This work addresses the challenge of automatically modeling, documenting, and detecting anomalous behaviors in REST APIs without relying on prior knowledge. The authors propose Map Reduce Graph (MRG), an unsupervised framework that employs a three-stage pipeline—training, updating, and detection—to reconstruct API structures directly from live traffic, generate OpenAPI specifications, and enable real-time visualization and anomaly detection in dynamic microservice environments. MRG is the first approach to achieve fully automated, annotation-free API structural learning and security monitoring. By integrating a graph-based validation mechanism with deep autoencoders, it attains 100% precision across multiple API attack types and improves recall by up to 11.4% compared to state-of-the-art methods such as HRAL and FT-ANN, while accelerating inference by over 20×.

This paper presents Map Reduce Graph (MRG), a novel unsupervised method for modeling and securing HTTP REST APIs. MRG learns API structure from real-world traffic without prior knowledge or labels, automatically generating OpenAPI-compliant documentation by reconstructing routes, methods, and parameter formats. MRG enables real-time updates, explainable visualization, and anomaly detection, helping identify undocumented or evolving behaviors. It detects malformed requests, structural deviations, and injection attacks using graph-based validation and a deep autoencoder for payload analysis. Compared to state-of-the-art methods like HRAL and FT-ANN, MRG achieves up to 11.4% higher recall, over 20 times faster inference, and perfect precision (100%) on multiple API-layer attacks. Designed for dynamic microservice environments, MRG operates in three phases - training, updating, and detection - and integrates smoothly with observability and security tools. This work contributes a fully automated, efficient pipeline for real-time API visibility, schema inference, and anomaly detection without manual tuning or labeled data.