Signature creation for unknown attacks
US-9705914-B2 · Jul 11, 2017 · US
Techniques for data routing and management using risk classification and data sampling
US11711390B1 · US · B1
| Field | Value |
|---|---|
| Publication number | US-11711390-B1 |
| Application number | US-202217721150-A |
| Country | US |
| Kind code | B1 |
| Filing date | Apr 14, 2022 |
| Priority date | Dec 17, 2014 |
| Publication date | Jul 25, 2023 |
| Grant date | Jul 25, 2023 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Techniques described and suggested herein include various systems and methods for determining risk levels associated with transiting data, and routing portions of the data in accordance with the determined risk levels. For example, a risk analyzer may apply risk classifiers to transiting data to determine overall risk levels of some or all of the transiting data. A traffic router may route transiting data according to determined risk profiles for the data. A sandbox may be implemented to compare, for a given input, expected and observed outputs for a subset of transiting data, so as to determine risk profiles associated with at least the subset.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer-implemented method, comprising: generating a traffic sample from data transiting from a source to a destination on a network; generating a replicated traffic sample from the traffic sample; processing the replicated traffic sample by at least comparing an expected behavior of the replicated traffic sample with an observed behavior of the replicated traffic sample and based at least in part on a characteristic of the destination; sending the comparison of the expected behavior of the replicated traffic sample and the observed behavior of the replicated traffic sample to a risk analyzer; and initiating a mitigation measure for the data based at least in part on the observed behavior differing from the expected behavior. 2. The computer-implemented method of claim 1 , further comprising generating one or more of risk level components that are dependent on outcomes associated with other risk level components generated from a plurality of risk classifiers. 3. The computer-implemented method of claim 2 , further comprising removing a risk classifier from the plurality of risk classifiers based at least in part on the one or more risk level components. 4. The computer-implemented method of claim 1 , further comprising: determining a plurality of attributes of the traffic sample; and generating a plurality of risk level components based at least in part on the plurality of attributes and the traffic sample. 5. A system comprising: at least one computing device that implements one or more services, wherein the one or more services: generate a replicated traffic sample from a traffic sample; compare an expected behavior of the replicated traffic sample to an observed behavior of the replicated traffic sample; provide the comparison of the expected behavior of the replicated traffic sample and the observed behavior of the replicated traffic sample to a risk analyzer; and initiate a mitigation measure for data associated with the replicated traffic sample based at least in part on the observed behavior differing from the expected behavior. 6. The system of claim 5 , wherein the one or more services further remove a risk classifier from a plurality of risk classifiers based at least in part on one or more risk level components. 7. The system of claim 6 , wherein the one or more services further generate the one or more risk level components. 8. The system of claim 6 , wherein the one or more risk level components are dependent on outcomes associated with other risk level components. 9. The system of claim 8 , wherein the other risk level components are generated from the plurality of risk classifiers. 10. The system of claim 6 , wherein the one or more services further determine a plurality of attributes of the replicated traffic sample, including one or more of: network protocol, packet integrity, source reputation destination status and packet content; and generate a plurality of risk level components based at least in part on the plurality of attributes, the respective plurality of risk level components associated with outcomes corresponding to other risk level components generated from a plurality of risk classifiers. 11. A non-transitory computer-readable storage medium having stored thereon executable instructions that, upon execution by one or more processors of a computer system, cause the computer system to at least: determine, from data transiting from a source to a destination on a network associated with the computer system, a traffic sample; generate a replicated traffic sample from the traffic sample; process, based at least in part on a characteristic of the destination, the replicated traffic sample by at least comparing an expected behavior of the replicated traffic sample with an observed behavior of the replicated traffic sample; provide the comparison of the expected behavior of the replicated traffic sample and the observed behavior of the replicated traffic sample to a risk analyzer; and based at least in part on the observed behavior differing from the expected behavior, initiate a mitigation measure for the data. 12. The non-transitory computer-readable storage medium of claim 11 , wherein the instructions further cause the computer system to generate one or more of risk level components. 13. The non-transitory computer-readable storage medium of claim 12 , wherein the instructions further cause the computer system to remove a risk classifier from a plurality of risk classifiers based at least in part on the one or more risk level components. 14. The non-transitory computer-readable storage medium of claim 13 , wherein the one or more risk level components are dependent on outcomes associated with other risk level components. 15. The non-transitory computer-readable storage medium of claim 13 , wherein the other risk level components are generated from the plurality of risk classifiers. 16. The non-transitory computer-readable storage medium of claim 11 , wherein the instructions further cause the computer system to provide an input into the replicated traffic sample using the characteristic so as to generate the observed behavior. 17. The non-transitory computer-readable storage medium of claim 11 , wherein the instructions further cause the computer system to train one or more risk classifiers based at least in part on a comparison of the expected behavior and the observed behavior.
Assignees
Inventors
Classifications
- H04L63/1425Primary
Traffic logging, e.g. anomaly detection · CPC title
Machine learning · CPC title
Routing based on monitoring results · CPC title
Vulnerability analysis · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11711390B1 cover?
- Techniques described and suggested herein include various systems and methods for determining risk levels associated with transiting data, and routing portions of the data in accordance with the determined risk levels. For example, a risk analyzer may apply risk classifiers to transiting data to determine overall risk levels of some or all of the transiting data. A traffic router may route tran…
- Who is the assignee on this patent?
- Amazon Tech Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1425. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jul 25 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).