公开(公告)号：US09767013B1

公开(公告)日：2017-09-19

申请号：US15158359

申请日：2016-05-18

Applicant: AMAZON TECHNOLOGIES, INC.

Inventor： Dominique Imjya Brezinski

IPC: G06F21/56 ,  G06F12/02 ,  G06F21/57 ,  G06N99/00

CPC classification number: G06F12/0223 ,  G06F21/52 ,  G06F21/566 ,  G06F21/577 ,  G06F2221/034 ,  G06N99/005

Abstract: Techniques are described for identifying anomalous execution instance of the process as a security risk by analyzing the memory allocation for the process. Performance data describing memory allocation data describing the amount of memory allocated for a process or utilized by a process during its execution. A baseline of memory allocation is established for the plurality of executions of the process by applying a statistical distribution to the performance data collected. A memory allocation for the executing process may be compared to the baseline. An anomalous execution instance of the process that is outside a predetermined number of statistical variances of the baseline may be determined. At least one anomalous execution instance of the process may be designated as a security risk based at least partly on the anomalous memory allocation.

公开(公告)号：US09705920B1

公开(公告)日：2017-07-11

申请号：US14227845

申请日：2014-03-27

Applicant: Amazon Technologies, Inc.

Inventor： Harsha Ramalingam ,  Dominique Imjya Brezinski ,  Jesper Mikael Johansson ,  Jon Arron McClintock ,  James Connelly Petts

IPC: G06F11/00 ,  H04L29/06

CPC classification number: H04L63/20 ,  G06F21/14 ,  G06F21/54 ,  G06F21/55 ,  H04L63/1491

Abstract: Disclosed are various embodiments for active data, such as active decoy data. The active decoy data includes instructions that, when executed by a particular device, cause the particular computing device to determine whether the particular computing device is a target computing device. The particular computing device initiates a predefined action in response to determining that the particular computing device is not the target computing device. The approaches described herein may also be useful in wrapping and distributing digital content.

公开(公告)号：US20180091375A1

公开(公告)日：2018-03-29

申请号：US15829725

申请日：2017-12-01

Applicant: Amazon Technologies, Inc.

Inventor： Jon Arron McClintock ,  Dominique Imjya Brezinski ,  Tushaar Sethi ,  Maarten Van Horenbeeck

IPC: H04L12/24 ,  H04L12/733

CPC classification number: H04L41/12 ,  H04L45/122

Abstract: A method and apparatus for path detection are disclosed. In the method and apparatus, a data path may link two path-end nodes in a network. Event data for the network may be received and may be used to determine, for each node resident on the path, proximity measures to each path-end node. The proximity measure of network nodes may be evaluated to determine whether a path exists between the two path-end nodes.

公开(公告)号：US09576301B1

公开(公告)日：2017-02-21

申请号：US14042566

申请日：2013-09-30

Applicant: Amazon Technologies, Inc.

Inventor： Ram Sripracha ,  Dominique Imjya Brezinski

IPC: G06Q99/00 ,  G06Q30/02 ,  G06F21/10 ,  G06F21/00 ,  G06F21/50

CPC classification number: G06Q30/0273 ,  G06F21/00 ,  G06F21/10 ,  G06F21/44 ,  G06F21/50 ,  G06F2221/2119 ,  G06Q30/0241

Abstract: Methods and systems for framing detection are disclosed. A web page comprising a child frame is generated. The child frame comprises an instruction to load a component from a merchant. The child frame comprises a header option restricting a loading of the component from within a parent frame associated with a domain external to the merchant. The web page is sent from the merchant to a client browser. It is determined that the web page is loaded within the parent frame in the client browser if a request for the component is not received by the merchant. It is determined that the web page is not loaded within the parent frame in the client browser if a request for the component is received by the merchant.

Abstract translation: 公开了用于框架检测的方法和系统。 生成包括子帧的网页。 子帧包括从商家加载组件的指令。 子帧包括报头选项，该报头选项限制从与商户外部的域相关联的父帧内的组件的加载。 该网页从商家发送到客户端浏览器。 如果商家没有接收到该组件的请求，则确定该网页被加载到客户端浏览器中的父帧内。 如果商家接收到组件的请求，则确定该网页未被加载到客户端浏览器中的父帧内。

公开(公告)号：US09348742B1

公开(公告)日：2016-05-24

申请号：US14133418

申请日：2013-12-18

Applicant: AMAZON TECHNOLOGIES, INC.

Inventor： Dominique Imjya Brezinski

IPC: G06F21/56 ,  G06F12/02

CPC classification number: G06F12/0223 ,  G06F21/52 ,  G06F21/566 ,  G06F21/577 ,  G06F2221/034 ,  G06N99/005

Abstract: Techniques are described for identifying potential code injection attacks against a process by analyzing the memory allocation for the process. Memory allocation data may be collected on one or more host computing devices, the memory allocation data describing the amount of memory allocated for a process or utilized by a process during its execution. The collected memory allocation data may be analyzed to identify instances of anomalous memory allocation during process execution. Statistical or machine learning algorithms may be employed to identify anomalous memory allocation based on the analysis of aggregated memory allocation data for the process.

Abstract translation: 描述了通过分析过程的内存分配来识别对进程的潜在代码注入攻击的技术。 存储器分配数据可以在一个或多个主机计算设备上收集，所述存储器分配数据描述为进程分配的存储器量或在其执行期间由进程使用。 可以分析收集的存储器分配数据以识别在处理执行期间异常存储器分配的实例。 可以采用统计学或机器学习算法来基于对该过程的聚合内存分配数据的分析来识别异常存储器分配。

公开(公告)号：US20160019395A1

公开(公告)日：2016-01-21

申请号：US14872880

申请日：2015-10-01

Applicant: Amazon Technologies, Inc.

Inventor： Harsha Ramalingam ,  Jesper Mikael Johansson ,  James Connelly Petts ,  Dominique Imjya Brezinski

IPC: G06F21/62 ,  H04L29/06

CPC classification number: G06F21/62 ,  H04L63/1416 ,  H04L63/1441 ,  H04L63/1491 ,  H04L63/30

Abstract: Disclosed are various embodiments for obtaining policy data specifying decoy data eligible to be inserted within a response to an access of a data store. The decoy data is detected in the response among a plurality of non-decoy data based at least upon the policy data. An action associated with the decoy data is initiated in response to the access of the data store meeting a configurable threshold.

Abstract translation: 公开了用于获得策略数据的各种实施例，该策略数据指定在对数据存储的访问的响应中有资格插入的诱饵数据。 至少基于策略数据，在多个非诱饵数据之间的响应中检测诱饵数据。 响应于满足可配置阈值的数据存储的访问，启动与诱饵数据相关联的动作。

公开(公告)号：US09225730B1

公开(公告)日：2015-12-29

申请号：US14219819

申请日：2014-03-19

Applicant: AMAZON TECHNOLOGIES, INC.

Inventor： Dominique Imjya Brezinski

IPC: H04L29/06 ,  G06F21/00

CPC classification number: G06F21/00 ,  G06F21/552 ,  H04L63/1416

Abstract: Techniques are described for graph-based analysis of event data in a computing environment. Event data is collected from host devices, the event data describing events in which devices, processes, or services are accessed in the environment. The event data is arranged into a graph that includes vertices corresponding to devices, processes, or services, and edges that connect pairs of vertices. Each edge may identify an event by connecting two vertices corresponding to two devices, processes, or services included in the event. A rarity metric is determined for each edge, indicating a rarity of events of a particular type connecting two vertices. A risk metric may also be determined for each edge, indicating a security risk associated with the event type or the target of the event. The graph may be traversed according to the risk and rarity metrics, to identify patterns of anomalous activity in the event data.

Abstract translation: 描述了在计算环境中对事件数据进行图形分析的技术。 从主机设备收集事件数据，描述在环境中访问设备，进程或服务的事件的事件数据。 事件数据被排列成包括对应于设备，处理或服务的顶点以及连接顶点对的边的图形。 每个边缘可以通过连接对应于事件中包括的两个设备，过程或服务的两个顶点来识别事件。 确定每个边缘的稀有度量，指示连接两个顶点的特定类型的事件的稀有性。 也可以为每个边缘确定风险度量，指示与事件类型或事件的目标相关联的安全风险。 可以根据风险和稀有度度量遍历图表，以识别事件数据中异常活动的模式。

公开(公告)号：US09129118B1

公开(公告)日：2015-09-08

申请号：US13887143

申请日：2013-05-03

Applicant: Amazon Technologies, Inc.

Inventor： Jesper Mikael Johansson ,  Dominique Imjya Brezinski ,  Darren Ernest Canavor ,  Darin Keith McAdams ,  Jon Arron McClintock ,  Brandon William Porter

IPC: G06F21/62 ,  G06F21/60

CPC classification number: G06F21/6245 ,  G06F21/6227 ,  H04L67/42

Abstract: A technology is described for making a decision based on identifying without disclosing the identifying information. The method may include receiving a mapping value that represents identifying information that has been converted into a mapping value. A request for data associated with the identifying information may be made by providing the mapping value as a proxy for the identifying information whereby the data associated with the identifying information may be located using the mapping value and returned to a requesting client or service.

Abstract translation: 描述了一种基于识别而不公开识别信息进行决策的技术。 该方法可以包括接收表示已被转换成映射值的标识信息的映射值。 可以通过提供映射值作为识​​别信息的代理来进行与识别信息相关联的数据的请求，从而可以使用映射值将与识别信息相关联的数据定位并返回到请求的客户端或服务。