	US 12,284,202 B2
	Artificial intelligence vendor similarity collation
Ghada I. Khashab, Allen, TX (US); Lori Mammoser, Charlotte, NC (US); Anthony R. Bandos, Clarkston, MI (US); Peggy J. Qualls, Oswego, IL (US); Sidy Diop, Charlotte, NC (US); and Ajay Jose Paul, Davidson, NC (US)
Assigned to Bank of America Corporation, Charlotte, NC (US)
Filed by Bank of America Corporation, Charlotte, NC (US)
Filed on Dec. 7, 2022, as Appl. No. 18/077,222.
Application 18/077,222 is a division of application No. 17/149,846, filed on Jan. 15, 2021, granted, now 11,683,335.
Prior Publication US 2023/0104645 A1, Apr. 6, 2023
Int. Cl. H04L 29/00 (2006.01); G06N 20/00 (2019.01); H04L 9/40 (2022.01)

CPC H04L 63/1433 (2013.01) [G06N 20/00 (2019.01); H04L 63/20 (2013.01)]

5 Claims

1. An artificial intelligence (“AI”) system that detects duplicitous cyberthreats, the system comprising a processor and a non-transitory memory storing computer executable instructions, that when executed by the processor on a computer system, are configured to:

examine first cyberthreats detected by a first vendor tool;

based on a host name in a first output of the first vendor tool, associate the first cyberthreats with a first target device;

determine whether the first cyberthreats comprise a known cyberthreat associated with the first target device;

in response to determining that the first cyberthreats comprise the known cyberthreat, determine whether second cyberthreats detected by a second vendor tool comprise the known cyberthreat;

in response to determining that the second cyberthreats comprise the known cyberthreat, flag the first vendor tool and the second vendor tools as detecting duplicate cyberthreats; and

deploy countermeasures to neutralize the duplicate cyberthreats before deploying countermeasures to neutralize non-duplicate cyberthreats;

wherein the computer executable instructions, when executed by the processor on the computer system, are further configured to:

determine that the first cyberthreats and the second cyberthreats include a threshold number of the duplicate cyberthreats; and

in response to detecting the threshold number of the duplicate cyberthreats, activate a decommissioning tool that:

corroborates the first cyberthreats and the second cyberthreats detected by the first and second vendor tools;

determines whether the first and second vendor tools are operating on a second target device; and

determines whether the first and second vendor tools are detecting the threshold number of the duplicate cyberthreats when operating on the second target device; and

when the first and second vendor tools detect the threshold number of the duplicate cyberthreats when operating on the second target device, decommissions the first or the second vendor tool.