Patents by Inventor Michael F. Diggins
Michael F. Diggins has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10541857Abstract: A technology is described for prioritizing DNS name resolutions requests received from DNS resolvers. An example method may include identifying a resolver as a public DNS resolver. Receiving a DNS name resolution request from the public DNS resolver. Assigning a priority to the DNS name resolution request received from the public DNS resolver that is lower priority as compared to a priority assigned to DNS name resolution requests received from known DNS resolvers, and providing the DNS name resolution request to the DNS name server according to the priority assigned to the DNS name resolution request.Type: GrantFiled: May 10, 2018Date of Patent: January 21, 2020Assignee: Amazon Technologies, Inc.Inventors: Bryan Mark Benson, David Dongyi Lu, Michael F. Diggins, Xingbo Wang, Colm MacCarthaigh
-
Patent number: 10296411Abstract: A technology is provided for call failure backoff in a computing service environment. An allowable call failure rate is defined for application programming interface (API) calls sent to one or more endpoints. Each endpoint may use a token bucket containing a plurality of tokens, wherein a single token is defined as being equal to one API call failure. A number of tokens in the token bucket are determined prior to executing an API call to the one or more endpoints. A health status of the one or more endpoints is identified according to the number of tokens in the token bucket. The API calls to the one or more endpoints having the determined number of tokens in the token bucket that are equal to zero or may be delayed for a predetermined backoff time period.Type: GrantFiled: March 31, 2016Date of Patent: May 21, 2019Assignee: Amazon Technologies, Inc.Inventors: Michael F. Diggins, Craig Wesley Howard
-
Patent number: 9979588Abstract: A technology is described for prioritizing DNS name resolutions requests received from DNS resolvers. An example method may include receiving a DNS name resolution request addressed to a DNS name server from a DNS resolver. The DNS resolver associated with the DNS name resolution request may be identified as a known DNS resolver or an unknown DNS resolver, where a known DNS resolver may have DNS resolver characteristics that correspond to a valid DNS resolver. The DNS name resolution request may be prioritized according to the identity of the DNS resolver as a known DNS resolver or an unknown DNS resolver. The DNS name resolution request may then be provided to the DNS name server according to the priority assigned to the DNS name resolution request.Type: GrantFiled: February 16, 2015Date of Patent: May 22, 2018Assignee: Amazon Technologies, Inc.Inventors: Bryan Mark Benson, David Dongyi Lu, Michael F. Diggins, Xingbo Wang, Colm MacCarthaigh
-
Patent number: 9749355Abstract: A technology is described for prioritizing network packets using suspicion weights assigned to packet attributes of the network packets. An example method may include analyzing a network packet for packet attributes that have values indicating that the network packet may be associated with a potential network attack. Suspicion weights for the packet attributes identified as having a value that indicates that the network packet is associated with the potential network attack may be obtained, and a suspicion score may be calculated for the network packet using the suspicion weights.Type: GrantFiled: March 25, 2015Date of Patent: August 29, 2017Assignee: Amazon Technologies, Inc.Inventors: Bryan Mark Benson, Michael F. Diggins, David Dongyi Lu, Xingbo Wang, Colm MacCarthaigh, Anshul Saxena
-
Patent number: 9749354Abstract: Technology is described for establishing and transferring transmission control protocol (TCP) connections. A connection may be established when an acknowledgement (ACK) packet is received from the client. A connection handoff packet may be generated that includes connection parameters that describe the connection with the client. The connection handoff packet may be sent to a destination host to enable the destination host to take over the connection with the client based on the connection parameters in the SYN cookie.Type: GrantFiled: February 16, 2015Date of Patent: August 29, 2017Assignee: Amazon Technologies, Inc.Inventors: Michael F. Diggins, Bryan Mark Benson, Anton Romanov
-
Patent number: 9654483Abstract: A technology is described for limiting the rate at which a number of requests to perform a network action are granted using rate limiters. An example method may include receiving a request for a token granting permission to perform a network action via a computer network. In response, rate limiters may be identified by generating hash values using hash functions and a network address representing a source network where the hash values identify memory locations for the rate limiters. The rate limiters may have a computer memory capacity to store tokens that are distributed in response to the request. Token balances for the rate limiters may be determined, and permission to perform the network action may be granted as a result of at least one of the token balances being greater than zero.Type: GrantFiled: December 23, 2014Date of Patent: May 16, 2017Assignee: Amazon Technologies, Inc.Inventors: Bryan Mark Benson, Michael F. Diggins, Anton Romanov, David Dongyi Lu, Xingbo Wang
-
Patent number: 9432387Abstract: This disclosure generally relates to the generation of a packet signature for packets determined to correspond to a network attack, such as a denial of service (“DoS”) attack. Specifically, a set of data packets captured during normal system operations can be analyzed to determine a set of baseline attributes. Additional packets captured during an attack can be compared to the baseline attributes, to determine, for individual packets, a probability that the packet forms a part of the attack. A packet signature can then be generated to identify attributes that are characteristic of the attack. That signature can then be used to filter out packets and mitigate the attack.Type: GrantFiled: March 27, 2015Date of Patent: August 30, 2016Assignee: Amazon Technologies, Inc.Inventors: Amit J. Mhatre, Andrew John Kiggins, Michael F. Diggins
-
Publication number: 20150215331Abstract: This disclosure generally relates to the generation of a packet signature for packets determined to correspond to a network attack, such as a denial of service (“DoS”) attack. Specifically, a set of data packets captured during normal system operations can be analyzed to determine a set of baseline attributes. Additional packets captured during an attack can be compared to the baseline attributes, to determine, for individual packets, a probability that the packet forms a part of the attack. A packet signature can then be generated to identify attributes that are characteristic of the attack. That signature can then be used to filter out packets and mitigate the attack.Type: ApplicationFiled: March 27, 2015Publication date: July 30, 2015Inventors: Amit J. Mhatre, Andrew John Kiggins, Michael F. Diggins
-
Patent number: 8997227Abstract: A pattern recognition security system (“PRSS”) generates a packet signature from network traffic, including attack packets. The PRSS can utilize a statistical pattern recognition based approach to generate attack traffic signatures, such as for DDoS or DoS attacks. In some embodiments, the PRSS dynamically creates training sets from actual captured data, allowing the PRSS to adapt to changes in network attacks. For example, more sophisticated DDoS attacks commonly rotate through different attacking computers to vary the packet attributes of attack packets sent to a target system. However, as the PRSS can determine packet signatures based on the actual captured data packets, the PRSS can adapt to the changes in the attack. In some embodiments, the PRSS may determine packet signatures in real-time or near real time during an attack, allowing the PRSS to quickly react to changes in attack traffic.Type: GrantFiled: February 27, 2012Date of Patent: March 31, 2015Assignee: Amazon Technologies, Inc.Inventors: Amit J. Mhatre, Andrew John Kiggins, Michael F. Diggins