{"id":"https://openalex.org/W7111407412","doi":"https://doi.org/10.48550/arxiv.2512.06906","title":"MINES: Explainable Anomaly Detection through Web API Invariant Inference","display_name":"MINES: Explainable Anomaly Detection through Web API Invariant Inference","publication_year":2025,"publication_date":"2025-12-07","ids":{"openalex":"https://openalex.org/W7111407412","doi":"https://doi.org/10.48550/arxiv.2512.06906"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2512.06906","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2512.06906","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2512.06906","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Zhang, Wenjie","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Zhang, Wenjie","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":null,"display_name":"Lin, Yun","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Lin, Yun","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":null,"display_name":"Kwok, Chun Fung Amos","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Kwok, Chun Fung Amos","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":null,"display_name":"Teoh, Xiwen","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Teoh, Xiwen","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":null,"display_name":"Xie, Xiaofei","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Xie, Xiaofei","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":null,"display_name":"Liauw, Frank","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Liauw, Frank","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":null,"display_name":"Zhang, Hongyu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhang, Hongyu","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":null,"display_name":"Dong, Jin Song","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Dong, Jin Song","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":8,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.8363999724388123,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.8363999724388123,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.031300000846385956,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.018799999728798866,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/python","display_name":"Python (programming language)","score":0.5968000292778015},{"id":"https://openalex.org/keywords/inference","display_name":"Inference","score":0.5911999940872192},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.5895000100135803},{"id":"https://openalex.org/keywords/schema","display_name":"Schema (genetic algorithms)","score":0.5289999842643738},{"id":"https://openalex.org/keywords/spurious-relationship","display_name":"Spurious relationship","score":0.5166000127792358},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.4124999940395355},{"id":"https://openalex.org/keywords/precision-and-recall","display_name":"Precision and recall","score":0.39500001072883606},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.3813999891281128}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7556999921798706},{"id":"https://openalex.org/C519991488","wikidata":"https://www.wikidata.org/wiki/Q28865","display_name":"Python (programming language)","level":2,"score":0.5968000292778015},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.5911999940872192},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.5895000100135803},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.5383999943733215},{"id":"https://openalex.org/C52146309","wikidata":"https://www.wikidata.org/wiki/Q7431116","display_name":"Schema (genetic algorithms)","level":2,"score":0.5289999842643738},{"id":"https://openalex.org/C97256817","wikidata":"https://www.wikidata.org/wiki/Q1462316","display_name":"Spurious relationship","level":2,"score":0.5166000127792358},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.4124999940395355},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.40380001068115234},{"id":"https://openalex.org/C81669768","wikidata":"https://www.wikidata.org/wiki/Q2359161","display_name":"Precision and recall","level":2,"score":0.39500001072883606},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.3813999891281128},{"id":"https://openalex.org/C35578498","wikidata":"https://www.wikidata.org/wiki/Q193424","display_name":"Web service","level":2,"score":0.36489999294281006},{"id":"https://openalex.org/C23123220","wikidata":"https://www.wikidata.org/wiki/Q816826","display_name":"Information retrieval","level":1,"score":0.3495999872684479},{"id":"https://openalex.org/C33762810","wikidata":"https://www.wikidata.org/wiki/Q461671","display_name":"Data integrity","level":2,"score":0.33629998564720154},{"id":"https://openalex.org/C45235069","wikidata":"https://www.wikidata.org/wiki/Q278425","display_name":"Table (database)","level":2,"score":0.28679999709129333},{"id":"https://openalex.org/C67186912","wikidata":"https://www.wikidata.org/wiki/Q367664","display_name":"Data modeling","level":2,"score":0.2824000120162964},{"id":"https://openalex.org/C3746660","wikidata":"https://www.wikidata.org/wiki/Q1068763","display_name":"Rule of inference","level":2,"score":0.26170000433921814},{"id":"https://openalex.org/C55166926","wikidata":"https://www.wikidata.org/wiki/Q2892946","display_name":"Oracle","level":2,"score":0.2551000118255615},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.2540000081062317},{"id":"https://openalex.org/C137822555","wikidata":"https://www.wikidata.org/wiki/Q2587068","display_name":"Information sensitivity","level":2,"score":0.25189998745918274}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2512.06906","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2512.06906","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2512.06906","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2512.06906","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.4912506639957428}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Detecting":[0],"the":[1,80,112,139,153,160,165,171,206,217,228,254],"anomalies":[2,49,255],"of":[3,116,230],"web":[4,19,23,27],"applications,":[5],"important":[6],"infrastructures":[7],"for":[8,16,66,94,108,182,215,253],"running":[9],"modern":[10,22],"companies":[11],"and":[12,32,92,133,157,176,192,199,235,243],"governments,":[13],"is":[14],"crucial":[15,59],"providing":[17],"reliable":[18],"services.":[20],"Many":[21],"applications":[24],"operate":[25],"on":[26,164,187,224,227],"APIs":[28,175],"(e.g.,":[29],"RESTful,":[30],"SOAP,":[31],"WebSockets),":[33],"their":[34],"exposure":[35],"invites":[36],"intended":[37],"attacks":[38,226],"or":[39],"unintended":[40],"illegal":[41],"visits,":[42],"causing":[43],"abnormal":[44,136],"system":[45],"behaviors.":[46],"However,":[47],"such":[48,239],"can":[50,72,77,122],"share":[51],"very":[52],"similar":[53],"logs":[54,128],"with":[55],"normal":[56,194],"logs,":[57],"missing":[58],"information":[60],"(which":[61],"could":[62],"be":[63,73],"in":[64,127],"database)":[65],"log":[67,70,82,119,195],"discrimination.":[68],"Further,":[69],"instances":[71,196],"also":[74],"noisy,":[75],"which":[76,103,121],"further":[78],"mislead":[79],"state-of-the-art":[81],"learning":[83],"solutions":[84],"to":[85,129,151,169,197,211],"learn":[86],"spurious":[87],"correlation,":[88],"resulting":[89],"superficial":[90],"models":[91],"rules":[93],"anomaly":[95,109],"detection.":[96],"In":[97],"this":[98],"work,":[99],"we":[100],"propose":[101],"MINES":[102,143,179,204,223,249],"infers":[104,159],"explainable":[105],"API":[106,146],"invariants":[107,210],"detection":[110],"from":[111],"schema":[113,150,168],"level":[114],"instead":[115],"detailed":[117],"raw":[118],"instances,":[120],"(1)":[123,144],"significantly":[124],"discriminate":[125],"noise":[126],"identify":[130],"precise":[131],"normalities":[132],"(2)":[134,158],"detect":[135],"behaviors":[137],"beyond":[138],"instrumented":[140],"logs.":[141,219],"Technically,":[142],"converts":[145],"signatures":[147],"into":[148,209],"table":[149,190],"enhance":[152],"original":[154],"database":[155,162,167,177],"shema;":[156],"potential":[161,172,184],"constraints":[163,208],"enhanced":[166],"capture":[170],"relationships":[173],"between":[174],"tables.":[178],"uses":[180],"LLM":[181],"extracting":[183],"relationship":[185],"based":[186],"two":[188],"given":[189],"structures;":[191],"use":[193],"reject":[198],"accept":[200],"LLM-generated":[201],"invariants.":[202],"Finally,":[203],"translates":[205],"inferred":[207],"generate":[212],"Python":[213],"code":[214],"verifying":[216],"runtime":[218],"We":[220],"extensively":[221],"evaluate":[222],"web-tamper":[225],"benchmarks":[229],"TrainTicket,":[231],"NiceFish,":[232],"Gitea,":[233],"Mastodon,":[234],"NextCloud":[236],"against":[237],"baselines":[238],"as":[240],"LogRobust,":[241],"LogFormer,":[242],"WebNorm.":[244],"The":[245],"results":[246],"show":[247],"that":[248],"achieves":[250],"high":[251],"recall":[252],"while":[256],"introducing":[257],"almost":[258],"zero":[259],"false":[260],"positives,":[261],"indicating":[262],"a":[263],"new":[264],"state-of-the-art.":[265]},"counts_by_year":[],"updated_date":"2025-12-10T02:49:46.989445","created_date":"2025-12-10T00:00:00"}