公开(公告)号：US10339309B1

公开(公告)日：2019-07-02

申请号：US15618893

申请日：2017-06-09

Applicant: Bank of America Corporation

Inventor： John Howard Kling ,  Mark Earl Brubaker ,  Ronald James Kuhlmeier ,  Brian D. Diederich ,  Brandon Matthew Sloane ,  Rachel Yun Kim Bierner ,  Cora Yan Quon

IPC: G06F21/00 ,  G06F21/55 ,  G06F16/28 ,  G06F16/901

Abstract: A system for identifying anomalies in an information system is typically configured for: collecting information regarding a hierarchy of capabilities, a hierarchy of resources, capability instances, and resource instances of the information system; storing, in a graph database, nodes corresponding to the hierarchy of capabilities, hierarchy of resources, capability instances, and resource instances; collecting information regarding relationships among the hierarchy of capabilities, hierarchy of resources, capability instances, and resource instances; defining, in the graph database, edges corresponding to the relationships among the hierarchy of capabilities, hierarchy of resources, capability instances, and resource instances; collecting event and/or state data for the information system; comparing the event and/or state data to the graph database and determining that an event and/or state is anomalous; and, in response to determining that the event and/or state is anomalous, taking an information security action.