Machine Learning for Securing API Gateways : a Systematic Literature Review

B. Junedi Hutagaol; Riama Santy Sitorus; Dita Madonna Simanjuntak

doi:10.47709/cnahpc.v7i3.6788

Authors

B. Junedi Hutagaol ASA Indonesia University, Jakarta, Indonesia
Riama Santy Sitorus ASA Indonesia University, Jakarta, Indonesia
Dita Madonna Simanjuntak Kristen Indonesia University, Jl. Mayjen Sutoyo, Jakarta, Indonesia

DOI:

https://doi.org/10.47709/cnahpc.v7i3.6788

Keywords:

API Gateway Security, Cybersecurity Awareness, Machine Learning, Mobile Banking, Systematic Literature Review

Abstract

The rapid growth of mobile banking has improved access to financial services but also introduced heightened cybersecurity risks, particularly due to vulnerabilities in API Gateways and limited user awareness of cyber threats. This study conducts a Systematic Literature Review (SLR) to explore how machine learning (ML) can address both technical and human-centric security challenges in digital banking. By reviewing sixteen peer-reviewed studies published between 2019 and 2025, the study identifies key ML techniques such as anomaly detection, behavior-based models, and deep learning architectures that are effective in detecting and mitigating API-based attacks. In parallel, the review examines ML applications aimed at enhancing user cybersecurity awareness, including personalized alert systems, user segmentation, and adaptive education mechanisms. Thematic synthesis reveals several challenges, including data availability and privacy, the interpretability of complex models, and integration with existing banking infrastructures. However, the study also highlights significant opportunities, such as the use of federated learning to preserve privacy, explainable AI to improve trust, and dynamic alert systems to prevent user fatigue. Based on the synthesis, a conceptual architecture is proposed to integrate ML-driven API threat detection and user education within mobile banking platforms. The findings provide valuable insights for both academic research and practical implementation, contributing to the development of intelligent, user-aware cybersecurity frameworks in the financial sector.
Keywords: API Gateway Security, Cybersecurity Awareness, Machine Learning, Mobile Banking, Systematic Literature Review.

Downloads

Download data is not yet available.

References

Adilapuram, Srinivas. 2025. “Enhancing Java API Security with AI and Machine Learning: Smarter Defenses for a Safer Digital World.” International Journal of Science and Research (IJSR) 14(3):341–45. doi:10.21275/sr25307091014.

Al-Amiedy, Taief Alaa, Mohammed Anbar, Bahari Belaton, Arkan Hammoodi Hasan Kabla, Iznan H. Hasbullah, and Ziyad R. Alashhab. 2022. “A Systematic Literature Review on Machine and Deep Learning Approaches for Detecting Attacks in RPL-Based 6LoWPAN of Internet of Things.” Sensors 22(9). doi:10.3390/s22093400.

Ashokan, Pradeesh, and Ravi Kumar. 2024. “Exploring API Security Protocols in ML-Powered Mobile Apps: A Study on IOS and Android Platforms.” SARC Publishers 3(7):1–7.

Basheer, Nihala, Shareeful Islam, Mohammed K. S. Alwaheidi, and Spyridon Papastergiou. 2024. “Adoption of Deep-Learning Models for Managing Threat in API Calls with Transparency Obligation Practice for Overall Resilience.” Sensors 24(15). doi:10.3390/s24154859.

Basri, Wael Sh, and Abdullah Almutairi. 2023. “Enhancing Financial Self-Efficacy through Artificial Intelligence (AI) in Banking Sector.” International Journal of Cyber Criminology 17(2):284–311. doi:10.5281/zenodo.4766717.

Carbo-Valverde, Santiago, Pedro Cuadros-Solas, and Francisco Rodríguez-Fernández. 2020. A Machine Learning Approach to the Digitalization of Bank Customers: Evidence from Random and Causal Forests. Vol. 15.

Chew, Chit Jie, Po Yao Wang, and Jung San Lee. 2023. “Behavioral Analysis Zero-Trust Architecture Relying on Adaptive Multifactor and Threat Determination.” KSII Transactions on Internet and Information Systems 17(9):2529–49. doi:10.3837/tiis.2023.09.012.

Cota, Duarte, José Martins, Henrique Mamede, and Frederico Branco. 2023. “BHiveSense: An Integrated Information System Architecture for Sustainable Remote Monitoring and Management of Apiaries Based on IoT and Microservices.” Journal of Open Innovation: Technology, Market, and Complexity 9(3). doi:10.1016/j.joitmc.2023.100110.

Dinçkol, Dize, Pinar Ozcan, and Markos Zachariadis. 2023. “Regulatory Standards and Consequences for Industry Architecture: The Case of UK Open Banking.” Research Policy 52(6):104760. doi:10.1016/j.respol.2023.104760.

Gandham, Deepak. 2025. “Ai-Powered Api Security: Revolutionizing Digital Defense.” International Journal of Information Technology and Management Information Systems 16(1):358–69. doi:10.34218/ijitmis_16_01_027.

Gopalsamy, Mani. 2023. “Evaluating the Effectiveness of Machine Learning (ML) Models in Detecting Malware Threats for Cybersecurity.” International Journal of Current Engineering and Technology 13(06). doi:10.14741/ijcet/v.13.6.4.

Gupta, Pankaj, and Prasanta Tripathy. 2024. “Unsupervised Learning for Real-Time Data Anomaly Detection: A Comprehensive Approach.” International Journal of Computer Science and Engineering 11(10):1–11. doi:10.14445/23488387/ijcse-v11i10p101.

Hamed, Mohamed, Mohamed Hefny, Yehia Helmy, and Mohamed Abdelsalam. 2023. “Open Banking API Framework to Improve the Online Transaction between Local Banks in Egypt Using Blockchain Technology.” 14(4). doi:10.12720/jait.14.4.729-740.

Hanafizadeh, Payam, and Mojdeh Gerami Amin. 2023. The Transformative Potential of Banking Service Domains with the Emergence of FinTechs. Vol. 28. Palgrave Macmillan UK.

Hossain, Mohammad Amir, Md. Adil Raza, and Jami Yaseer Rahman. 2025. “Investigating the Cybersecurity Implications of Open Banking and Application Programming Interfaces (APIs) in the Financial Sector.” Jurnal Ekonomi Dan Bisnis Digital 4(1):39–56. doi:10.55927/ministal.v4i1.13370.

Hutagaol, B. Junedi, Riama Santy Sitorus, and Nindya Hutagaol. 2024. “Identifikasi Tingkat Kesadaran Pengguna Mobile Banking Terhadap Ancaman Cybercrime.” Jurnal Teknologi Sistem Informasi Dan Aplikasi 7(3):1043–54. doi:10.32493/jtsi.v7i3.41639.

Kabanda, Professor Gabriel, Colletor Tendeukai Chipfumbu, and Tinashe Chingoriwo. 2023. “A Reinforcement Learning Paradigm for Cybersecurity Education and Training.” Oriental Journal of Computer Science and Technology 16(01):12–45. doi:10.13005/ojcst16.01.02.

Kelvin Ovabor, Ismail Oluwatobiloba Sule-Odu, Travis Atkison, Adetutu Temitope Fabusoro, and Joseph Oluwaseun Benedict. 2024. “AI-Driven Threat Intelligence for Real-Time Cybersecurity: Frameworks, Tools, and Future Directions.” Open Access Research Journal of Science and Technology 12(2):040–048. doi:10.53022/oarjst.2024.12.2.0135.

Mamashli, Zahra, and Sarfaraz Hashemkhani Zolfani. 2022. “Customer Segmentation Based on Mobile Banking User’s Behavior.” International Journal of Mechatronics, Electrical and Computer Technology (IJMEC) (Print) 12(46):5267–73.

Mosavi, Seyedehzahra, Chadni Islam, Muhammad Ali Babar, Sharif Abuadbba, and Kristen Moore. 2025. “Detecting Misuse of Security APIs: A Systematic Review.” ACM Computing Surveys 57(12). doi:10.1145/3735968.

Muhammad Sohail. 2025. “Intelligent Threat Detection and Prevention in REST APIs Using Machine Learning.” International Journal of Science and Research Archive 15(2):012–027. doi:10.30574/ijsra.2025.15.2.1281.

Nguyen, Minh Hao, Moritz Büchi, and Sarah Geber. 2022. “Everyday Disconnection Experiences: Exploring People’s Understanding of Digital Well-Being and Management of Digital Media Use.” New Media and Society. doi:10.1177/14614448221105428.

Olawale Olowu, Ademilola Olowofela Adeleye, Abraham Okandeji Omokanye, Akintayo Micheal Ajayi, Adebayo Olabode Adepoju, Olayinka Mary Omole, and Ernest C. Chianumba. 2024. “AI-Driven Fraud Detection in Banking: A Systematic Review of Data Science Approaches to Enhancing Cybersecurity.” GSC Advanced Research and Reviews 21(2):227–37. doi:10.30574/gscarr.2024.21.2.0418.

R. S. Deshpande, P. V. Ambatkar. 2023. “Interpretable Deep Learning Models: Enhancing Transparency and Trustworthiness in Explainable AI.” Proceeding International Conference on Science and Engineering 11(1):1352–63. doi:10.52783/cienceng.v11i1.286.

Ranjan, Piyush, and Sumit Dahiya. 2021. “Advanced Threat Detection in API Security: Leveraging Machine Learning Algorithms.” International Journal of Communication Networks and Information Security (February 2021).

Ranjan, Piyush, Akhil Khunger, Chalamayya Batchu, Veera Venkata, and Sumit Dahiya. 2022. “Threat Modeling and Risk Assessment of APIs in Fintech Applications.” 2(2):44–61. doi:10.56472/25832646/JETA-V2I2P108.

Saswata Dey, and Writuraj Sarma. 2020. “Automating Cybersecurity with AI/ML: Defending against Advanced Threats.” World Journal of Advanced Research and Reviews 6(3):297–308. doi:10.30574/wjarr.2020.6.3.0166.

Sema, Wasyihun, Yirga Yayeh, and Abebe Abeshu. 2024. “Cyber Security and Applications Cyber Security?: State of the Art , Challenges and Future Directions.” Cyber Security and Applications 2(September 2023):100031. doi:10.1016/j.csa.2023.100031.

Sitorus, Riama Santy, B. Junedi Hutagaol, Dita Madonna Simanjuntak, Information Technology, Computer Science, Computer Science, and Computer Science. 2025. “Capability-Based API Gateway Technology Selection Analysis for Banking Cybersecurity Solution Using AHP Method.” 9(1):338–47.

Sommer, Lutz. 2023. “The Digital Talent Trap in the Sme Sector: Make or Buy Solution Approach.” Intellectual Economics 17(1):8–29. doi:10.13165/IE-23-17-1-01.

Surdjono, Herman Dwi, Radinal Fadli, Ratna Candra Sari, Fivia Eliza, Abdulnassir Yassin, G. Kulanthaivel, M. Agphin Ramadhan, Riki Mukhaiyar, Mustofa Abi Hamid, M. Rais Ridwan, Sigit Purnomo, and Asnimawati. 2025. “Effectiveness of Cybersecurity Awareness Program Based on Mobile Learning to Improve Cyber Hygiene.” International Journal of Information and Education Technology 15(2):220–29. doi:10.18178/ijiet.2025.15.2.2235.

Sworna, Zarrin Tasnim, Anjitha Sreekumar, Chadni Islam, and Muhammad Ali Babar. 2023. “Security Tools’ API Recommendation Using Machine Learning.” International Conference on Evaluation of Novel Approaches to Software Engineering, ENASE - Proceedings 2023-April(Enase):27–38. doi:10.5220/0011708300003464.

Thej, Venkata, and Deep Jakkaraju. 2023. “Predictive Threat Modeling Using Reinforcement Learning Agents for API Gateway Exploit Detection.” 8(3):1–10.

Tjoa, Erico, and Cuntai Guan. 2021. “A Survey on Explainable Artificial Intelligence (XAI): Toward Medical XAI.” IEEE Transactions on Neural Networks and Learning Systems 32(11):4793–4813. doi:10.1109/TNNLS.2020.3027314.

Vaibhav Haribhau Khedkar. 2024. “The Transformative Impact of Artificial Intelligence and Machine Learning on Marketing Operations.” International Journal of Scientific Research in Computer Science, Engineering and Information Technology 10(6):176–82. doi:10.32628/cseit24106166.

Xu, Rongxu, Wenquan Jin, and Dohyeun Kim. 2019. “Microservice Security Agent Based on API Gateway in Edge Computing.” Sensors (Switzerland) 19(22):1–17. doi:10.3390/s19224905.

Zhang, Jinan, Lulu Guo, Jin Ye, Annarita Giani, Ahmed Elasser, Wenzhan Song, Jianzhe Liu, Bo Chen, and H. Alan Mantooth. 2023. “Machine Learning-Based Cyber-Attack Detection in Photovoltaic Farms.” IEEE Open Journal of Power Electronics 4(July):658–73. doi:10.1109/OJPEL.2023.3309897.

Zou, Hong, Jiafa Zhang, Zifeng Zeng, Weijie Xu, and Jiawei Jiang. 2025. “Research on API Security Vulnerability Detection and Repair Mechanism Based on Deep Learning.” Edelweiss Applied Science and Technology 9(3):2143–48. doi:10.55214/25768484.v9i3.5755.