公开(公告)号：US12041094B2

公开(公告)日：2024-07-16

申请号：US16864959

申请日：2020-05-01

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr

IPC: H04L9/40 ,  H04L67/12 ,  G16Y10/75 ,  G16Y40/50

CPC classification number: H04L63/205 ,  H04L67/12 ,  G16Y10/75 ,  G16Y40/50

Abstract: Various embodiments of apparatuses and methods for threat sensor deployment and management in a malware threat intelligence system are described. In some embodiments, the system comprises a plurality of threat sensors, deployed at different network addresses and physically located in different geographic regions in a provider network, which detect interactions from sources. In some embodiments, a threat sensor deployment and management service determines a deployment plan for the plurality of threat sensors, including each threat sensor's associated threat data collectors. The threat data collectors can be of different types such as utilizing different communication protocols or ports, or providing different kinds of responses to inbound communications. The different threat sensors can have different lifetimes. The service deploys the threat sensors based on the plan, collects data from the deployed threat sensors, adjusts the deployment plan based on the collected data and the threat sensor lifetimes, and then performs the adjustments.

公开(公告)号：US11611580B1

公开(公告)日：2023-03-21

申请号：US16807055

申请日：2020-03-02

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr ,  Amit Jagannath Mhatre

IPC: H04L9/40

Abstract: Various embodiments of apparatuses and methods for malware infection detection for edge devices, such as IoT (“Internet of Things”) devices, are described. In some embodiments, a malware infection detection service receives data from a plurality of edge devices of a remote network. It can identify a variety of different detection mechanisms to detect whether an edge device is potentially infected with malware, and determine confidence levels for the different detection mechanisms. Using the detection mechanisms with the received data, it can determine one or more findings that an edge device is potentially infected with malware. It can then determine a confidence level for each finding. It can then determine an accumulated confidence, based on the confidence levels of the detection mechanisms and the findings. The malware infection detection service might then identify one or more of the edge devices as potentially being infected by malware based on the accumulated confidence.

公开(公告)号：US11489853B2

公开(公告)日：2022-11-01

申请号：US16864999

申请日：2020-05-01

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr

IPC: G06F16/25 ,  H04L9/40 ,  H04L29/06 ,  G06N20/00

Abstract: Various embodiments of apparatuses and methods for distributed threat sensor data collection and data export of a malware threat intelligence system are described. In some embodiments, the system comprises a plurality of threat sensors, deployed at different network addresses and physically located in different geographic regions in a provider network, which detect interactions from sources. In some embodiments, a distributed threat sensor data collection and data export service receives a stream of sensor logs from the plurality of threat sensors. The stream of sensor logs has information about interactions with the threat sensors, including an identifier of the source. The service aggregates the information in the sensor logs by the source, computes significance scores for each source where a significance score quantifies a likelihood that the source is engaging in threatening network communications, and provides the significance scores to other destinations.

公开(公告)号：US11329962B2

公开(公告)日：2022-05-10

申请号：US16041660

申请日：2018-07-20

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr

IPC: H04L29/06 ,  G06F21/60 ,  G06F21/62 ,  H04L9/14 ,  G06F8/60

Abstract: The present document describes systems and methods that provide an envelope including an encrypted message and a data encryption key reference. A message is encrypted with a data encryption key to produce an encrypted message. The data encryption key is further encrypted using a key encrypting key to produce an encrypted data encryption key. An envelope includes the encrypted message and the data encryption key reference is then provided to a recipient.

公开(公告)号：US20210344726A1

公开(公告)日：2021-11-04

申请号：US16864959

申请日：2020-05-01

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr

IPC: H04L29/06 ,  H04L29/08

Abstract: Various embodiments of apparatuses and methods for threat sensor deployment and management in a malware threat intelligence system are described. In some embodiments, the system comprises a plurality of threat sensors, deployed at different network addresses and physically located in different geographic regions in a provider network, which detect interactions from sources. In some embodiments, a threat sensor deployment and management service determines a deployment plan for the plurality of threat sensors, including each threat sensor's associated threat data collectors. The threat data collectors can be of different types such as utilizing different communication protocols or ports, or providing different kinds of responses to inbound communications. The different threat sensors can have different lifetimes. The service deploys the threat sensors based on the plan, collects data from the deployed threat sensors, adjusts the deployment plan based on the collected data and the threat sensor lifetimes, and then performs the adjustments.

公开(公告)号：US11095647B2

公开(公告)日：2021-08-17

申请号：US16265414

申请日：2019-02-01

Applicant: Amazon Technologies, Inc.

Inventor： Muhammad Wasiq ,  Nima Sharifi Mehr

IPC: H04L29/06 ,  H04L29/12 ,  H04L29/08 ,  G06F21/62

Abstract: Disclosed are various embodiments for preventing the unintended leakage of cookie data. In one embodiment, a browser application stores cookie data from a first network site having a high-level domain in a client computing device. A classification is assigned to a second network site having the high-level domain. The cookie data is sent to the second network site based at least in part on the classification rather than the default behavior of the browser application.

公开(公告)号：US11050787B1

公开(公告)日：2021-06-29

申请号：US15694425

申请日：2017-09-01

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr

IPC: G06F21/00 ,  G06F21/53 ,  G06F21/55 ,  H04L29/06 ,  G06F9/455

Abstract: Systems and methods are provided for adaptively configuring and deploying honeypots in user compute resources. The methods select, based at least in part on a profile associated with a user account, a virtual machine image having a type and associated with a countermeasure. Cause a virtual machine to be launched in connection with a virtual network associated with the user account.

公开(公告)号：US10812521B1

公开(公告)日：2020-10-20

申请号：US16100695

申请日：2018-08-10

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr

IPC: H04L29/06

Abstract: Techniques are described for implementing a security service that can be used to monitor and provide security-related information for Internet of Things (IoT) devices. An IoT security service uses a reference framework to model the progressive stages of IoT security attacks, also referred to herein as an IoT kill chain. Each stage of an IoT kill chain is associated with a set of security threat “facilitators” and/or security threat “indicators.” Facilitators represent characteristics of an IoT device that cause the device to be susceptible to various types of security threats, while indicators represent detected device activity indicating a potential ongoing security attack. An IoT security service collects data from IoT devices being monitored and possibly other related components, analyzes the collected data to detect defined facilitators and indicators, and uses the detected facilitators and indicators to calculate various security scores for individual devices or for groups of devices.

公开(公告)号：US10574698B1

公开(公告)日：2020-02-25

申请号：US15694562

申请日：2017-09-01

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr

IPC: G06F12/14 ,  H04L29/06

Abstract: Systems and methods are provided for configuring and deploying decoy content over a network. The methods generate decoy content, including identifying information, based on information about network traffic in a virtual network associated with a user. Cause the decoy content to be sent in the virtual network. Determine, based at least in part on the identifying information, that at least the portion of the decoy content was used. In response to determining that the portion of the decoy content was used, alert the user that the decoy content was used.

公开(公告)号：US10574686B2

公开(公告)日：2020-02-25

申请号：US16230901

申请日：2018-12-21

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr ,  Christopher Dunn ,  Alexis Floyd ,  David James Kane-Parry ,  Volker Helmut Mosthaf ,  Christopher Gordon Williams

IPC: H04L29/00 ,  H04L29/06 ,  H04L29/08 ,  H04L12/46 ,  G06Q10/08 ,  G06Q20/40 ,  H04L9/32

Abstract: A first computer is selected for testing. Information sent from a second computer system to the first computer is intercepted. The information is modified to be noncompliant with a communication protocol, thereby producing noncompliant information. A determination is made whether the first computer device has failed to provide a particular response to receipt of the noncompliant information, and an operation is performed based at least in part on the determination.