Abstract: A service provider may deploy a security threat detection and mitigation platform in a multi-tenant virtualization environment that includes pluggable data collection, data analysis, and response components. The data analysis components may apply machine learning techniques to generate (based on training data sets) and refine (based on subsequently received data sets and feedback about the resulting classifications) predictors configured to detect particular types of security threats, such as denial of service attacks, botnets, scans, or remote desktop attacks. A data collection layer may collect, filter, organize, and curate network packet traffic data, network packet header data, or other information emitted by computing instances or applications executing on them, and provide the curated data as streams to the analysis layer.

Abstract: Technology for migration of a computing instance is provided. In one example, a method may include receiving instructions to initiate migration of the computing instance from a first host to a second host. A first message for sending to the first host may be generated which includes instructions to send data representing the computing instance to the second host. The first message may further include encryption information for use in deriving at least one key for encrypting communications to the second host from the first host. A second message for sending to the second host may be generated which includes instructions to receive the data representing the computing instance from the first host. The second message may further include information for use in deriving at least one key for decrypting communications from the first host. The first and second messages may be sent to the respective first and second hosts.

Abstract: A service provider may deploy a security threat detection and mitigation platform in a multi-tenant virtualization environment that includes pluggable data collection, data analysis, and response components. The data analysis components may apply machine learning techniques to generate (based on training data sets) and refine (based on subsequently received data sets and feedback about the resulting classifications) predictors configured to detect particular types of security threats, such as denial of service attacks, botnets, scans, or remote desktop attacks. A data collection layer may collect, filter, organize, and curate network packet traffic data, network packet header data, or other information emitted by computing instances or applications executing on them, and provide the curated data as streams to the analysis layer.

Abstract: Technology for migration of a computing instance is provided. In one example, a method may include receiving instructions to initiate migration of the computing instance from a first host to a second host. A first message for sending to the first host may be generated which includes instructions to send data representing the computing instance to the second host. The first message may further include encryption information for use in deriving at least one key for encrypting communications to the second host from the first host. A second message for sending to the second host may be generated which includes instructions to receive the data representing the computing instance from the first host. The second message may further include information for use in deriving at least one key for decrypting communications from the first host. The first and second messages may be sent to the respective first and second hosts.

Abstract: Techniques comprise identifying and/or classifying malicious activity in a web services platform using machine learning techniques. Systems, methods, and computer readable mediums may cause one or more computing nodes to monitor first network traffic, generate network information based on the monitored first network traffic, train a machine learning algorithm based on at least a first portion of the generated network information, test the machine learning algorithm based on at least a second portion of the generated network information, generate a predictor using the trained and tested machine learning algorithm, and identify second network traffic as one or more of malicious activity and benign activity using the predictor.