	US 12,445,472 B2
	Detecting suspicious data access by a rogue cloud resource
Evgeny Bogokovsky, Herzliya (IL); Ram Haim Pliskin, Rishon lezion (IL); and Andrey Karpovsky, Haifa (IL)
Assigned to MICROSOFT TECHNOLOGY LICENSING, LLC, Redmond, WA (US)
Filed by MICROSOFT TECHNOLOGY LICENSING, LLC, Redmond, WA (US)
Filed on Dec. 27, 2022, as Appl. No. 18/146,796.
Claims priority of provisional application 63/418,950, filed on Oct. 24, 2022.
Prior Publication US 2024/0137376 A1, Apr. 25, 2024
Int. Cl. H04L 9/40 (2022.01); G06F 21/55 (2013.01)

CPC H04L 63/1425 (2013.01) [G06F 21/554 (2013.01); H04L 63/102 (2013.01); H04L 63/1416 (2013.01)]

20 Claims

1. A method comprising:

receiving a key retrieval request;

determining that an anomaly score of the key retrieval request exceeds a suspicion threshold;

adding the key retrieval request to a pool of suspicious key retrieval requests;

returning a key in response to determining that the anomaly score of the key retrieval request exceeds the suspicion threshold, wherein the key enables access to a plurality of cloud resources;

receiving a request to create an executable cloud resource, wherein the request to create the executable cloud resource includes the key;

determining that the request to create the executable cloud resource correlates with one of the pool of suspicious key retrieval requests; and

suspending the request to create the executable cloud resource.