公开(公告)号：US20240427916A1

公开(公告)日：2024-12-26

申请号：US18211806

申请日：2023-06-20

Applicant: Bank of America Corporation

Inventor： Marcus Matos ,  Vijaya L. Vemireddy ,  Daniel Joseph Serna ,  Lee Ann Proud

IPC: G06F21/62 ,  G06N20/00

Abstract: Arrangements for dynamic variable determination and labeling are provided. In some aspects, a computing platform may receive historical user data from a plurality of data sources. The computing platform may train, using the historical user data, a machine learning model to generate a plurality of dynamic variable profiles and evaluate data to detect potential unauthorized activity. One or more dynamic variable profiles of the generated plurality of dynamic variable profiles may be associated with a user. User specific data may be received and may include user identifying data and a request for a user event. The user specific data may be input to the machine learning model and, upon execution of the model, the model may output a determination of whether an anomaly exists in the user specific data. If an anomaly is detected, a mitigating action may be identified and transmitted to one or more computing devices for execution.

公开(公告)号：US20240086569A1

公开(公告)日：2024-03-14

申请号：US17944746

申请日：2022-09-14

Applicant: BANK OF AMERICA CORPORATION

Inventor： Marci Anne Landy ,  Daniel Joseph Serna ,  Tina Berumen Pachorek ,  Jessica Hope Thompson ,  Joseph Henry Pindell, JR. ,  Mrunal Mody

IPC: G06F21/62 ,  G06F21/60

CPC classification number: G06F21/6245 ,  G06F21/604 ,  G06F2221/2101 ,  G06F2221/2115

Abstract: Systems, computer program products, and methods are described herein for identifying unauthorized use of a user's authentication credentials to an electronic network based on non-public data access. The present invention is configured to receive a verified access attempt at a first time for a user account; receive an unverified access attempt at a second time for the user account; determine the unverified access attempt is a credential sharing event for the user account; determine the user account is an internal account; determine an unverified user associated with the unverified access attempt is an external user; receive unverified account access logs associated with the unverified access attempt, the unverified account access logs comprising access to non-public data; and generate an unverified data access interface component to configure a graphical user interface of a device associated with a manager of the system.

公开(公告)号：US20220337601A1

公开(公告)日：2022-10-20

申请号：US17231644

申请日：2021-04-15

Applicant: Bank of America Corporation

Inventor： Daniel Joseph Serna ,  Marcus Raphael Matos ,  Patrick N. Lawrence ,  Christopher Lee Danielson

IPC: H04L29/06 ,  G06N20/00

Abstract: A device that is configured to receive user activity information that includes information about user interactions with a network device for a plurality of users. The device is further configured to receive a set of bad actor candidates that identifies one or more users from among the plurality of users. The device is further configured to filter the user activity information based on the set of bad actor candidates. The device is further configured to input the filtered user activity information into a machine learning model. The machine learning model is configured to receive the filtered user activity information and to output system exposure information that identifies network security threats. The device is further configured to identify network security actions based on the network security threats and to execute the network security actions.

公开(公告)号：US20220253539A1

公开(公告)日：2022-08-11

申请号：US17170963

申请日：2021-02-09

Applicant: Bank of America Corporation

Inventor： Christopher Lee Danielson ,  Marcus Raphael Matos ,  Daniel Joseph Serna ,  Patrick Nicholas Lawrence

IPC: G06F21/60 ,  G06F21/62 ,  G06F21/31

Abstract: A system for classifying a data item to communicate to authorized users extracts features from the data item, where the features comprise a responsibility feature and a sensitivity feature. The responsibility feature indicates a job responsibility associated with the data item. The sensitivity feature indicates a sensitivity level of the data item. The system determines, based on the responsibility feature, that the data item belongs to a particular responsibility class. The system determines, based on the sensitivity feature, that the data item belongs to a particular sensitivity class. The system determines whether a user to whom the data item is directed belongs to the particular responsibility class and sensitivity class to which the data item belongs. The system sends the data item to the user, if is it determined that the user belongs to the particular responsibility class and sensitivity class to which the data item belongs.

公开(公告)号：US12093396B2

公开(公告)日：2024-09-17

申请号：US16931099

申请日：2020-07-16

Applicant: Bank of America Corporation

Inventor： Daniel Joseph Serna ,  Christopher Lee Danielson

IPC: G06F21/57

CPC classification number: G06F21/577 ,  G06F2221/034

Abstract: A system is configured for associating a CVE with a particular device profile is disclosed. The system receives a request from a user to associate a CVE with a particular device profile. For each device profile from a plurality of device profiles stored in a memory, the system determines feature importance values for features of each device profile. The features of each device profile include at least an operating system and a CPU architecture. The feature importance value of a corresponding feature of a device profile associated with a CVE indicates a probability of the CVE to affect the device profile with respect to that feature. The system identifies a device profile that has features with a total feature importance value above a feature importance threshold value. The system identifies a particular CVE associated with the identified device profile. The system associates the particular CVE with the particular device profile.

公开(公告)号：US20240114001A1

公开(公告)日：2024-04-04

申请号：US17937609

申请日：2022-10-03

Applicant: Bank of America Corporation

Inventor： Yi Jason Zhang ,  Daniel Joseph Serna

IPC: H04L9/40

CPC classification number: H04L63/0236 ,  H04L63/205

Abstract: A method is provided that comprises monitoring for a change in a first security configuration setting in a relay server and comparing the change in the first security configuration setting to historical data that contains validated authentication configuration settings that previously allowed for the delivery of a historical electronic mail message to an external network. The method further comprises identifying a candidate change to the first security configuration setting based on the comparison, where the candidate change to the first security configuration setting when implemented results in the delivery of a first electronic mail message to the external network. The method further comprises implementing the candidate change to the first security configuration setting such that the relay server allows the delivery of the first electronic message to the external network.

公开(公告)号：US11930025B2

公开(公告)日：2024-03-12

申请号：US17231456

申请日：2021-04-15

Applicant: Bank of America Corporation

Inventor： Daniel Joseph Serna ,  Marcus Raphael Matos ,  Patrick N. Lawrence ,  Christopher Lee Danielson

IPC: G06N3/08 ,  G06N3/045 ,  G06N20/00 ,  H04L9/40

CPC classification number: H04L63/1425 ,  G06N20/00 ,  H04L63/0236

Abstract: A device that is configured to receive user activity information that includes information about user interactions with a network device for a plurality of users. The device is further configured to input the user activity information into a first machine learning model that is configured to receive user activity information and to output a set of bad actor candidates based on the user activity information. The device is further configured to filter the user activity information based on the set of bad actor candidates. The device is further configured to input the filtered user activity information into a second machine learning model that is configured to receive the filtered user activity information and to output system exposure information that identifies network security threats. The device is further configured to identify network security actions based on the network security threats and to execute the network security actions.

公开(公告)号：US20220019673A1

公开(公告)日：2022-01-20

申请号：US16931099

申请日：2020-07-16

Applicant: Bank of America Corporation

Inventor： Daniel Joseph Serna ,  Christopher Lee Danielson

IPC: G06F21/57

Abstract: A system is configured for associating a CVE with a particular device profile is disclosed. The system receives a request from a user to associate a CVE with a particular device profile. For each device profile from a plurality of device profiles stored in a memory, the system determines feature importance values for features of each device profile. The features of each device profile include at least an operating system and a CPU architecture. The feature importance value of a corresponding feature of a device profile associated with a CVE indicates a probability of the CVE to affect the device profile with respect to that feature. The system identifies a device profile that has features with a total feature importance value above a feature importance threshold value. The system identifies a particular CVE associated with the identified device profile. The system associates the particular CVE with the particular device profile.

公开(公告)号：US12164672B2

公开(公告)日：2024-12-10

申请号：US18072856

申请日：2022-12-01

Applicant: BANK OF AMERICA CORPORATION

Inventor： Jennifer Tiffany Renckert ,  Daniel Joseph Serna ,  Frank J. Yanan ,  Jeffrey Kyle Johnson ,  Benjamin Tweel ,  Jake Michael Yara ,  Robert Cain Durbin, Jr. ,  Sheng Tang Hsiang ,  Jack Lawson Bishop, III ,  James J. Siekman

IPC: G06F21/00 ,  G06F21/62

Abstract: Systems, computer program products, and methods are described herein for analyzing micro-anomalies in anonymized electronic data. The present disclosure is configured to import or retrieve a first data set, process the first data set to develop at least one event-outcome projection, define an outcome projection data set, import or receive a monitored user data set, anonymize the monitored user data set, define an avatar data set process the avatar data set, wherein the steps of import or receive a monitored user data set, anonymize the monitored user data set, and define an avatar data set are repeated one or more times.

公开(公告)号：US20240220229A1

公开(公告)日：2024-07-04

申请号：US18092520

申请日：2023-01-03

Applicant: BANK OF AMERICA CORPORATION

Inventor： Marcus Raphael Matos ,  Jack Lawson Bishop, III ,  Robert Cain Durbin, Jr. ,  Daniel Joseph Serna ,  Benjamin Tweel ,  Jake Michael Yara

IPC: G06F8/65 ,  H04L41/0686

CPC classification number: G06F8/65 ,  H04L41/0686

Abstract: Systems, computer program products, and methods are described herein for code revision impact analysis. The present disclosure is configured to generate a system map based on data received from a plurality of network devices; receive a data transmission including a text file; process the text file via a natural language processing engine, where an output of the natural language processing engine comprises a plurality of expected updates; determine, based on the system map, at least one downstream effect of the plurality of expected updates; and perform a remedial action.