Systems and methods of classifying sessions

US 9,699,042 B2
Filed: 12/16/2015
Issued: 07/04/2017
Est. Priority Date: 06/05/2008
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-implemented method, comprising:

monitoring, by a network monitor on a computer, a network of devices to identify a plurality of communication sessions associated with a client identifier, each of the plurality of communication sessions being associated with sessions data;

analyzing the identified plurality of communication sessions using an unclassified sessions model to determine unclassified sessions, wherein the unclassified sessions model indicates session characteristics for the unclassified sessions, and wherein the unclassified sessions are sessions that are not classified as corresponding to either human activity or automated activity;

determining a quantity of other unclassified sessions associated with the client identifier and a quantity of total sessions associated with the client identifier;

determining a ratio of the quantity of other unclassified sessions to the quantity of total sessions; and

classifying the unclassified sessions based at least in part on a comparison of the ratio to a threshold, wherein the classifying for the unclassified sessions causes the network monitor to (a) identify illegitimate users or illegitimate sessions in accordance with the client identifier of the unclassified sessions and (b) perform an action on sessions data or resources of the unclassified sessions pertaining to the identified illegitimate users.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods of classifying sessions are disclosed. A particular method monitors user activity at one or more servers accessible via a network and capturing event entries in an activity log for user activity that is detected. The event entries include descriptive information regarding a user action, a client identifier and a session identifier. The method also includes attempting to classify sessions associated with a plurality of event entries of the activity log as legitimate use or illegitimate use of resources of the one or more servers. The method further includes identifying unclassified sessions. The method also includes determining a count of a number of unclassified sessions associated with a particular client identifier and determining a total number of sessions associated with the particular client identifier. The method further includes classifying the unclassified sessions as legitimate use or illegitimate use of the resources of the one or more servers.

Citations

20 Claims

1. A computer-implemented method, comprising:
- monitoring, by a network monitor on a computer, a network of devices to identify a plurality of communication sessions associated with a client identifier, each of the plurality of communication sessions being associated with sessions data;
  
  analyzing the identified plurality of communication sessions using an unclassified sessions model to determine unclassified sessions, wherein the unclassified sessions model indicates session characteristics for the unclassified sessions, and wherein the unclassified sessions are sessions that are not classified as corresponding to either human activity or automated activity;
  
  determining a quantity of other unclassified sessions associated with the client identifier and a quantity of total sessions associated with the client identifier;
  
  determining a ratio of the quantity of other unclassified sessions to the quantity of total sessions; and
  
  classifying the unclassified sessions based at least in part on a comparison of the ratio to a threshold, wherein the classifying for the unclassified sessions causes the network monitor to (a) identify illegitimate users or illegitimate sessions in accordance with the client identifier of the unclassified sessions and (b) perform an action on sessions data or resources of the unclassified sessions pertaining to the identified illegitimate users.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computer-implemented method of claim 1, further comprising:
    - determining that the ratio at least meets the threshold; and
      
      classifying the unclassified sessions as being associated with human activity.
  - 3. The computer-implemented method of claim 1, further comprising:
    - determining that the ratio does not meet the threshold; and
      
      classifying the unclassified sessions as being associated with automated activity.
  - 4. The computer-implemented method of claim 1, further comprising:
    - performing a probabilistic analysis of on historical action data associated with the plurality of communication sessions; and
      
      determining the session characteristics included in the unclassified sessions model.
  - 5. The computer-implemented method of claim 1, further comprising:
    - obtaining classification statistics associated with the plurality of communication sessions; and
      
      modifying the session characteristics based at least in part on the classification statistics.
  - 6. The computer-implemented method of claim 1, wherein the session characteristics indicates that sessions associated with a purchase transaction correspond to human activity, and wherein classifying the unclassified sessions further comprises:
    - determining that at least a portion of the plurality of communication sessions is associated with a purchase transaction.
  - 7. The computer-implemented method of claim 1, wherein the session characteristics indicates that sessions associated with activity occurring at a rate above a specified threshold correspond to automated activity, and wherein classifying the unclassified sessions further comprises:
    - determining that at least a portion of the plurality of communication sessions is associated with respective activity that occurs at a respective rate above a specified threshold.
  - 8. The computer-implemented method of claim 1, wherein the human activity is associated with legitimate activity, and wherein the automated activity is associated with illegitimate activity.
  - 9. The computer-implemented method of claim 1, further comprising a search engine configured to provide search results, wherein an event associated with the sessions data includes a search performed via the search engine.

10. A computing system, comprising:
- a device processor;
  
  a memory device including instructions that, when executed by the device processor, cause the computing system to;
  
  monitor, by a network monitor on a computer, a network of devices to identify a plurality of communication sessions associated with a client identifier, each of the plurality of communication sessions being associated with sessions data;
  
  analyze the identified plurality of communication sessions using an unclassified sessions model to determine unclassified sessions, wherein the unclassified sessions model indicates session characteristics for the unclassified sessions, and wherein the unclassified sessions are sessions that are not classified as corresponding to either human activity or automated activity;
  
  determine a quantity of other unclassified sessions associated with the client identifier and a quantity of total sessions associated with the client identifier;
  
  determine a ratio of the quantity of other unclassified sessions to the quantity of total sessions; and
  
  classify the unclassified sessions based at least in part on a comparison of the ratio to a threshold, wherein the classifying for the unclassified sessions causes the network monitor to (a) identify illegitimate users or illegitimate sessions in accordance with the client identifier of the unclassified sessions and (b) perform an action on sessions data or resources of the unclassified sessions pertaining to the identified illegitimate users.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The computing system of claim 10, wherein the instructions, when executed further enable the computing system to:
    - perform a probabilistic analysis of on historical action data associated with the plurality of communication sessions; and
      
      determine the session characteristics included in the unclassified sessions model.
  - 12. The computing system of claim 10, wherein the instructions, when executed further enable the computing system to:
    - obtain classification statistics associated with the plurality of communication sessions; and
      
      modify the session characteristics based at least in part on the classification statistics.
  - 13. The computing system of claim 10, further comprising:
    - an activity log configured to store information relating to an event associated with the sessions data.
  - 14. The computing system of claim 10, further comprising:
    - a search engine configured to provide search results, wherein an event associated with the sessions data includes a search performed via the search engine.
  - 15. The computing system of claim 10, wherein the client identifier includes at least one of a user identifier or a network address, and wherein the unclassified sessions model is associated with a cookie file, and wherein the plurality of communication sessions includes information for at least one of a client identifier for individual sessions in the plurality of communication sessions, a session identifier for individual sessions in the plurality of communication sessions, or a session type for individual sessions in the plurality of communication sessions.

16. A non-transitory computer readable storage medium storing one or more sequences of instructions executable by one or more processors to perform a set of operations comprising:
- monitoring, by a network monitor on a computer, a network of devices to identify a plurality of communication sessions associated with a client identifier, each of the plurality of communication sessions being associated with sessions data;
  
  analyzing the identified plurality of communication sessions using an unclassified sessions model to determine unclassified sessions, wherein the unclassified sessions model indicates session characteristics for the unclassified sessions, and wherein the unclassified sessions are sessions that are not classified as corresponding to either human activity or automated activity;
  
  determining a quantity of other unclassified sessions associated with the client identifier and a quantity of total sessions associated with the client identifier;
  
  determining a ratio of the quantity of other unclassified sessions to the quantity of total sessions; and
  
  classifying the unclassified sessions based at least in part on a comparison of the ratio to a threshold, wherein the classifying for the unclassified sessions causes the network monitor to (a) identify illegitimate users or illegitimate sessions in accordance with the client identifier of the unclassified sessions and (b) perform an action on sessions data or resources of the unclassified sessions pertaining to the identified illegitimate users.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The non-transitory computer readable storage medium of claim 16, further comprising instructions executed by the one or more processors to perform the set of operations of:
    - performing a probabilistic analysis of on historical action data associated with the plurality of communication sessions; and
      
      determining the session characteristics included in the unclassified sessions model.
  - 18. The non-transitory computer readable storage medium of claim 16, further comprising instructions executed by the one or more processors to perform the set of operations of at least one of:
    - determining that the ratio at least meets the threshold; and
      
      classifying the unclassified sessions as being associated with human activity;
      
      ordetermining that the ratio does not meet the threshold; and
      
      classifying the unclassified sessions as being associated with automated activity.
  - 19. The non-transitory computer readable storage medium of claim 16, further comprising instructions executed by the one or more processors to perform the set of operations of:
    - obtaining classification statistics associated with the plurality of communication sessions; and
      
      modifying the session characteristics based at least in part on the classification statistics.
  - 20. The non-transitory computer readable storage medium of claim 16, wherein the session characteristics indicates that sessions associated with a purchase transaction correspond to human activity, further comprising instructions executed by the one or more processors to perform the set of operations of:
    - determining whether at least a portion of the plurality of communication sessions is associated with a purchase transaction.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
A9.com Incorporated (Amazon.com, Inc.)
Original Assignee
A9.com Incorporated (Amazon.com, Inc.)
Inventors
Krynski, Tevye Rachelson
Primary Examiner(s)
JHAVERI, JAYESH M

Application Number

US14/971,609
Publication Number

US 20160099848A1
Time in Patent Office

566 Days
Field of Search

726 4, 726 5, 726 17, 726 22, 726 23, 726 27- 30
US Class Current
CPC Class Codes

G06F 11/20   using active fault-masking,...

G06Q 30/06   Buying, selling or leasing ...

H04L 12/6418   Hybrid transport

H04L 43/04   Processing captured monitor...

H04L 45/32   Flooding denial of service ...

H04L 63/00   Network architectures or ne...

H04L 63/14   for detecting or protecting...

H04L 63/1458   Denial of Service

H04L 63/1466   Active attacks involving in...

H04L 67/1001   for accessing one among a p...

Systems and methods of classifying sessions

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods of classifying sessions

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links