&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
          function printpage()
          {
          window.print()
          }
        </script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=12425416.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 12,425,416 B2</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>Threat detection and mitigation in a virtualized computing environment</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Khaja Ehteshamuddin Ahmed,  Bellevue, WA (US);  Anthony Joseph Suarez,  Seattle, WA (US); and  Dmitry Petrovich Andreychuk,  Seattle, WA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  Amazon Technologies, Inc.,  Seattle, WA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  Amazon Technologies, Inc.,  Seattle, WA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on Jun.  7, 2019, as Appl. No. 16/435,396.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 16/435,396 is a continuation of application No. 14/701,455, filed on Apr.  30, 2015, granted, now 10,320,813.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Prior Publication US 2019/0297096 A1, Sep.  26, 2019</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>H04L 9/40</b></i> (2022.01); <i><b>G06N 20/00</b></i> (2019.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>H04L 63/1416</b></i> (2013.01)&#xa0;[<i><b>G06N 20/00</b></i> (2019.01); <i><b>H04L 63/1425</b></i> (2013.01); <i><b>H04L 63/1441</b></i> (2013.01)]</td>
            <td class="table_data" align="right"><b>17 Claims</b></td>
          </tr>
        </table>
        <center><img src="US12425416-20250923-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A system, comprising:<div class="claim_text">a plurality of compute nodes of a network comprising two or more compute nodes that host respective virtual computing resource instances, each compute node comprising at least one processor and a memory; and</div>
                <div class="claim_text">a security threat detection and mitigation platform, for classifying behavior of the virtual computing resource instances within the network, implemented on the network and configured to:</div>
                <div class="claim_text">train a machine model to distinguish malicious behavior in network traffic based on patterns, in known-malicious network traffic, of one or more features of interest including packet size, packet frequency, or ratio of inbound packets to outbound packets;</div>
                <div class="claim_text">receive one or more indications of patterns of network traffic received by, or sent from, one of the virtual computing resource instances within the network;</div>
                <div class="claim_text">classify, based on application of the trained machine model to the one or more indicated patterns of network traffic for the virtual computing resource instance within the network, behavior of the virtual computing resource instance with respect to a security threat of a particular type; and</div>
                <div class="claim_text">take action, in response to classification of the behavior of the virtual computing resource instance within the network as malicious with respect to the security threat, to mitigate the security threat.</div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>