	US 12,267,348 B2
	Network traffic correlation engine
Jonathan Sheedy, Poynton (GB); and Steven E. Sinks, Scottsdale, AZ (US)
Assigned to Bank of America Corporation, Charlotte, NC (US)
Filed by Bank of America Corporation, Charlotte, NC (US)
Filed on Dec. 18, 2023, as Appl. No. 18/542,967.
Application 18/542,967 is a continuation of application No. 18/156,094, filed on Jan. 18, 2023, granted, now 11,888,882.
Application 18/156,094 is a continuation of application No. 17/003,033, filed on Aug. 26, 2020, granted, now 11,601,457, issued on Mar. 7, 2023.
Prior Publication US 2024/0121257 A1, Apr. 11, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 12/00 (2006.01); H04L 9/40 (2022.01); H04L 41/0686 (2022.01); G06F 21/55 (2013.01); H04L 41/0631 (2022.01); H04L 43/062 (2022.01)

CPC H04L 63/1425 (2013.01) [H04L 41/0686 (2013.01); G06F 21/552 (2013.01); H04L 41/0631 (2013.01); H04L 43/062 (2013.01); H04L 63/1408 (2013.01)]

20 Claims

1. A system comprising:

a first host device communicating on an enterprise network; and

a second host device, comprising:

a processor; and

non-transitory memory storing instructions that, when executed by the processor, cause the second host device to:

aggregate network communications information from the enterprise network, wherein the network communications information comprises inbound and outbound connection information of a plurality of hosts on the enterprise network;

identify whether a correlation exists between a first communication sent from the first host device to the second host device and a second communication received by the second host device;

identify, based on an identified correlation between the first communication and the second communication, whether an anomalous communication condition exists; and

trigger, based on the correlation between the first communication and the second communication, an alert identifying that the anomalous communication condition is present between the first host device and the second host device.