Bank of America Corporation
Method and system for identification and prevention of profiling attacks in electronic authorization systems

Abstract:

An electronic authorization system is typically configured for: receiving electronic activity requests from a plurality of source nodes; analyzing each of the electronic activity requests using a decisioning algorithm, wherein a decision boundary of the decisioning algorithm is dynamically altered while analyzing the electronic activity requests; for each of the electronic activity requests, determining an activity exposure level of the decision boundary based on (i) a distance to the decision boundary and (ii) an amount of information exposed regarding the decision boundary; for each of the plurality of source nodes, determining a source exposure level of the decision boundary based on the activity exposure levels of the decision boundary of the electronic activity requests; and in response to determining that a likelihood of decision boundary profiling by one or more first source nodes exceeds a defined threshold, performing an exposure remediation action.