Search

US-12627701-B2 - System and method for determining network pathway security vulnerabilities

US12627701B2US 12627701 B2US12627701 B2US 12627701B2US-12627701-B2

Abstract

A system for real-time monitoring of network pathways includes a memory for storing network node information and a processor configured to periodically receive information for each node associated with a plurality of network pathways. The information may include response time, geographic location, failure rate, and latency. The processor calculates a score that indicates each node's reliability. Each of the plurality of attributes is given a different weight during the calculation. The processor then calculates an aggregated network pathway score for each of the plurality of network pathways to indicate a particular pathway's reliability. The aggregated network pathway score is calculated based at least in part upon the score of each node associated with each of the plurality of network pathways. Once the aggregated network pathway score is calculated, a first network pathway is identified based at least in part upon the aggregated network pathway score.

Inventors

  • Shailendra Singh
  • Saurabh Gupta
  • Usha Rani Alluru
  • Amit Bhandari

Assignees

  • BANK OF AMERICA CORPORATION

Dates

Publication Date
20260512
Application Date
20240402

Claims (17)

  1. 1 . A system for real-time monitoring of network pathways, the system comprising: a memory configured to store network node information; and a processor operably coupled to the memory and configured to: receive information periodically from each node of a plurality of network pathways, wherein the information comprises a plurality of attributes of each node, the plurality of attributes includes at least response time, geographic location, failure rate, and latency; store the received information in the memory; receive a request from an external device to perform a first action using one of the plurality of network pathways; calculate a score for each node of the plurality of network pathways using the received information stored in the memory, wherein during the calculation, each of the plurality of attributes is given a different weight based at least in part upon predetermined criteria, and wherein the calculated score for each node indicates each node's reliability; calculate for each of the plurality of network pathways an aggregated network pathway score, wherein the aggregated network pathway score is calculated based at least in part upon the score of each node associated with each of the plurality of network pathways, wherein the aggregated network pathway score indicates a particular pathway's reliability; identify a first network pathway from among the plurality of network pathways based on at least in part upon the aggregated network pathway score for each of the plurality of network pathways; and perform the first action using the identified first network pathway; wherein identifying the first network pathway for performing the first action comprises: comparing the aggregated network pathway score for each of the plurality of network pathways; determining a network pathway that has a highest aggregated network pathway score as the first network pathway; comparing the highest aggregated network pathway score to a predetermined threshold; and performing multi-factor authentication when the highest aggregated network pathway score is less than the predetermined threshold.
  2. 2 . The system of claim 1 , wherein the calculating the score for each node is performed using a neural network.
  3. 3 . The system of claim 2 , wherein the neural network is a convolutional neural network.
  4. 4 . The system of claim 2 , wherein the processor is further configured to: receive, after performing the first action, feedback from each node of the first network pathway; and use the feedback from each node to update the neural network.
  5. 5 . The system of claim 1 , wherein the predetermined criteria are determined by an organization associated with the first action.
  6. 6 . The system of claim 1 , wherein the plurality of attributes of each node further comprise software version of each node and security status of each node.
  7. 7 . The system of claim 1 , wherein the plurality of attributes of each node further comprise previous indications of fraud associated with each node.
  8. 8 . A method for real-time monitoring of network pathways, comprising: receiving information periodically from each node of a plurality of network pathways, wherein the information comprises a plurality of attributes of each node, the plurality of attributes includes at least response time, geographic location, failure rate, and latency; storing the received information in a memory; receiving a request from an external device to perform a first action using one of the plurality of network pathways; calculating a score for each node of the plurality of network pathways using the received information stored in the memory, wherein during the calculation, each of the plurality of attributes is given a different weight based at least in part upon predetermined criteria, and wherein the calculated score for each node indicates each node's reliability; calculating for each of the plurality of network pathways an aggregated network pathway score, wherein the aggregated network pathway score is calculated based at least in part upon the score of each node associated with each of the plurality of network pathways, wherein the aggregated network pathway score indicates a particular pathway's reliability; identifying a first network pathway from among the plurality of network pathways based on at least in part upon the aggregated network pathway score for each of the plurality of network pathways; and performing the first action using the identified first network pathway; wherein identifying the first network pathway to perform the first action includes: comparing the aggregated network pathway score for each of the plurality of network pathways; determining a network pathway that has a highest aggregated network pathway score as the first network pathway; comparing the highest aggregated network pathway score to a predetermined threshold; and performing multi-factor authentication when the highest aggregated network pathway score is less than the predetermined threshold.
  9. 9 . The method of claim 8 , wherein the calculating the score for each node is performed using a neural network.
  10. 10 . The method of claim 9 , wherein the neural network is a convolutional neural network.
  11. 11 . The method of claim 10 , further comprising: receiving, after performing the first action, feedback from each node of the first network pathway; and using the feedback from each node to update the neural network.
  12. 12 . The method of claim 9 , wherein the plurality of attributes of each node further comprises a software version of the node and a security status of each node.
  13. 13 . A non-transitory computer-readable medium storing instructions that when executed by a processor cause the processor to: receive information periodically from each node of a plurality of network pathways, wherein the information comprises a plurality of attributes of each node, the plurality of attributes includes at least response time, geographic location, failure rate, and latency; store the received information in a memory; receive a request from an external device to perform a first action using one of the plurality of network pathways; calculate a score for each node of the plurality of network pathways using the received information stored in the memory, wherein during the calculation, each of the plurality of attributes is given a different weight based at least in part upon predetermined criteria, and wherein the calculated score for each node indicates each node's reliability; calculate for each of the plurality of network pathways an aggregated network pathway score, wherein the aggregated network pathway score is calculated based at least in part upon the score of each node associated with each of the plurality of network pathways, wherein the aggregated network pathway score indicates a particular pathway's reliability; identify a first network pathway from among the plurality of network pathways based on at least in part upon the aggregated network pathway score for each of the plurality of network pathways; and perform the first action using the identified first network pathway; wherein identifying the first network pathway for performing the first action comprises: comparing the aggregated network pathway score for each of the plurality of network pathways; determining a network pathway that has a highest aggregated network pathway score as the first network pathway; comparing the highest aggregated network pathway score to a predetermined threshold; and performing multi-factor authentication when the highest aggregated network pathway score is less than the predetermined threshold.
  14. 14 . The non-transitory computer-readable medium of claim 13 , wherein the processor calculates the score for each node using a neural network.
  15. 15 . The non-transitory computer-readable medium of claim 14 , wherein the neural network is a convolutional neural network.
  16. 16 . The non-transitory computer-readable medium of claim 15 , wherein the instructions further cause the processor to: receive, after performing the first action, feedback from each node of the first network pathway; and use the feedback from each node to update the neural network.
  17. 17 . The non-transitory computer-readable medium of claim 13 , wherein the plurality of attributes of each node further comprise previous indications of fraud associated with each node.

Description

TECHNICAL FIELD The present disclosure relates generally to network communications and, more specifically, to a system and method for determining network pathway security vulnerabilities. BACKGROUND For many activities, there is a need to communicate data reliably and securely over large networks, including the Internet. However, since many of these networks include multiple nodes and paths, bad actors often have numerous opportunities to intercept and interfere with the data. This may result in the activities being unable to be performed, sensitive information being passed to the bad actors, and/or other fraudulent data uses. SUMMARY The system and method disclosed in the present application provide a technical solution to the technical problems discussed above by providing the capability to monitor network pathways in real-time and identify a pathway that has reduced security vulnerabilities. Monitoring is performed by periodically receiving information about various attributes for each node associated with a network pathway. The attributes are each given a separate weight, and a score may be calculated for each node, which reflects the ability and/or probability that the node may reliably transmit the data and/or the probability that the node is compromised. The score for each node is then used to calculate an aggregated pathway score for each pathway that uses the node. The aggregated pathway score may be determined by calculating an average score for all the nodes associated with a given pathway. The pathways with the highest score, indicating that the pathway has high reliability and/or low probability of being compromised, may be used when performing an action. The attributes may include information related to a node's response time, geographic location, failure rate, and latency. Other attributes may include if fraud has been previously detected on a node and considerations of the node's current software and security settings. Other attributes of the node and the pathway as a whole may be considered for calculating the score for a given node and the network depending on an organization's preference and needs, attacks previously detected for a given action or type of data, and as the nature of the network, data, actions, and attacks evolve. Similarly, the weight given to any given attribute or node in calculating a node's score and the aggregate pathway score may be determined based on an organization's preference and needs, previously detected attacks, and changes needed as the nature of the network, data, actions, and attacks evolve. Alternatively, the weight given may be determined by a neural network such as a convolutional neural network that is continuously updated using the real-time monitoring of the various nodes and network paths. In one embodiment, the disclosed system performs real-time monitoring of network pathways. The system includes a memory for storing network node information and a processor operably coupled to the memory. The processor is configured to receive information periodically from each node of a plurality of network pathways. The information comprises a plurality of attributes of each node, including at least response time, geographic location, failure rate, and latency. The received information is then stored in the memory. The processor then receives a request from an external device to perform a first action using one of the plurality of network pathways. The processor calculates a score for each node of the plurality of network pathways, indicating each node's reliability using the received information stored in the memory. During the calculation, each of the plurality of attributes is given a different weight based at least in part upon predetermined criteria. The processor then calculates an aggregated network pathway score for each of the plurality of network pathways, indicating the reliability of each network pathway. The aggregated network pathway score is based, at least in part, upon the score of each node associated with each of the plurality of network pathways. Based on at least the aggregated network pathway score for each of the plurality of network pathways, the processor then identifies the first network pathway. The first action is then performed using the identified first network pathway. The disclosed system provides several practical applications, such as providing an efficient manner for choosing from a plurality of network pathways the best network pathway to use. Scoring each node in real-time based on several predetermined criteria allows for identifying problematic nodes and/or pathways in real-time. This will enable actions to be taken automatically and quickly to avoid problematic or corrupted nodes and/or pathways. The data may be transmitted in a reliable and secure manner by re-routing it using currently safe and reliable pathways and/or taking preventative actions such as requiring multi-factor authentication when using vulnerable nodes.