公开(公告)号：US12079574B1

公开(公告)日：2024-09-03

申请号：US17541833

申请日：2021-12-03

Applicant: Amazon Technologies, Inc.

Inventor： Brendan Cruz Colon ,  Jason L. Thalken ,  Aaron Boswell ,  Matthew Michael Sommer ,  Kellen K. Axten

IPC: G06V30/40 ,  G06F18/211 ,  G06F18/214 ,  G06F40/279 ,  G06N7/01

CPC classification number: G06F40/279 ,  G06F18/211 ,  G06F18/214 ,  G06N7/01

Abstract: Devices and techniques are generally described for evaluation of text data using large n-grams. In various examples, a first vector may be generated for first text data, wherein each element of the vector comprises a value indicating whether the first text data includes a respective n-gram included in a corpus of text data. First label data indicating that a user associated with the first text data has connected to a first computer-implemented service more than a threshold number of times during a past time period may be determined. A first machine learning model may be trained based at least in part on the first vector and the first label data. The first machine learning model may be used to determine a first probability associated with a first n-gram of the first vector. In some examples, at least a first user associated with the first n-gram may be determined.

公开(公告)号：US12124559B1

公开(公告)日：2024-10-22

申请号：US17357306

申请日：2021-06-24

Applicant: Amazon Technologies, Inc.

Inventor： Brendan Cruz Colon ,  Matthew Michael Sommer ,  Christopher Miller

IPC: G06F21/45 ,  G06F18/21 ,  G06F18/2413 ,  G06F21/31

CPC classification number: G06F21/45 ,  G06F18/2193 ,  G06F18/24147 ,  G06F21/31 ,  G06F2221/2141

Abstract: Devices and techniques are generally described for peer-based anomalous rights detection. In various examples, a rights vector may be determined for a first individual, the rights vector representing rights held by the first individual. A nearest neighbor algorithm may be used to determine a set of individuals having similar rights to the first individual. In various examples, a category label associated with the first individual may be determined. In some examples, a number of individuals of the set of individuals having the category label may be determined. In some examples, a determination may be made that the rights held by the first individual are anomalous based at least in part on the number. In some cases, alert data indicating that the rights held by the first individual are anomalous may be generated.

公开(公告)号：US12058157B1

公开(公告)日：2024-08-06

申请号：US17831854

申请日：2022-06-03

Applicant: Amazon Technologies, Inc.

Inventor： Brendan Cruz Colon ,  Lance Dennis Leishman ,  Matthew Michael Sommer ,  Alexander Noble Adkins ,  Samantha Felice ,  Christopher Miller ,  Dennis Naylor Brown ,  Diana Keller ,  Michael Alexander Cecil ,  Michael Chad McClure ,  Joel Booker ,  Adam Edward Powers ,  Dorion Carroll

IPC: H04L9/40

CPC classification number: H04L63/1425 ,  H04L63/102

Abstract: Devices and techniques are generally described for anomalous computer activity detection. In various examples, first computer activity data associated with a first account may be determined. A first linear detection event that corresponds to the first computer activity data may be determined. In some examples, a set of gradient-based data associated with the first linear detection event may be determined. The set of gradient-based data may represent comparative analysis of the first computer activity data with computer activity data of other accounts. In some examples, first data representing the first linear detection event and the set of gradient-based data may be generated. In various cases, network access for the first account may be disabled based on the first data.

公开(公告)号：US12149549B1

公开(公告)日：2024-11-19

申请号：US17527808

申请日：2021-11-16

Applicant: Amazon Technologies, Inc.

Inventor： Brendan Cruz Colon ,  Matthew Michael Sommer ,  Alexander Noble Adkins ,  Christopher Miller ,  Kimberly A. Young

IPC: H04L41/142 ,  H04L9/40

Abstract: Devices and techniques are generally described for unused identity and access management rights detection. In various examples, a first skill-usage vector associated with a first profile may be determined. A first nearest neighbor algorithm and the first skill-usage vector may be used to determine a second skill-usage vector grouped together with the first skill-usage vector in a feature space, where the second skill-usage vector is associated with a second profile. A first rights vector associated with the first profile may be determined. The first rights vector associated with the first profile may be compared to a second rights vector associated with the second profile. At least one unused right associated with the first profile may be determined based at least in part on the comparing of the first rights vector to the second rights vector.

公开(公告)号：US12047408B1

公开(公告)日：2024-07-23

申请号：US17745441

申请日：2022-05-16

Applicant: Amazon Technologies, Inc.

Inventor： Brendan Cruz Colon ,  Matt Michael Sommer ,  Joshua Scott Hansen ,  Dennis Naylor Brown

IPC: H04L9/40

CPC classification number: H04L63/1458 ,  H04L63/0236 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/20

Abstract: Devices and techniques are generally described for anomalous network activity detection. In various examples, first application log data comprising a plurality of computer log actions may be received. A hidden Markov model associated may generate a first hidden state vector, where a first value of the first hidden state vector is associated with anomalous activity. A first timing vector associated with a first account may be determined, wherein the timing vector indicates first time periods of typical activity and second periods of typical inactivity for the first account. A first number of elements of the first hidden state vector that have the first value and which correspond to the second time periods of the first timing vector may be determined. Network access may be disabled for the first account.

公开(公告)号：US11463475B1

公开(公告)日：2022-10-04

申请号：US17211299

申请日：2021-03-24

Applicant: Amazon Technologies, Inc.

Inventor： Brendan Cruz Colon ,  Manraj Tatla ,  Christopher Miller

IPC: H04M3/42 ,  G06N3/04 ,  G06N3/08 ,  H04M3/38 ,  H04L9/40 ,  H04M7/00

Abstract: Devices and techniques are generally described for fraud detection. In various examples, first data may be received from a remote computing device, the first data specifying at least one of a first internet protocol (IP) address or a first telephone number by a fraud detection service using an application programming interface (API) of the fraud detection service. In some examples, a first machine learning model of the fraud detection service may determine a first confidence score indicating a likelihood that at least one of the first telephone number or the first IP address is associated with fraudulent activity. In some examples, output data may be sent to the first remote computing device via the API, the output data indicating a determination as to whether at least one of the first IP address or the first telephone number is associated with fraudulent activity.