公开(公告)号：US12210622B1

公开(公告)日：2025-01-28

申请号：US18065481

申请日：2022-12-13

Applicant: Amazon Technologies, Inc.

Inventor： Zhilu Zhang ,  Qian Cui ,  Baris Coskun ,  Wei Ding

IPC: G06F21/55

Abstract: Systems and methods for performing anomalous activity monitoring for a service provider network are disclosed. In response to receiving an activity log, a machine learning-based activity monitor may parse the activity log into segments, generate event objects from a segment of the activity log, encode the event objects, and then reconstruct the event objects based on decoding the encoded event objects. The encoding and decoding may be performed based on a model that was trained using training data with no known malicious activity. The event objects may comprise at least two or more event defining characteristics and an event count. By comparing the reconstructed event objects to corresponding initial versions of the event objects, the machine learning-activity monitor may determine an anomaly score and may provide an indication of events determined to be anomalous based on the score.