-
公开(公告)号:US20170318053A1
公开(公告)日:2017-11-02
申请号:US15424736
申请日:2017-02-03
IPC分类号: H04L29/06
CPC分类号: H04L63/1491 , H04L63/1425
摘要: Methods, systems, and computer-readable mediums are described herein to provide context-aware knowledge systems and methods for deploying deception mechanisms. In some examples, a deception profiler can be used to intelligently deploy the deception mechanisms for a network. For example, a method can include identifying a network for which to deploy one or more deception mechanisms. In such an example, a deception mechanism can emulate one or more characteristics of a machine on the network. The method can further include determining one or more asset densities and a summary statistic. An asset density can be associated with a number of assets connected to the network. The summary statistic can be associated with a number of historical attacks on the network. Using at least one or more of the one or more asset densities, the summary statistic, other information associated with the network, or a combination thereof, the method can further include determining a number of deception mechanisms to deploy, and deploying the number of deception mechanisms.
-
公开(公告)号:US20170302691A1
公开(公告)日:2017-10-19
申请号:US15426346
申请日:2017-02-07
IPC分类号: H04L29/06
CPC分类号: H04L63/1425 , G06F17/30958 , H04L43/026 , H04L43/045 , H04L63/0272 , H04L63/1408 , H04L63/1458 , H04L63/1491 , H04L2463/146
摘要: This disclosure is related to using network flow information of a network to determine the trajectory of an attack. In some examples, an adjacency data structure is generated for a network. The adjacency data structure can include a machine of the network that has interacted with another machine of the network. The network can further include one or more deception mechanisms. The deception mechanisms can indicate that an attack is occurring when a machine interacts with one of the deception mechanisms. When the attack is occurring, attack trajectory information can be generated by locating in the adjacency data structure the machine that interacted with the deception mechanism. The attack trajectory information can correlate the information from the interaction with the deception mechanism, the interaction information of the network, and machine information for each machine to determine a possible trajectory of an adversary.
-
公开(公告)号:US09773109B2
公开(公告)日:2017-09-26
申请号:US15400799
申请日:2017-01-06
发明人: Yadong Zhang , Ching-Hai Tsai , Johnson L. Wu , Craig A. Schultz
CPC分类号: G06F21/55 , G06F21/6218
摘要: Methods and systems are presented of presenting false and/or decoy content to an intruder operating on a computer system by obfuscating critical files on a computer storage device with data that directs subsequent infiltration and propagation to designated decoy hosts and decoy applications.Method and systems are provided for selectively presenting different contents to different viewers/users of application resource files for the purpose of preventing the valuable content from being read, tampered with, exfiltrated, or used as a means to perform subsequent attacks on network resources.
-
公开(公告)号:US20170214708A1
公开(公告)日:2017-07-27
申请号:US15405639
申请日:2017-01-13
CPC分类号: H04L63/1433 , G06F16/285 , H04L63/1408 , H04L63/1491
摘要: Provided are systems, methods, and computer-program products for a network device, configured to use data science techniques to manage the deployment of deception mechanisms in a network, where the deception mechanisms can attract and detect threats to the network. In various implementations, the network device can receive network data. The network data can include data produced by an interaction with a deception mechanism. The deception mechanism can be part of the security of the network. An interaction can include a potential threat to the network. The network device can further be configured to analyze the network data using a data science engine, including identifying a pattern of network behavior. The network device can further generate an attack pattern that includes the behavior of the potential threat. The network device can further use the attack pattern to modify deception mechanisms on the network.
-
公开(公告)号:US09350751B2
公开(公告)日:2016-05-24
申请号:US14694853
申请日:2015-04-23
IPC分类号: G06F15/173 , H04L29/06 , H04L12/24
CPC分类号: H04L63/1425 , G06F9/45533 , H04L41/12 , H04L63/0209 , H04L63/1491
摘要: A shadow network, which can be a virtual reproduction of a real, physical, base computer network, is described. Shadow networks duplicate the topology, services, host, and network traffic of the base network using shadow hosts, which are low interaction, minimal-resource-using host emulators. The shadow networks are connected to the base network through virtual switches, etc. in order to form a large obfuscated network. When a hacker probes into a host emulator, a more resource-intensive virtual machine can be swapped in to take its place. When a connection is attempted from a host emulator to a physical computer, the a host emulator can step in to take the place of the physical computer, and software defined networking (SDN) can prevent collisions between the duplicated IP addresses. Replicating the shadow networks within the network introduces problems for hackers and allows a system administrator easier ways to identify intrusions.
-
公开(公告)号:US20220329627A1
公开(公告)日:2022-10-13
申请号:US17535467
申请日:2021-11-24
IPC分类号: H04L9/40
摘要: Provided are systems, methods, and computer-program products for providing network deceptions using a network tunnel. In various implementations, a network device on a first network can be configured as a projection point. A projection point can be configured as one endpoint of a network tunnel. The other end of the network tunnel can terminate at a deception farm. The deception farm can host a second network, where the second network includes network devices configured as deception mechanisms. By assigning a deception mechanism a network address from the first network, the network address and the network tunnel enable the deception mechanism to appear as a node in the first network.
-
公开(公告)号:US11212315B2
公开(公告)日:2021-12-28
申请号:US16800763
申请日:2020-02-25
摘要: Provided are systems, methods, and computer-program products for providing network deceptions using a network tunnel. In various implementations, a network device on a first network can be configured as a projection point. A projection point can be configured as one endpoint of a network tunnel. The other end of the network tunnel can terminate at a deception farm. The deception farm can host a second network, where the second network includes network devices configured as deception mechanisms. By assigning a deception mechanism a network address from the first network, the network address and the network tunnel enable the deception mechanism to appear as a node in the first network.
-
公开(公告)号:US10348763B2
公开(公告)日:2019-07-09
申请号:US15496724
申请日:2017-04-25
摘要: Provided are methods, network devices, and computer-program products for dynamically configuring a deception mechanism in response to network traffic from a possible network threat. In various implementations, a network deception system can receive a packet from a network. The network deception system can determine an intent associated with the packet by examining the contents of the packet. The network deception system can further configure a deception mechanism to respond to the intent, for example with the appropriate network communications, software or hardware configuration, and/or data.
-
公开(公告)号:US10270789B2
公开(公告)日:2019-04-23
申请号:US15404693
申请日:2017-01-12
发明人: Abhishek Singh
摘要: Provided are systems, methods, and computer-program products for a targeted threat intelligence engine, implemented in a network device. The network device may receive incident data, which may include information derived starting at detection of an attack on the network until detection of an event. The network device may include analytic engines that run in a predetermined order. An analytic engine can analyze incident data of a certain data type, and can produce a result indicating whether a piece of data is associated with the attack. The network device may produce a report of the attack, which may include correlating the results from the analytic engines. The report may provide information about a sequence of events that occurred in the course of the attack. The network device may use the record of the attack to generate indicators, which may describe the attack, and may facilitate configuring security for a network.
-
公开(公告)号:US10218741B2
公开(公告)日:2019-02-26
申请号:US15467276
申请日:2017-03-23
摘要: Provided are systems, methods, and computer program products for a cyber-vaccination technique. In various implementations, the cyber-vaccination technique includes using a network device that is infected by a malware program to determining a marker generated by the malware program. The marker may indicate to the malware program that the network device has been infected by the malware program. Determining the marker can include identifying a placement of the marker on the network device. The technique further includes identifying one or more other network devices that have not previously been infected by the malware program. The technique further includes automatically distributing copies of the marker. When a copy of the marker is received at one of the previously identified, uninfected network devices, the identified network device can place the marker on the identified network device according to the identified placement.
-
-
-
-
-
-
-
-
-
搜索结果
47 条记录 (耗时 0.028 秒)
