Build rate limit bypass detection with behavioral anomaly scoring

[Smartdevs17]

Context

Static rate limits (100 req/min per IP, 1000 req/min per API key) are easy to bypass by distributing requests across multiple IPs or API keys.

Current Limitation/Problem

Distributed attacks (botnets, rotating API keys) bypass per-IP and per-key rate limits entirely. No behavioral anomaly detection exists.

Expected Outcome

ML-powered behavioral anomaly detection: model learns normal API usage patterns per key and per user, detects anomalies (sudden burst, unusual endpoints, abnormal timing), and triggers adaptive rate limiting.

Acceptance Criteria

• Feature extraction: request rate, endpoint distribution, time-of-day pattern, payload size, user-agent entropy, geographic spread
• ML model: Isolation Forest (unsupervised) for anomaly scoring, with configurable threshold
• Adaptive limiting: when anomaly score exceeds threshold (default 0.8), temporarily reduce rate limit by 50% or 90%
• False positive handling: allow-listed patterns (webhook callbacks, health checks), manual override per key
• Anomaly dashboard: recent anomalies with feature breakdown, severity, and suggested action
• Alert: real-time Slack/PagerDuty notification on high-confidence attacks (score >0.95)
• Edge case: legit traffic spike (Black Friday) -> train separate seasonal model, whitelist event days
• Edge case: model drift -> auto-retrain weekly with latest traffic patterns, alert on >5% accuracy drop

Technical Scope

• ml-service/ - rate limit anomaly detection model (Isolation Forest)
• backend/gateway/middleware/ - adaptive rate limit middleware
• backend/monitoring/ - anomaly score Prometheus metric per key
• mobile/app/screens/ - RateLimitDashboardScreen (admin only)
• ml-service/jobs/ - weekly model retraining and evaluation

[Emmo00]

@Emmo00 has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

I would love to work on this issue.

ℹ️ Repo Maintainers: To accept this application, review their application or assign @Emmo00 to this issue.

[AdeMi20]

@AdeMi20 has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

Hey i will love to handle these pls

ℹ️ Repo Maintainers: To accept this application, review their application or assign @AdeMi20 to this issue.

[drips-wave]

Congratulations, @Emmo00! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on June 30, 2026.

🧑‍💻 @Emmo00: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊