	US 11,757,931 B2
	Detection of brute force attacks
Cole Sodja, Seattle, WA (US); and Justin Anthony Natelli Carroll, Redmond, WA (US)
Assigned to Microsoft Technology Licensing, LLC, Redmond, WA (US)
Filed by Microsoft Technology Licensing, LLC, Redmond, WA (US)
Filed on May 24, 2022, as Appl. No. 17/752,075.
Application 17/752,075 is a continuation of application No. 16/833,041, filed on Mar. 27, 2020, granted, now 11,363,059.
Claims priority of provisional application 62/947,828, filed on Dec. 13, 2019.
Prior Publication US 2022/0329620 A1, Oct. 13, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01)

CPC H04L 63/1458 (2013.01) [H04L 63/0263 (2013.01); H04L 63/1416 (2013.01); H04L 63/1425 (2013.01); H04L 63/1433 (2013.01); H04L 63/20 (2013.01)]

20 Claims

1. A method performed by hardware processing circuitry, comprising:

obtaining a first time series of operational parameter values of a device attached to a network;

determining that the operational parameter values of the first time series are within a first parameter value range;

based on determining that the operational parameter values of the first time series are within the first parameter value range, selecting, from a plurality of distributions, a first distribution;

determining a first probability at which the operational parameter values of the first time series occur in the selected distribution;

based on the first time series, adjusting a boundary between the first parameter value range and a second parameter value range resulting in an updated first parameter value range and an updated second parameter value range; and

determining, based on the updated first parameter value range or the updated second parameter value range, a likelihood of a brute force attack.