-
公开(公告)号:US10419479B2
公开(公告)日:2019-09-17
申请号:US15467647
申请日:2017-03-23
摘要: Provided are systems, methods, and computer program products for a cyber-vaccination technique. In various implementations, the technique includes determine characteristics of a testing environment. A testing environment can be used to analyze malware programs. The technique can further include configuring a production network device with the characteristics, so that the production network device resembles the testing environment. The production network device is used for network operations, which excludes analyzing malware programs.
-
公开(公告)号:US10193924B2
公开(公告)日:2019-01-29
申请号:US14847470
申请日:2015-09-08
IPC分类号: H04L29/06
摘要: Methods, devices, and systems are described for diverting a computer hacker from a physical or other targeted production computer to a decoy software-based host emulator that emulates the physical computer. The decoy has the exact same IP address as the physical computer. In order to avoid packet collisions, a programmable physical switch and a virtual networking switch are employed, both of which can use software-defined networking (SDN). The virtual switch prevents packets from the decoy from flowing out of its virtual network until commanded. Upon a command, the physical switch redirects specific flows to the virtual switch, and the virtual switch opens specific flows from the decoy. The specific flows are those with packets containing the hacker's computer IP address, production computer IP address, and production computer port. The packets are associated with TCP connections or UDP sessions. The decoy host emulator can be a virtual machine (VM) running alongside many other VMs in a single computer. If the hacker performs a horizontal scan of the network, additional flows are diverted to other decoy host emulators.
-
公开(公告)号:US20170264639A1
公开(公告)日:2017-09-14
申请号:US15454181
申请日:2017-03-09
IPC分类号: H04L29/06
CPC分类号: H04L63/1491 , H04L63/029 , H04L63/1408
摘要: Provided are methods, including computer-implemented methods or methods implemented by a network device, devices including network devices, and computer-program products for an active deception system. The active deception system can separate execution of services from deception mechanisms on a network. In particular, the active deception system can include a sensor on the network. The sensor can establish a two-way connection with a remote server executing the services. The sensor can receive communications from client devices and forward the communications to the remote server. While this forward can happen, the client devices might not be aware of the forward. In fact, the client device might only be aware that the sensor receives a communication and responds to the communication.
-
公开(公告)号:US20170223037A1
公开(公告)日:2017-08-03
申请号:US15404434
申请日:2017-01-12
发明人: Abhishek Singh , Sreenivas Gukal
CPC分类号: H04L63/1416 , G06F21/53 , G06F21/564 , H04L41/145 , H04L43/062 , H04L51/12 , H04L63/1408 , H04L63/1425 , H04L63/1433 , H04L63/1441 , H04L63/1491
摘要: Provided are methods, network devices, and computer-program products for targeted threat intelligence using a high-interaction network. In some implementations, a network device in a network may receive suspect network traffic. The suspect network traffic may include network traffic identified as potentially causing harm to the network. The network device may determine that the suspect traffic is associated with an unknown threat. The network device may further analyze the suspect network traffic using a high-interaction network. In various implementations, the high-interaction network may be configured to emulate at least a part of the network. In various implementations, analyzing the suspect network traffic may include determining a behavior of the suspect network traffic in the high-interaction network. The network device may further generate indicators, where the indicators may describe the suspect network traffic. In various implementations, the indicators facilitate analysis of a network's susceptibility to the unknown threat.
-
公开(公告)号:US20170206349A1
公开(公告)日:2017-07-20
申请号:US15400799
申请日:2017-01-06
发明人: Yadong Zhang , Ching-Hai Tsai , Johnson L. Wu , Craig A. Schultz
CPC分类号: G06F21/55 , G06F21/6218
摘要: Methods and systems are presented of presenting false and/or decoy content to an intruder operating on a computer system by obfuscating critical files on a computer storage device with data that directs subsequent infiltration and propagation to designated decoy hosts and decoy applications.Method and systems are provided for selectively presenting different contents to different viewers/users of application resource files for the purpose of preventing the valuable content from being read, tampered with, exfiltrated, or used as a means to perform subsequent attacks on network resources.
-
公开(公告)号:US09680867B2
公开(公告)日:2017-06-13
申请号:US14615054
申请日:2015-02-05
发明人: Chad O. Hughes , Steven M. Silva
CPC分类号: H04L63/1466 , G06F11/3414 , G06F13/10 , G06F15/16 , H04L41/12 , H04L41/145 , H04L61/1529 , H04L61/2007 , H04L61/6022 , H04L63/00
摘要: Methods, devices, and systems are disclosed for simulating a large, realistic computer network. Virtual actors statistically emulate the behaviors of humans using networked devices or responses and automatic functions of networked equipment, and their stochastic actions are queued in buffer pools by a behavioral engine. An abstract machine engine creates the minimal interfaces needed for each actor, and the interfaces then communicate persistently over a network with each other and real and virtual network resources to form realistic network traffic. The network can respond to outside stimuli, such as a network mapping application, by responding with false views of the network in order to spoof hackers, and the actors can respond by altering a software defined network upon which they operate.
-
公开(公告)号:US10972503B1
公开(公告)日:2021-04-06
申请号:US16536217
申请日:2019-08-08
摘要: Provided are systems, methods, and computer-program products for deception mechanisms in a containerized environment. In various implementations, a deception platform can detect the configuration of a containerized environment, including namespaces, services, and configuration of the environment. The deception platform can determine appropriate decoy containerized services for the environment, and can deploy the decoy alongside production containerized service. The deception platform can further determine decoy breadcrumbs for luring attackers to the decoy containerized service. The decoy breadcrumbs can be injected into the environment at locations where an attacker will look for information for further infiltrating the environment. The deception platform can then monitor the decoy containerized service for unexpected accesses.
-
公开(公告)号:US10326796B1
公开(公告)日:2019-06-18
申请号:US15611731
申请日:2017-06-01
IPC分类号: H04L29/06
摘要: Provided are methods, including computer-implemented methods or methods implemented by a network device, devices including network devices, and computer-program products for providing dynamic security mechanisms for mixed networks. A mixed network can include an IoT type device and a non-IoT device. Using a configuration of the network, a deception device type can be determined. A second network that includes a deception mechanism corresponding to the deception device type can be determined. A network tunnel from the mixed network to the second network can be configured. The network tunnel enables the deception mechanism to be a node on the mixed network, such that the deception mechanism can be accessed from the mixed network. The deception mechanism can be used to monitor the mixed network for network abnormalities. An action can be taken when the deception mechanism detects an abnormality.
-
公开(公告)号:US09979750B2
公开(公告)日:2018-05-22
申请号:US15498300
申请日:2017-04-26
CPC分类号: H04L63/1491 , H04L41/0886 , H04L63/0272 , H04L63/029
摘要: Provided are systems, methods, and computer-program products for providing network deceptions using a network tunnel. In various implementations, a network device on a first network can be configured as a projection point. A projection point can be configured as one endpoint of a network tunnel. The other end of the network tunnel can terminate at a deception center. The deception center can host a second network, where the second network includes network devices configured as deception mechanisms. By assigning a deception mechanism a network address from the first network, the network address and the network tunnel enable the deception mechanism to appear as a node in the first network.
-
公开(公告)号:US09961099B2
公开(公告)日:2018-05-01
申请号:US15426346
申请日:2017-02-07
CPC分类号: H04L63/1425 , G06F17/30958 , H04L43/026 , H04L43/045 , H04L63/0272 , H04L63/1408 , H04L63/1458 , H04L63/1491 , H04L2463/146
摘要: This disclosure is related to using network flow information of a network to determine the trajectory of an attack. In some examples, an adjacency data structure is generated for a network. The adjacency data structure can include a machine of the network that has interacted with another machine of the network. The network can further include one or more deception mechanisms. The deception mechanisms can indicate that an attack is occurring when a machine interacts with one of the deception mechanisms. When the attack is occurring, attack trajectory information can be generated by locating in the adjacency data structure the machine that interacted with the deception mechanism. The attack trajectory information can correlate the information from the interaction with the deception mechanism, the interaction information of the network, and machine information for each machine to determine a possible trajectory of an adversary.
-
-
-
-
-
-
-
-
-