公开(公告)号：US12047408B1

公开(公告)日：2024-07-23

申请号：US17745441

申请日：2022-05-16

Applicant: Amazon Technologies, Inc.

Inventor： Brendan Cruz Colon ,  Matt Michael Sommer ,  Joshua Scott Hansen ,  Dennis Naylor Brown

IPC: H04L9/40

CPC classification number: H04L63/1458 ,  H04L63/0236 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/20

Abstract: Devices and techniques are generally described for anomalous network activity detection. In various examples, first application log data comprising a plurality of computer log actions may be received. A hidden Markov model associated may generate a first hidden state vector, where a first value of the first hidden state vector is associated with anomalous activity. A first timing vector associated with a first account may be determined, wherein the timing vector indicates first time periods of typical activity and second periods of typical inactivity for the first account. A first number of elements of the first hidden state vector that have the first value and which correspond to the second time periods of the first timing vector may be determined. Network access may be disabled for the first account.

公开(公告)号：US12058157B1

公开(公告)日：2024-08-06

申请号：US17831854

申请日：2022-06-03

Applicant: Amazon Technologies, Inc.

Inventor： Brendan Cruz Colon ,  Lance Dennis Leishman ,  Matthew Michael Sommer ,  Alexander Noble Adkins ,  Samantha Felice ,  Christopher Miller ,  Dennis Naylor Brown ,  Diana Keller ,  Michael Alexander Cecil ,  Michael Chad McClure ,  Joel Booker ,  Adam Edward Powers ,  Dorion Carroll

IPC: H04L9/40

CPC classification number: H04L63/1425 ,  H04L63/102

Abstract: Devices and techniques are generally described for anomalous computer activity detection. In various examples, first computer activity data associated with a first account may be determined. A first linear detection event that corresponds to the first computer activity data may be determined. In some examples, a set of gradient-based data associated with the first linear detection event may be determined. The set of gradient-based data may represent comparative analysis of the first computer activity data with computer activity data of other accounts. In some examples, first data representing the first linear detection event and the set of gradient-based data may be generated. In various cases, network access for the first account may be disabled based on the first data.