&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
          function printpage()
          {
          window.print()
          }
        </script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=12355782.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 12,355,782 B1</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>Assessing coordinated malicious behavior towards a service provider network</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Jared Sylvester,  Ellicott City, MD (US);  Michael Lowney,  Arlington, VA (US);  Catherine Watkins,  Minneapolis, MN (US);  Wayne Alan Fullen,  Falls Church, VA (US);  John Paul Schweitzer,  Virginia Beach, VA (US); and  Sameer Anil Murudkar,  Sammamish, WA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  Amazon Technologies, Inc.,  Seattle, WA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  Amazon Technologies, Inc.,  Seattle, WA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on Jun.  30, 2023, as Appl. No. 18/216,848.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>H04L 9/40</b></i> (2022.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>H04L 63/14</b></i> (2013.01)&#xa0;[<i><b>H04L 63/20</b></i> (2013.01)]</td>
            <td class="table_data" align="right"><b>20 Claims</b></td>
          </tr>
        </table>
        <center><img src="US12355782-20250708-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A method comprising:<div class="claim_text">obtaining, by a graphing service of a security service of a service provider network, event archive bus (EBA) records related to unsuccessful requests from remote Internet protocol (IP) addresses attempting to access storage buckets of a storage service of the service provider network during a first time window;</div>
                <div class="claim_text">grouping, by the graphing service, activity of the remote IP addresses by the first time window and remote IP address;</div>
                <div class="claim_text">creating, by the graphing service, a first graph with a node for each remote IP address;</div>
                <div class="claim_text">assigning, by the graphing service, a first node value to each node of the first graph, wherein each first node value is related to an approximate number of unsuccessful requests from a corresponding remote IP address during the first time window;</div>
                <div class="claim_text">connecting, by the graphing service, related pairs of nodes in the first graph with edges;</div>
                <div class="claim_text">assigning, by the graphing service, each edge connecting a pair of nodes a first edge weight;</div>
                <div class="claim_text">multiplying, by the graphing service, all second node values and second edge weights of a second graph by a decay rate, wherein the second graph is based on a second time window prior in time to the first time window;</div>
                <div class="claim_text">merging, by the graphing service, the first graph and the second graph into a third graph to provide third node values and third edge weights;</div>
                <div class="claim_text">removing, by the graphing service, first nodes from the third graph that have third node values below a first predetermined threshold;</div>
                <div class="claim_text">removing, by the graphing service, edges from the third graph that have third edge weight values below a second predetermined threshold;</div>
                <div class="claim_text">removing, by the graphing service, second nodes from the third graph that have no edges connecting the first nodes to other nodes in the third graph;</div>
                <div class="claim_text">determining, by the graphing service, a set of nodes in the third graph that have third node values that are equal to or above a third predetermined value; and</div>
                <div class="claim_text">based on the set of nodes, performing, by the graphing service, an action with respect to corresponding IP addresses of the set of nodes.</div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>