20240037332. TEXT CLASSIFICATION OF API DOCUMENTATION FOR INFORMING SECURITY POLICY CREATION simplified abstract (Palo Alto Networks, Inc.)
TEXT CLASSIFICATION OF API DOCUMENTATION FOR INFORMING SECURITY POLICY CREATION
Organization Name
Inventor(s)
Krishnan Shankar Narayan of San Jose CA (US)
Srikumar Narayan Chari of Cupertino CA (US)
Venkata Ramadurga Prasad Katakam of Sunnyvale CA (US)
Patrick Kar Yin Chang of San Jose CA (US)
TEXT CLASSIFICATION OF API DOCUMENTATION FOR INFORMING SECURITY POLICY CREATION - A simplified explanation of the abstract
This abstract first appeared for US patent application 20240037332 titled 'TEXT CLASSIFICATION OF API DOCUMENTATION FOR INFORMING SECURITY POLICY CREATION
Simplified Explanation
The abstract describes a service that analyzes API documentation and security policies to classify response fields as security-related or unrelated. It generates labeled training data for the identified response field descriptions and trains a text classifier to predict whether unknown response fields are security-related. The technology aims to assist in the creation of security policies by focusing on response fields predicted to be security-related.
- The service obtains API documentation and security policies from a vendor.
- It matches the response fields in the security policies to their descriptions in the API documentation.
- Labeled training data is generated, consisting of identified response field descriptions labeled as security-related.
- Additional labeled training data is created for security unrelated response fields.
- A text classifier is trained on the labeled training data.
- The trained text classifier accepts descriptions of unknown response fields and predicts whether they are security-related.
- The technology helps in creating security policies by focusing on response fields predicted to be security-related.
Potential Applications:
- Enhancing API security by identifying and focusing on security-related response fields.
- Streamlining the creation of security policies by automating the classification of response fields.
Problems Solved:
- Manual analysis of API documentation and security policies to identify security-related response fields.
- Difficulty in prioritizing response fields for security policy creation.
Benefits:
- Improved efficiency in identifying security-related response fields.
- Enhanced accuracy in classifying response fields as security-related or unrelated.
- Time and resource savings in the creation of security policies.
Original Abstract Submitted
an api response field classification service obtains api documentation published by a vendor and defined security policies and matches the response fields represented in the security policies to their descriptions in the api documentation. the service generates labelled training data that comprise the identified response field descriptions with labels indicating that their corresponding response field is security related. additional labelled training data for security unrelated response fields comprises descriptions of response fields that are known not to be represented with any security policies. the service trains a text classifier on the labelled training data. the trained text classifier accepts inputs comprising descriptions of unknown response fields and outputs predicted classes indicating whether the corresponding response fields are predicted to be security related. subsequent creation of security policies can be focused on these response fields predicted to be security related.
