In this paper, we address the problem of intrusion detection for modern web applications and mobile applications with the cloud-based server side, using malicious content detection in JSON data, which is currently one of the most popular data serialization and exchange formats between client and server parts of an application. We propose a method for building a JSON model for the given set of JSON objects capable of detection of structure and type anomalies. The model is based on the models for basic data types inside JSON collection objects and schema model that generalizes objects' structure in the collection. We performed experiments using modifications of objects' structures and insertions of code injection attack vectors such as SQL injections, OS command injections, and JavaScript/HTML injections. The analysis showed statistical significance between the model's predictions and the presence of anomalies in the data gathered from the real web applications' traffic. The quality of the model's predictions was measured using the Matthews correlation coefficient (MCC). The MCC values computed on the data were close to one which indicates the model's high efficiency in solving the problem of anomaly detection in JSON objects.