Pembatasan Laju Adaptif Berbasis Verifiable Delay Function untuk Mitigasi Penyalahgunaan API pada Gateway Edge Ringan

Authors

  • Diah Putri Kartikasari Universitas Islam Negeri Sumatera Utara Medan
  • Tiara Ayu Triarta Tambak Universitas Islam Negeri Sumatera Utara Medan
  • Agung Nugroho Universitas Islam Negeri Sumatera Utara Medan
  • Ibnu Rusydi Universitas Islam Negeri Sumatera Utara Medan

DOI:

https://doi.org/10.62383/polygon.v4i1.931

Keywords:

Adaptive Rate Limiting, API Abuse, Edge Gateway, Risk Score, Verifiable Delay Function

Abstract

API abuse on lightweight edge gateways has intensified as microservice-based services expose many REST endpoints to heterogeneous clients. Conventional per-identity rate limiting, such as static token buckets, is frequently bypassed through distributed bots and identity rotation, while legitimate burst traffic may be rejected and degrade user experience. This study proposes Adaptive Rate Limiting with Verifiable Delay Functions (ARL-VDF), which couples a lightweight risk score with selective VDF challenges to impose a tunable sequential-computation cost on suspicious clients without forcing aggressive dropping for low-risk users. The gateway continuously derives a per-identity risk score from short-window request rate, error tendency, and identity freshness, then maps the score to a target delay bounded by  and . Evaluation uses a 600-second discrete-event simulation on a mixed workload consisting of normal clients, legitimate bursts, and distributed attackers. Compared with a static token bucket baseline, ARL-VDF maintains full success for legitimate traffic, reduces attacker throughput that passes the gateway, and keeps verification overhead within a fixed budget on the edge device. The results indicate that combining adaptive control with verifiable sequential cost can improve availability and fairness on resource-constrained edge gateways without resorting to aggressive dropping.

Downloads

Download data is not yet available.

References

Ali, I., Caprolu, M., & Di Pietro, R. (2020). Foundations, properties, and security applications of puzzles: A survey. ACM Computing Surveys, 53(4), Article 88. https://doi.org/10.1145/3396374

Attias, D., Vigneri, L., & Dimitrov, D. (2021). Implementation study of two verifiable delay functions. In Proceedings of Tokenomics 2020 (pp. 1–10). https://doi.org/10.4230/OASIcs.Tokenomics.2020.9

Bartkov, M., & Borovikov, D. (2022). Selection of a suitable algorithm for the implementation of rate-limiter based on Bucket4j. International Journal of Online and Biomedical Engineering (IJOE), 18(4), 51–62. https://doi.org/10.3991/ijoe.v18i04.25641

Boneh, D., Bonneau, J., Bünz, B., & Fisch, B. (2018). Verifiable delay functions. In Advances in cryptology – CRYPTO 2018 (pp. 757–788). Springer. https://doi.org/10.1007/978-3-319-96884-1_25

Chandramouli, R., Romero-Mariona, S., & McCarthy, A. (2019). Security strategies for microservices-based application systems (NIST Special Publication No. 800-204). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-204

El Malki, A., Zdun, U., & Pautasso, C. (2022). Impact of API rate limit on reliability of microservices-based architectures. In 2022 IEEE International Conference on Service-Oriented System Engineering (SOSE) (pp. 19–28). IEEE. https://doi.org/10.1109/SOSE55356.2022.00009

Farkiani, S., Sarramia, D., & Lau, H. C. W. (2025). Rethinking HTTP API rate limiting: Client-side approach. Manuscript submitted for publication.

Hossain, M. D., et al. (2023). The role of microservice approach in edge computing: Opportunities, challenges, and research directions. ICT Express, 9(6), 1162–1182. https://doi.org/10.1016/j.icte.2023.06.006

Kalyanasundaram, T., Punith, B., & V, S. (2025). Load balancer filter-based approach to enable distributed API rate limiting. In Proceedings of the 37th Conference of FRUCT Association (pp. 75–85).

Morabito, R., Petrolo, R., Loscrì, V., & Mitton, N. (2019). Reprint of: LEGIoT: A lightweight edge gateway for the Internet of Things. Future Generation Computer Systems, 92, 1157–1171. https://doi.org/10.1016/j.future.2018.10.020

Pietrzak, K. (2019). Simple verifiable delay functions. In Proceedings of the 10th Innovations in Theoretical Computer Science Conference (ITCS 2019) (Article 60, pp. 1–18). https://doi.org/10.4230/LIPIcs.ITCS.2019.60

Prinakaa, S., Bavanika, V., Sanjana, S., Srinivasan, S., & Sarasvathi, V. (2024). A real-time approach to detecting API abuses based on behavioral patterns. In 2024 8th International Conference on Cryptography, Security and Privacy (CSP) (pp. 24–28). IEEE. https://doi.org/10.1109/CSP62567.2024.00012

Sanchez, B. A., et al. (2018). RestMule: Enabling resilient clients for remote APIs. In Proceedings of the 15th International Conference on Mining Software Repositories (MSR) (pp. 537–541). https://doi.org/10.1145/3196398.3196405

Serbout, B., et al. (2023). A pattern collection for API rate limit adoption. In Proceedings of the European Conference on Pattern Languages of Programs (EuroPLoP ’23) (pp. 1–20). https://doi.org/10.1145/3628034.3628039

Shi, W., Cao, J., Zhang, Q., Li, Y., & Xu, L. (2016). Edge computing: Vision and challenges. IEEE Internet of Things Journal, 3(5), 637–646. https://doi.org/10.1109/JIOT.2016.2579198

Tanveer, F., Houssein, E. H., & Hassanien, A. E. (2025). A survey on RESTful API vulnerability detection. Computers, Materials & Continua, 84(3), 4223–4257. https://doi.org/10.32604/cmc.2025.067536

Wesolowski, B. (2020). Efficient verifiable delay functions. Journal of Cryptology, 33, 2113–2147. https://doi.org/10.1007/s00145-020-09364-x

Wu, Q., Zhao, Y., Luo, Z., & Zhang, X. (2022). Verifiable delay function and its blockchain-related applications: A survey. Sensors, 22(19), 7524. https://doi.org/10.3390/s22197524

Xu, R., Jin, W., & Kim, D. (2019). Microservice security agent based on API gateway in edge computing. Sensors, 19(22), 4905. https://doi.org/10.3390/s19224905

Yin, Z., Song, Y., & Zong, G. (2024). Discovering API usage specifications for security detection using two-stage code mining. Cybersecurity, 7, Article 30. https://doi.org/10.1186/s42400-024-00224-w

Downloads

Published

2026-01-23

How to Cite

Diah Putri Kartikasari, Tiara Ayu Triarta Tambak, Agung Nugroho, & Ibnu Rusydi. (2026). Pembatasan Laju Adaptif Berbasis Verifiable Delay Function untuk Mitigasi Penyalahgunaan API pada Gateway Edge Ringan. Polygon : Jurnal Ilmu Komputer Dan Ilmu Pengetahuan Alam, 4(1), 74–86. https://doi.org/10.62383/polygon.v4i1.931

Similar Articles

1 2 3 > >> 

You may also start an advanced similarity search for this article.