-
公开(公告)号:US10419479B2
公开(公告)日:2019-09-17
申请号:US15467647
申请日:2017-03-23
摘要: Provided are systems, methods, and computer program products for a cyber-vaccination technique. In various implementations, the technique includes determine characteristics of a testing environment. A testing environment can be used to analyze malware programs. The technique can further include configuring a production network device with the characteristics, so that the production network device resembles the testing environment. The production network device is used for network operations, which excludes analyzing malware programs.
-
公开(公告)号:US20180198801A1
公开(公告)日:2018-07-12
申请号:US15467642
申请日:2017-03-23
IPC分类号: H04L29/06
CPC分类号: H04L63/1416 , G06F21/53 , H04L63/145 , H04L63/1491
摘要: Provided are systems, methods, and computer program products for a cyber-antibody technique. In various implementations, the technique includes monitoring, by a network device infected with an unknown malware program, packets set by the network device onto a network. The technique further includes identifying a packet that is associated with the unknown malware program. The packet can be identified from among the monitored packets. Identifying the packet can include determining a characteristic of the packet. The technique further includes identifying packets that have a characteristic similar to the characteristic of the packet. The technique can further include inserting data associated with a known malware program into the identified packets. The technique can further include distributing the characteristic to other network devices, to similarly taint packets that may be issued from those other network devices.
-
公开(公告)号:US20170310704A1
公开(公告)日:2017-10-26
申请号:US15496716
申请日:2017-04-25
IPC分类号: H04L29/06
CPC分类号: H04L63/1491 , H04L41/0816 , H04L41/0886 , H04L63/1408 , H04L63/1425 , H04L63/1433
摘要: Provided are methods, network devices, and computer-program products for a network deception system. The network deception system can engage a network threat with a deception mechanism, and dynamically escalating the deception to maintain the engagement. The system can include super-low, low, and high-interaction deceptions. The super-low deceptions can respond to requests for address information, and requires few computing resources. When network traffic directed to the super-low deception requires a more complex response, the system can initiate a low-interaction deception. The low-interaction deception can emulate multiple devices, which can give the low-interaction deception away as a deception. Hence, when the network traffic includes an attempted connection, the system can initiate a high-interaction deception. The high-interaction more closely emulates a network device, and can be more difficult to identify as a deception. The high-interaction deception can fully engage a network threat, and can be initiated only as needed.
-
公开(公告)号:US20190199748A1
公开(公告)日:2019-06-27
申请号:US16293520
申请日:2019-03-05
CPC分类号: H04L63/1491 , G06F21/53 , G06F21/566 , G06F21/568 , H04L63/1416 , H04L63/145
摘要: Provided are systems, methods, and computer program products for a cyber-vaccination technique. In various implementations, the technique includes determine characteristics of a testing environment. A testing environment can be used to analyze malware programs. The technique can further include configuring a production network device with the characteristics, so that the production network device resembles the testing environment. The production network device is used for network operations, which excludes analyzing malware programs.
-
公开(公告)号:US10104120B2
公开(公告)日:2018-10-16
申请号:US15467642
申请日:2017-03-23
摘要: Provided are systems, methods, and computer program products for a cyber-antibody technique. In various implementations, the technique includes monitoring, by a network device infected with an unknown malware program, packets set by the network device onto a network. The technique further includes identifying a packet that is associated with the unknown malware program. The packet can be identified from among the monitored packets. Identifying the packet can include determining a characteristic of the packet. The technique further includes identifying packets that have a characteristic similar to the characteristic of the packet. The technique can further include inserting data associated with a known malware program into the identified packets. The technique can further include distributing the characteristic to other network devices, to similarly taint packets that may be issued from those other network devices.
-
公开(公告)号:US20170310705A1
公开(公告)日:2017-10-26
申请号:US15496724
申请日:2017-04-25
IPC分类号: H04L29/06
CPC分类号: H04L63/1491 , H04L41/0816 , H04L41/0886 , H04L63/1408 , H04L63/1425 , H04L63/1433
摘要: Provided are methods, network devices, and computer-program products for dynamically configuring a deception mechanism in response to network traffic from a possible network threat. In various implementations, a network deception system can receive a packet from a network. The network deception system can determine an intent associated with the packet by examining the contents of the packet. The network deception system can further configure a deception mechanism to respond to the intent, for example with the appropriate network communications, software or hardware configuration, and/or data.
-
公开(公告)号:US10348763B2
公开(公告)日:2019-07-09
申请号:US15496724
申请日:2017-04-25
摘要: Provided are methods, network devices, and computer-program products for dynamically configuring a deception mechanism in response to network traffic from a possible network threat. In various implementations, a network deception system can receive a packet from a network. The network deception system can determine an intent associated with the packet by examining the contents of the packet. The network deception system can further configure a deception mechanism to respond to the intent, for example with the appropriate network communications, software or hardware configuration, and/or data.
-
公开(公告)号:US10218741B2
公开(公告)日:2019-02-26
申请号:US15467276
申请日:2017-03-23
摘要: Provided are systems, methods, and computer program products for a cyber-vaccination technique. In various implementations, the cyber-vaccination technique includes using a network device that is infected by a malware program to determining a marker generated by the malware program. The marker may indicate to the malware program that the network device has been infected by the malware program. Determining the marker can include identifying a placement of the marker on the network device. The technique further includes identifying one or more other network devices that have not previously been infected by the malware program. The technique further includes automatically distributing copies of the marker. When a copy of the marker is received at one of the previously identified, uninfected network devices, the identified network device can place the marker on the identified network device according to the identified placement.
-
公开(公告)号:US10033762B2
公开(公告)日:2018-07-24
申请号:US15496716
申请日:2017-04-25
摘要: Provided are methods, network devices, and computer-program products for a network deception system. The network deception system can engage a network threat with a deception mechanism, and dynamically escalating the deception to maintain the engagement. The system can include super-low, low, and high-interaction deceptions. The super-low deceptions can respond to requests for address information, and requires few computing resources. When network traffic directed to the super-low deception requires a more complex response, the system can initiate a low-interaction deception. The low-interaction deception can emulate multiple devices, which can give the low-interaction deception away as a deception. Hence, when the network traffic includes an attempted connection, the system can initiate a high-interaction deception. The high-interaction more closely emulates a network device, and can be more difficult to identify as a deception. The high-interaction deception can fully engage a network threat, and can be initiated only as needed.
-
公开(公告)号:US20180198821A1
公开(公告)日:2018-07-12
申请号:US15467276
申请日:2017-03-23
IPC分类号: H04L29/06
CPC分类号: H04L63/1491 , G06F21/53 , G06F21/566 , G06F21/568 , H04L63/1416 , H04L63/145
摘要: Provided are systems, methods, and computer program products for a cyber-vaccination technique. In various implementations, the cyber-vaccination technique includes using a network device that is infected by a malware program to determining a marker generated by the malware program. The marker may indicate to the malware program that the network device has been infected by the malware program. Determining the marker can include identifying a placement of the marker on the network device. The technique further includes identifying one or more other network devices that have not previously been infected by the malware program. The technique further includes automatically distributing copies of the marker. When a copy of the marker is received at one of the previously identified, uninfected network devices, the identified network device can place the marker on the identified network device according to the identified placement.
-
-
-
-
-
-
-
-
-
搜索结果
11 条记录 (耗时 0.018 秒)
