-
公开(公告)号:US20170223037A1
公开(公告)日:2017-08-03
申请号:US15404434
申请日:2017-01-12
发明人: Abhishek Singh , Sreenivas Gukal
CPC分类号: H04L63/1416 , G06F21/53 , G06F21/564 , H04L41/145 , H04L43/062 , H04L51/12 , H04L63/1408 , H04L63/1425 , H04L63/1433 , H04L63/1441 , H04L63/1491
摘要: Provided are methods, network devices, and computer-program products for targeted threat intelligence using a high-interaction network. In some implementations, a network device in a network may receive suspect network traffic. The suspect network traffic may include network traffic identified as potentially causing harm to the network. The network device may determine that the suspect traffic is associated with an unknown threat. The network device may further analyze the suspect network traffic using a high-interaction network. In various implementations, the high-interaction network may be configured to emulate at least a part of the network. In various implementations, analyzing the suspect network traffic may include determining a behavior of the suspect network traffic in the high-interaction network. The network device may further generate indicators, where the indicators may describe the suspect network traffic. In various implementations, the indicators facilitate analysis of a network's susceptibility to the unknown threat.
-
公开(公告)号:US20210021640A1
公开(公告)日:2021-01-21
申请号:US16800763
申请日:2020-02-25
IPC分类号: H04L29/06
摘要: Provided are systems, methods, and computer-program products for providing network deceptions using a network tunnel. In various implementations, a network device on a first network can be configured as a projection point. A projection point can be configured as one endpoint of a network tunnel. The other end of the network tunnel can terminate at a deception farm. The deception farm can host a second network, where the second network includes network devices configured as deception mechanisms. By assigning a deception mechanism a network address from the first network, the network address and the network tunnel enable the deception mechanism to appear as a node in the first network.
-
公开(公告)号:US10230745B2
公开(公告)日:2019-03-12
申请号:US15404434
申请日:2017-01-12
发明人: Abhishek Singh , Sreenivas Gukal
摘要: Provided are methods, network devices, and computer-program products for targeted threat intelligence using a high-interaction network. In some implementations, a network device in a network may receive suspect network traffic. The suspect network traffic may include network traffic identified as potentially causing harm to the network. The network device may determine that the suspect traffic is associated with an unknown threat. The network device may further analyze the suspect network traffic using a high-interaction network. In various implementations, the high-interaction network may be configured to emulate at least a part of the network. In various implementations, analyzing the suspect network traffic may include determining a behavior of the suspect network traffic in the high-interaction network. The network device may further generate indicators, where the indicators may describe the suspect network traffic. In various implementations, the indicators facilitate analysis of a network's susceptibility to the unknown threat.
-
公开(公告)号:US20170214708A1
公开(公告)日:2017-07-27
申请号:US15405639
申请日:2017-01-13
CPC分类号: H04L63/1433 , G06F16/285 , H04L63/1408 , H04L63/1491
摘要: Provided are systems, methods, and computer-program products for a network device, configured to use data science techniques to manage the deployment of deception mechanisms in a network, where the deception mechanisms can attract and detect threats to the network. In various implementations, the network device can receive network data. The network data can include data produced by an interaction with a deception mechanism. The deception mechanism can be part of the security of the network. An interaction can include a potential threat to the network. The network device can further be configured to analyze the network data using a data science engine, including identifying a pattern of network behavior. The network device can further generate an attack pattern that includes the behavior of the potential threat. The network device can further use the attack pattern to modify deception mechanisms on the network.
-
公开(公告)号:US20180351996A1
公开(公告)日:2018-12-06
申请号:US15983418
申请日:2018-05-18
CPC分类号: H04L63/1491 , H04L41/0886 , H04L63/0272 , H04L63/029
摘要: Provided are systems, methods, and computer-program products for providing network deceptions using a network tunnel. In various implementations, a network device on a first network can be configured as a projection point. A projection point can be configured as one endpoint of a network tunnel. The other end of the network tunnel can terminate at a deception farm. The deception farm can host a second network, where the second network includes network devices configured as deception mechanisms. By assigning a deception mechanism a network address from the first network, the network address and the network tunnel enable the deception mechanism to appear as a node in the first network.
-
公开(公告)号:US09985988B2
公开(公告)日:2018-05-29
申请号:US15488387
申请日:2017-04-14
发明人: Sreenivas Gukal , Vaishali Palkar , Linh Do
CPC分类号: H04L63/1491 , G06F21/552 , H04L41/0816 , H04L41/12 , H04L43/50 , H04L45/02 , H04L63/1408 , H04L63/145
摘要: Provided are systems, methods, and computer-program products for using deceptions to detect network scans. In various implementations, a network device, configured as a decoy network device can be configured to determine a particular network address. The network device can determine that the particular network address is unassigned. The network device can configure itself with the particular network address, wherein the network device uses the particular network address to monitor network activity for a network scan. The network device can receive a packet addressed to the particular network address. The network device can determine that received packet is associated with a scan of the network, including associating the received packet with other packets in the monitored network activity. The network device can configure one or more security settings for the network when the received packet is determined to be associated with a scan of the network.
-
公开(公告)号:US20170353491A1
公开(公告)日:2017-12-07
申请号:US15488387
申请日:2017-04-14
发明人: Sreenivas Gukal , Vaishali Palkar , Linh Do
IPC分类号: H04L29/06 , H04L12/751 , H04L12/24 , G06F21/55 , H04L12/26
CPC分类号: H04L63/1491 , G06F21/552 , H04L41/0816 , H04L41/12 , H04L43/50 , H04L45/02 , H04L63/1408 , H04L63/145
摘要: Provided are systems, methods, and computer-program products for using deceptions to detect network scans. In various implementations, a network device, configured as a decoy network device can be configured to determine a particular network address. The network device can determine that the particular network address is unassigned. The network device can configure itself with the particular network address, wherein the network device uses the particular network address to monitor network activity for a network scan. The network device can receive a packet addressed to the particular network address. The network device can determine that received packet is associated with a scan of the network, including associating the received packet with other packets in the monitored network activity. The network device can configure one or more security settings for the network when the received packet is determined to be associated with a scan of the network.
-
公开(公告)号:US20170310706A1
公开(公告)日:2017-10-26
申请号:US15498300
申请日:2017-04-26
IPC分类号: H04L29/06
CPC分类号: H04L63/1491 , H04L41/0886 , H04L63/0272 , H04L63/029
摘要: Provided are systems, methods, and computer-program products for providing network deceptions using a network tunnel. In various implementations, a network device on a first network can be configured as a projection point. A projection point can be configured as one endpoint of a network tunnel. The other end of the network tunnel can terminate at a deception center. The deception center can host a second network, where the second network includes network devices configured as deception mechanisms. By assigning a deception mechanism a network address from the first network, the network address and the network tunnel enable the deception mechanism to appear as a node in the first network.
-
公开(公告)号:US20170310705A1
公开(公告)日:2017-10-26
申请号:US15496724
申请日:2017-04-25
IPC分类号: H04L29/06
CPC分类号: H04L63/1491 , H04L41/0816 , H04L41/0886 , H04L63/1408 , H04L63/1425 , H04L63/1433
摘要: Provided are methods, network devices, and computer-program products for dynamically configuring a deception mechanism in response to network traffic from a possible network threat. In various implementations, a network deception system can receive a packet from a network. The network deception system can determine an intent associated with the packet by examining the contents of the packet. The network deception system can further configure a deception mechanism to respond to the intent, for example with the appropriate network communications, software or hardware configuration, and/or data.
-
公开(公告)号:US20170223034A1
公开(公告)日:2017-08-03
申请号:US15404788
申请日:2017-01-12
发明人: Abhishek Singh , Sreenivas Gukal
CPC分类号: H04L63/1416 , G06F21/53 , G06F21/564 , H04L41/0816 , H04L41/0886 , H04L41/145 , H04L43/062 , H04L51/12 , H04L63/1408 , H04L63/1425 , H04L63/1433 , H04L63/1441 , H04L63/1491
摘要: Provided are systems, methods, and computer-program products for classifying an email as malicious. In some implementations, a malicious detection engine may configure a decoy email address. The decoy email address may include a username that is associated with the malicious email detection engine. Email directed to the decoy email address may be received by the malicious email detection engine. The malicious email detection engine may further make the decoy email address publicly available, and may receive a suspect email addressed to the decoy email address. The suspect email may include a header and content. The malicious email detection engine may analyze the header using a header analysis engine, and the content using a high-interaction network. The malicious email detection engine may determine a status for the suspect email, determination using the header and content analysis, wherein the status indicates whether the suspect email was malicious.
-
-
-
-
-
-
-
-
-
搜索结果
19 条记录 (耗时 0.047 秒)
