US 12,111,933 B2
System and method for dynamically updating existing threat models based on newly identified active threats
Jack Lawson Bishop, III, Evanston, IL (US); Robert Hurlbut, Enfield, CT (US); and Jason Conrad Starin, Huntersville, NC (US)
Assigned to Bank of America Corporation, Charlotte, NC (US)
Filed by BANK OF AMERICA CORPORATION, Charlotte, NC (US)
Filed on Feb. 7, 2022, as Appl. No. 17/650,168.
Prior Publication US 2023/0252158 A1, Aug. 10, 2023
Int. Cl. G06F 21/57 (2013.01); G06F 40/194 (2020.01)
CPC G06F 21/577 (2013.01) [G06F 40/194 (2020.01); G06F 2221/033 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A system comprising:
a database comprising data associated with a known security threat, wherein the data for the known security threat comprises a first description associated with the known security threat;
a memory comprising a threat model associated with a software application; and
a hardware processor communicatively coupled to the memory and to the database, the hardware processor configured to:
monitor the database at a regular interval to determine whether the database receives data associated with a new security threat, wherein the data associated with the new security threat comprises a new description associated with the new security threat;
in response to determining that the data associated with the new security threat is added to the database, the processor is configured to:
extract, based on natural language processing of the first description, information associated with the first description;
extract, based on natural language processing of the new description, information associated with the new description;
determine, based on a comparison of the information associated with the first description and the information associated with the new description, that the new security threat does not correspond to the known security threat in the database;
in response to determining that the new security threat does not correspond to the known security threat in the database, the processor is further configured to:
identify, based on natural language processing of the new description associated with the new security threat, one or more attributes of software susceptible to the new security threat;
identify, based on natural language processing of the threat model, one or more attributes of the software application;
determine, based on a comparison between the one or more attributes of software susceptible to the new security threat and the one or more attributes of the software application, that the software application is susceptible to the new security threat; and
in response to determining that the software application is susceptible to the new security threat, update the threat model to reflect the susceptibility of the software application to the new security threat.