chen K., Song A., Pou B. Finding vulnerabilities in mobile application APIs: A modular programmatic approach. arXiv preprint : website. 2023. DOI: https://doi.org/10.48550/arXiv.2310.14137
Khan R., Othman M., Madani S. A., Khan S. U. A survey of mobile cloud computing application models. IEEE Communications Surveys & Tutorials. 2014. Vol. 16(1). P. 393–413. DOI: https://doi.org/10.1109/SURV.2013.052313.00134
Kumar A., Sethi N. Digital transformation trends in service industries: A systematic review. International Journal of Service Science, Management, Engineering and Technology. 2022. Vol. 13(1). P. 45–60.
Kumar P., Singh R. Mobile-Edge and Cloud-Based M. Hybrid L. Models for Secure API Ecosystems. International Journal of Network Security. 2021. No 23(4). P. 667–680. DOI: https://doi.org/10.6633/IJNS.202104_23(4).01
Li X., Zhao J. Edge-based versus cloud-based ML for real-time anomaly detection in mobile services. ACM Transactions on Internet Technology. 2019. No 19(1). DOI: https://doi.org/10.1145/3311699
Liu D., Zhu Y., Liu Z., Liu Y., Han C., Tian J., Li R., Yi W. A survey of model compression techniques: past, present, and future. Frontiers in Robotics and AI. 2025. No 12. DOI: https://doi.org/10.3389/frobt.2025.1518965
Liu D., Zhu Y., Zhang Z. et al. A survey of model compression techniques: past, present, and future. Frontiers in Robotics and AI. 2025. No 12.
Meddeb A. API security: Why it’s more important than ever. Computer Fraud & Security. 2020. No 5. P. 8–11. DOI: https://doi.org/10.1016/S1361-3723(20)30057-7
OWASP Foundation. OWASP Top 10 API Security Risks – 2023. OWASP Foundation, 2023. 50 p.
Pal S., Misra S. Security challenges in mobile–cloud integrated systems: A survey. IEEE Communications Surveys & Tutorials. 2022. No 24(3). P. 1873–1897. DOI: https://doi.org/10.1109/COMST.2021.3124843
Paul C. Mobile app personalization using machine learning algorithms. International Journal of Advanced Computer Science & Applications (IJACSA). 2023. No 14(7). P. 205–218.
Shostack A. Threat Modeling: Designing for Security. Hoboken: Wiley, 2014. 624 p.
Skosana S., Mlambo S., Madiope T., Thango B. Evaluating wireless network technologies (3G, 4G, 5G) and their infrastructure: A systematic review. SSRN Electronic Journal. 2024. https://doi.org/10.2139/ssrn.4992432
Souppaya M., Scarfone K. Guide to Data-Centric System Threat Modeling (NIST SP 800-154, Initial Public Draft). Gaithersburg: National Institute of Standards and Technology, 2016. 65 p.
Suwannaphong T., Jovan F., Craddock I., McConville R. Optimising TinyML with quantization and distillation of transformer and Mamba models for indoor localisation on edge devices. arXiv preprint : website. 2024. DOI: https://doi.org/10.48550/arXiv.2412.09289
Suwannaphong T., Jovan F., Craddock I., McConville R. Optimising TinyML with quantization and distillation of transformer and Mamba models for indoor localisation on edge devices. Internet of Things and Cyber-Physical Systems. 2024. No 4. DOI: https://doi.org/10.1016/j.iotcps.2023.100086
Teodorescu C. A., Durnoi A. N., Vargas V. M. The rise of the mobile Internet: Tracing the evolution of portable devices. Proceedings of the International Conference on Business Excellence. 2023. No 17(1). P. 1645–1654. DOI: https://doi.org/10.2478/picbe-2023-0147
World Health Organization, European Commission. Assessing the impact of digital transformation of health services. Expert Panel Opinion. Luxembourg: Publications Office of the European Union, 2019. 120 p.
Zhang C., Patras P. Long-term mobile traffic forecasting using deep spatio-temporal neural networks. arXiv preprint : website. 2017. URL: https://arxiv.org/abs/1712.08083 (last accessed: 18.09.2025).
Zhang H., Huang J. Challenging GPU dominance: When CPUs outperform for on-device LLM inference. arXiv : website. 2025. DOI: https://doi.org/10.48550/arXiv.2505.06461
Zhang Y., Wang L. Machine learning–driven API threat detection: Methods and opportunities. Journal of Computer Security. 2020. No 28(6). P. 773–795. DOI: https://doi.org/10.3233/JCS-200457
