US 12,483,569 B2
System and method for identifying unauthorized data traffic in a computing network
Mallapragada Nagaharini, Vijayawada (IN); Rajalakshmi Arumugam, Chennai (IN); Deshpande Rukmini Ravindra, Latur (IN); Harilakshmi Narayanan, Chennai (IN); and Suhasini Mullapudi, Chennai (IN)
Assigned to Bank of America Corporation, Charlotte, NC (US)
Filed by Bank of America Corporation, Charlotte, NC (US)
Filed on Mar. 28, 2024, as Appl. No. 18/619,335.
Prior Publication US 2025/0310350 A1, Oct. 2, 2025
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/1416 (2013.01) [H04L 63/1425 (2013.01); H04L 63/20 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A system comprising:
a plurality of computing nodes of a computing network, wherein one or more of the plurality of computing nodes implement a plurality of microservice entities, wherein each microservice entity implements one or more functionalities and is configured to expose data associated with the one or more functionalities for consumption by one or more other microservice entities;
one or more databases of the computing network, wherein the databases are configured to store a plurality of data stores, wherein each data store is associated with a microservice entity and stores data exposed by the microservice entity for consumption by one or more other microservice entities; and
a processor communicatively coupled to the plurality of computing nodes and the one or more databases, wherein the processor is configured to:
obtain call logs associated with previous data exchanges between a first microservice entity and a second microservice entity, wherein the first microservice entity is configured to expose data associated with one or more functionalities and the second microservice entity is configured to consume the data associated with at least one functionality from the one or more functionalities exposed by the first microservice entity;
determine, based on the call logs, a plurality of data traffic patterns associated with known data transfers that are to take place between the first microservice entity and the second microservice entity, and potential data transfers that can take place between the first microservice entity and the second microservice entity, wherein each data traffic pattern at least comprises an identity of the first microservice entity, data exposed by the first microservice entity, an identity of the second microservice entity, and at least a portion of the data being consumed or that can be potentially consumed by the second microservice entity;
obtain one or more data policies that at least specify data the first microservice entity is authorized to expose and data the second microservice entity is authorized to consume from the first microservice entity;
determine, based on the one or more data policies that the second microservice entity is not authorized to consume a portion of the data exposed by the first microservice entity;
in response to determining that the second microservice entity is not authorized to consume the portion of the data exposed by the first microservice entity, identify a first data traffic pattern, from the plurality of data traffic patterns, that is associated with a first known data transfer or a first potential data transfer in which the second microservice entity consumes the portion of the data exposed by the first microservice entity; and
generate an alert associated with the first data traffic pattern, wherein the alert indicates that an unauthorized data transfer associated with the first data traffic pattern can occur between the first microservice entity and the second microservice entity.