US 12,452,275 B2
Anomaly detection from network traffic
Nipun Mahajan, Lawrenceville, NJ (US); Pravin Kumar Sankari Bhagavathiappan, Kanyakumari District (IN); Amit Mishra, Chennai (IN); and Yogesh Raghuvanshi, Princeton, NJ (US)
Assigned to Bank of America Corporation, Charlotte, NC (US)
Filed by Bank of America Corporation, Charlotte, NC (US)
Filed on Apr. 18, 2023, as Appl. No. 18/302,122.
Prior Publication US 2024/0356944 A1, Oct. 24, 2024
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/1425 (2013.01) [H04L 63/1441 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A system for anomaly detection from network traffic, comprising:
a network interface configured to receive a set of input data streams, wherein:
each of the set of input data streams is communicated from a different data source;
at least one of the set of input data streams comprises a message that indicates an anomaly with respect to a topic associated with a software application that is hosted on a website;
the anomaly corresponds to an unexpected outcome when an operation is attempted with respect to the topic;
a hardware processor operably coupled to the network interface, and configured to:
determine the topic, the anomaly, and a set of metadata associated with the topic from the set of input data streams, wherein the set of metadata comprises at least two of:
an occurrence frequency of the anomaly with respect to the topic that is mentioned in one or more messages;
a number of data sources from which the one or more messages are received;
a timeframe window within which the one or more messages are received; or
a number of time zones associated with the one or more messages;
assign a set of weight values to the set of metadata, wherein a weight value that is assigned to a respective metadata indicates a priority for the respective metadata;
determine an accumulated weight value by combining the set of weight values;
determine whether the accumulated weight value is more than a threshold weight value;
in response to determining that the accumulated weight value is more than the threshold weight value:
determine a countermeasure action that addresses or resolves the anomalous topic; and
execute the countermeasure action, wherein executing the countermeasure action is in response to:
 parsing the website to extract content indicated on the website with respect to the software application;
 generating, based at least in part upon the extracted content and the anomalous topic, text that indicates the anomalous topic with respect to the software application is being addressed; and
 publishing the generated text on the website.