Are APIs with Poor Design Subject to Poor Lexicon? : A Google Perspective

Sadia, Ahmad, Zarraa, Osama

January 2020

REST (Representational state transfer) is an architectural style for distributed hypermedia systems. The simplicity of REST allows straightforward communication between HTTP clients and servers using URIs (Uniform Resource Identifiers) and HTTP methods, e.g., GET, POST, PUT, and DELETE. To do the communication effectively between clients and servers, there is a set of best design practices (design and linguistic patterns) shall be followed, and a set of poor design practices (design and linguistic antipatterns) shall be avoided. This study aims to determine whether there is a relationship between design and linguistic quality in Google RESTful APIs. To find this relation, a tool is developed to detect patterns and antipatterns in REST APIs both in terms of design and linguistic quality. The input of this tool is qualitative data (Google APIs) and its output is quantitative data. Using this quantitative data, a statistical study is then performed to detect the relation. The tests that are conducted to obtain the final results are Chi-squared and Phi Coefficient tests. The result of Chi-squared that considered all the groups of patterns and antipatterns shows that there is a statistically significant relation between design and linguistic quality. However, when we assess the individual pair of patterns and antipatterns, our Phi Coefficient tests show that for most of the cases, there is no or negligible relationship between linguistic and design patterns and antipatterns.

Design patterns

Antipatterns

RESTful APIs

URIs

Uniform Resource Identifiers

Detection

Design quality

Google.

Computer Sciences

Datavetenskap (datalogi)

Studying the Relation between Linguistic and Design Quality in RESTful APIs

Larsson, Edvin, Hägglund, Jesper

January 2020

REST (REpresentational State Transfer) is commonly used for designing APIs. Two main categories of REST API quality have been identified in previous research: linguistic and design quality. Linguistic quality revolves around the design of the URIs. Design quality revolves around the metadata and body in HTTP requests and responses. For enabling and simplifying communications with REST, both linguistic and design quality are important, however, previous research has shown that even major APIs using REST are not always following best practices for linguistic and design quality. This study investigates if there is a statistical relation between linguistic and design quality. We selected 326 API endpoints from ten public APIs for this study. This study has reused and improved a Java-based tool in previous research for detecting aspects of linguistic quality in the APIs endpoints. For this study, we also developed a tool based on Node.js for detecting aspects of design quality in the API endpoints. These two tools are applied on the same API endpoints to be able to study the statistical relation. A Chi-Square test, implemented with R, showed that there is a significant statistical relation in our findings between linguistic and design quality. Pairwise phi-coefficient comparisons, implemented with Python, between each combination of the linguistic and design aspects used in this study identified eight weak and two moderate relations among the linguistic and design quality aspects. However, sample tests showed that the Java-based tool for detecting linguistic quality were not accurate, which made us fail to answer our problem formulation.

Design patterns

Design antipatterns

Linguistic patterns

Linguistic antipatterns

RESTful APIs

Uniform Resource Identifiers

Detection

Computer Sciences

Datavetenskap (datalogi)

A framework for high speed lexical classification of malicious URLs

Egan, Shaun Peter

January 2014

Phishing attacks employ social engineering to target end-users, with the goal of stealing identifying or sensitive information. This information is used in activities such as identity theft or financial fraud. During a phishing campaign, attackers distribute URLs which; along with false information, point to fraudulent resources in an attempt to deceive users into requesting the resource. These URLs are made obscure through the use of several techniques which make automated detection difficult. Current methods used to detect malicious URLs face multiple problems which attackers use to their advantage. These problems include: the time required to react to new attacks; shifts in trends in URL obfuscation and usability problems caused by the latency incurred by the lookups required by these approaches. A new method of identifying malicious URLs using Artificial Neural Networks (ANNs) has been shown to be effective by several authors. The simple method of classification performed by ANNs result in very high classification speeds with little impact on usability. Samples used for the training, validation and testing of these ANNs are gathered from Phishtank and Open Directory. Words selected from the different sections of the samples are used to create a `Bag-of-Words (BOW)' which is used as a binary input vector indicating the presence of a word for a given sample. Twenty additional features which measure lexical attributes of the sample are used to increase classification accuracy. A framework that is capable of generating these classifiers in an automated fashion is implemented. These classifiers are automatically stored on a remote update distribution service which has been built to supply updates to classifier implementations. An example browser plugin is created and uses ANNs provided by this service. It is both capable of classifying URLs requested by a user in real time and is able to block these requests. The framework is tested in terms of training time and classification accuracy. Classification speed and the effectiveness of compression algorithms on the data required to distribute updates is tested. It is concluded that it is possible to generate these ANNs in a frequent fashion, and in a method that is small enough to distribute easily. It is also shown that classifications are made at high-speed with high-accuracy, resulting in little impact on usability.

Computer security -- Research

Computer crimes -- Prevention

Phishing