US 12,341,808 B1
Detecting automated attacks on computer systems using real-time clustering
Tyson J. Thomas, San Francisco, CA (US); and Zhige Xin, Sunnyvale, CA (US)
Assigned to Akamai Technologies, Inc., Cambridge, MA (US)
Filed by Akamai Technologies, Inc., Cambridge, MA (US)
Filed on Feb. 14, 2022, as Appl. No. 17/671,349.
Claims priority of provisional application 63/211,651, filed on Jun. 17, 2021.
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/1458 (2013.01) [H04L 63/0236 (2013.01); H04L 63/1416 (2013.01); H04L 63/1425 (2013.01); H04L 63/20 (2013.01)] 14 Claims
OG exemplary drawing
 
1. A method for detecting bots, comprising:
receiving telemetry comprising values from a diverse set of data fields, wherein a list of data field values comprise a network pattern (NP);
using data field values associated with a given combination pattern to classify device characteristics associated with the given combination pattern;
using data field values other than the data field values associated with the given combination pattern to build, in real-time, lists of data field values that represent network patterns;
detecting a bot in real-time by identifying, from the network patterns that are built in real-time, similar and repetitive lists of data field values that are not representative of random variation associated with human traffic.