公开(公告)号：US11868852B1

公开(公告)日：2024-01-09

申请号：US15587181

申请日：2017-05-04

Applicant: Amazon Technologies, Inc.

Inventor： Alexander Watson

IPC: G06N20/00 ,  H04L9/40

CPC classification number: G06N20/00 ,  H04L63/10 ,  H04L63/20

Abstract: A machine learning algorithm, such as a random forest regressor, can be trained using a set of annotated data objects to estimate the risk or business value for an object. The feature contributions for each data object can be analyzed and a representation generated that clusters data objects by feature contributions. Any clustering of data objects with incorrect scores in the visualization can be indicative of gaps in the regressor training. Adjustments to the inputs can be made, and the regressor retrained, to eliminate clustering of errors for similar feature contributions. Correcting the risk score estimations can ensure that the appropriate security policies and permissions are applied to each data object.

公开(公告)号：US10320819B2

公开(公告)日：2019-06-11

申请号：US15443801

申请日：2017-02-27

Applicant: Amazon Technologies, Inc.

Inventor： Alexander Watson ,  Daniel Brim ,  Christopher Simmons ,  Paul Radulovic ,  Tyler Stuart Bray ,  Jennifer Anne Brinkley ,  Eric Johnson ,  Victor Chin ,  Jack Rasgaitis ,  Nai Qin Cai ,  Michael Gough ,  Max Anger

IPC: H04L29/06 ,  G06F16/951 ,  G06N3/04 ,  G06N3/08 ,  G06F21/55 ,  G06N5/00 ,  G06N5/04 ,  G06N7/00 ,  G06Q20/40 ,  G06F16/35

Abstract: A corpus of documents (and other data objects) stored for an entity can be analyzed to determine one or more topics for each document. Elements of the documents can be analyzed to also assign a risk score. The types of topics and security elements, and the associated risk scores, can be learned and adapted over time using, for example, a topic model and random forest regressor. Activity with respect to the documents is monitored, and expected behavior for a user determined using a trained recurrent neural network. Ongoing user activity is processed to determine whether the activity excessively deviates from the expected user activity. The activity can also be compared against the activity of user peers to determine whether the activity is also anomalous among the user peer group. For anomalous activity, risk scores of the accessed documents can be analyzed to determine whether to generate an alert.

公开(公告)号：US20180248895A1

公开(公告)日：2018-08-30

申请号：US15443801

申请日：2017-02-27

Applicant: Amazon Technologies, Inc.

Inventor： Alexander Watson ,  Daniel Brim ,  Christopher Simmons ,  Paul Radulovic ,  Tyler Stuart Bray ,  Jennifer Anne Brinkley ,  Eric Johnson ,  Victor Chin ,  Jack Rasgaitis ,  Nai Qin Cai ,  Michael Gough ,  Max Anger

IPC: H04L29/06 ,  G06F17/30 ,  G06N3/08 ,  G06N3/04

CPC classification number: H04L63/1416 ,  G06F17/30705 ,  G06F17/30864 ,  G06F21/554 ,  G06N3/0445 ,  G06N3/08 ,  G06N5/003 ,  G06N5/045 ,  G06N7/005 ,  G06Q20/4016 ,  H04L63/083 ,  H04L63/0861 ,  H04L63/101

Abstract: A corpus of documents (and other data objects) stored for an entity can be analyzed to determine one or more topics for each document. Elements of the documents can be analyzed to also assign a risk score. The types of topics and security elements, and the associated risk scores, can be learned and adapted over time using, for example, a topic model and random forest regressor. Activity with respect to the documents is monitored, and expected behavior for a user determined using a trained recurrent neural network. Ongoing user activity is processed to determine whether the activity excessively deviates from the expected user activity. The activity can also be compared against the activity of user peers to determine whether the activity is also anomalous among the user peer group. For anomalous activity, risk scores of the accessed documents can be analyzed to determine whether to generate an alert.

公开(公告)号：US11863563B1

公开(公告)日：2024-01-02

申请号：US15923832

申请日：2018-03-16

Applicant: Amazon Technologies, Inc.

Inventor： Neha Rungta ,  Tyler Stuart Bray ,  Kasper Søe Luckow ,  Alexander Watson ,  Jeff Puchalski ,  John Cook ,  Michael Gough

IPC: H04L9/40

CPC classification number: H04L63/105 ,  H04L63/20

Abstract: The appropriate scoping of an access policy can be determined using the observed access and usage of various resources covered under that policy. Information about access requests received over a period of time can be logged, and actions represented in the log data can be mapped to the permissions of the access policy. A new access policy can be generated that includes grant permissions only for those actions that were received and/or granted during the monitored period of time. The new policy can be processed using policy logic to ensure that changes in permission comply with rules or policies for the target resources. The new policy can be at least partially implemented, or can be provided to an authorized user, who can choose to adopt or deny the new policy, or to accept some of the recommendations for modifying the current policy.

公开(公告)号：US20230370473A1

公开(公告)日：2023-11-16

申请号：US18359456

申请日：2023-07-26

Applicant: Amazon Technologies, Inc.

Inventor： Neha Rungta ,  Tyler Stuart Bray ,  Kasper Søe Luckow ,  Alexander Watson ,  Jeff Puchalski ,  John Cook ,  Michael Gough

IPC: H04L9/40

CPC classification number: H04L63/105 ,  H04L63/20

Abstract: The appropriate scoping of an access policy can be determined using the observed access and usage of various resources covered under that policy. Information about access requests received over a period of time can be logged, and actions represented in the log data can be mapped to the permissions of the access policy. A new access policy can be generated that includes grant permissions only for those actions that were received and/or granted during the monitored period of time. The new policy can be processed using policy logic to ensure that changes in permission comply with rules or policies for the target resources. The new policy can be at least partially implemented, or can be provided to an authorized user, who can choose to adopt or deny the new policy, or to accept some of the recommendations for modifying the current policy.

公开(公告)号：US11102221B2

公开(公告)日：2021-08-24

申请号：US16426830

申请日：2019-05-30

Applicant: Amazon Technologies, Inc.

Inventor： Alexander Watson ,  Daniel Brim ,  Christopher Simmons ,  Paul Radulovic ,  Tyler Stuart Bray ,  Jennifer Anne Brinkley ,  Eric Johnson ,  Victor Chin ,  Jack Rasgaitis ,  Nai Qin Cai ,  Michael Gough ,  Max Anger

IPC: H04L29/06 ,  G06F16/951 ,  G06F21/55 ,  G06N5/00 ,  G06N5/04 ,  G06N7/00 ,  G06Q20/40 ,  G06F16/35 ,  G06N20/20 ,  G06N3/04 ,  G06N3/08

Abstract: A corpus of documents (and other data objects) stored for an entity can be analyzed to determine one or more topics for each document. Elements of the documents can be analyzed to also assign a risk score. The types of topics and security elements, and the associated risk scores, can be learned and adapted over time using, for example, a topic model and random forest regressor. Activity with respect to the documents is monitored, and expected behavior for a user determined using a trained recurrent neural network. Ongoing user activity is processed to determine whether the activity excessively deviates from the expected user activity. The activity can also be compared against the activity of user peers to determine whether the activity is also anomalous among the user peer group. For anomalous activity, risk scores of the accessed documents can be analyzed to determine whether to generate an alert.

公开(公告)号：US20190281076A1

公开(公告)日：2019-09-12

申请号：US16426830

申请日：2019-05-30

Applicant: Amazon Technologies, Inc.

Inventor： Alexander Watson ,  Daniel Brim ,  Christopher Simmons ,  Paul Radulovic ,  Tyler Stuart Bray ,  Jennifer Anne Brinkley ,  Eric Johnson ,  Victor Chin ,  Jack Rasgaitis ,  Nai Qin Cai ,  Michael Gough ,  Max Anger

IPC: H04L29/06 ,  G06N5/00 ,  G06Q20/40 ,  G06N7/00 ,  G06F16/35 ,  G06N3/08 ,  G06N3/04 ,  G06F21/55 ,  G06F16/951 ,  G06N5/04

Abstract: A corpus of documents (and other data objects) stored for an entity can be analyzed to determine one or more topics for each document. Elements of the documents can be analyzed to also assign a risk score. The types of topics and security elements, and the associated risk scores, can be learned and adapted over time using, for example, a topic model and random forest regressor. Activity with respect to the documents is monitored, and expected behavior for a user determined using a trained recurrent neural network. Ongoing user activity is processed to determine whether the activity excessively deviates from the expected user activity. The activity can also be compared against the activity of user peers to determine whether the activity is also anomalous among the user peer group. For anomalous activity, risk scores of the accessed documents can be analyzed to determine whether to generate an alert.