&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
          function printpage()
          {
          window.print()
          }
        </script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=12395512.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 12,395,512 B2</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>Detecting data exfiltration and compromised user accounts in a computing network</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Kenneth A. Kaye,  Highlands Ranch, CO (US);  Nikhil Sanil,  Tega Cay, SC (US);  Dipika Joshi,  Waxhaw, NC (US);  Colin Murphy,  Charlotte, NC (US); and  Satyanarayana R. Mandapati,  Charlotte, NC (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  Bank of America Corporation,  Charlotte, NC (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  Bank of America Corporation,  Charlotte, NC (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on Mar.  22, 2024, as Appl. No. 18/613,728.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 18/613,728 is a continuation of application No. 17/317,257, filed on May   11, 2021, granted, now 11,973,779.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Prior Publication US 2024/0236133 A1, Jul.  11, 2024</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>This patent is subject to a terminal disclaimer.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>H04L 9/40</b></i> (2022.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>H04L 63/1425</b></i> (2013.01)&#xa0;[<i><b>H04L 63/1441</b></i> (2013.01)]</td>
            <td class="table_data" align="right"><b>20 Claims</b></td>
          </tr>
        </table>
        <center><img src="US12395512-20250819-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A system comprising:<div class="claim_text">a user device in communicate via a communication network; and</div>
                <div class="claim_text">a network monitoring platform communicatively coupled to the user device and the communication network, the network monitoring platform comprising:<div class="claim_text">at least one processor;</div>
                  <div class="claim_text">a communication interface communicatively coupled to the at least one processor; and</div>
                  <div class="claim_text">memory storing computer-readable instructions that, when executed by the at least one processor, cause the network monitoring platform to:<div class="claim_text">monitor outgoing data associated with the user device and communicated via the communication network;</div>
                    <div class="claim_text">predict, based on a seasonal autoregressive integrated moving average (SARIMA) model of data volumes of the outgoing data associated with the user device, expected data volumes of outgoing data for a first set of time intervals;</div>
                    <div class="claim_text">measure, without inspecting content, data volumes of outgoing data for the first set of time intervals;</div>
                    <div class="claim_text">based on the expected data volumes for the first set of time intervals and the measured data volumes for the first set of time intervals, identify anomalies in the measured data volumes for the first set of time intervals; and</div>
                    <div class="claim_text">send, via the communication interface and based on the identification of anomalies, one or more notifications indicating the user device.</div>
                  </div>
                </div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>