Testing environment cyber vaccine

    公开(公告)号:US10419479B2

    公开(公告)日:2019-09-17

    申请号:US15467647

    申请日:2017-03-23

    IPC分类号: H04L29/06 G06F21/53 G06F21/56

    摘要: Provided are systems, methods, and computer program products for a cyber-vaccination technique. In various implementations, the technique includes determine characteristics of a testing environment. A testing environment can be used to analyze malware programs. The technique can further include configuring a production network device with the characteristics, so that the production network device resembles the testing environment. The production network device is used for network operations, which excludes analyzing malware programs.

    Network intrusion diversion using a software defined network

    公开(公告)号:US10193924B2

    公开(公告)日:2019-01-29

    申请号:US14847470

    申请日:2015-09-08

    IPC分类号: H04L29/06

    摘要: Methods, devices, and systems are described for diverting a computer hacker from a physical or other targeted production computer to a decoy software-based host emulator that emulates the physical computer. The decoy has the exact same IP address as the physical computer. In order to avoid packet collisions, a programmable physical switch and a virtual networking switch are employed, both of which can use software-defined networking (SDN). The virtual switch prevents packets from the decoy from flowing out of its virtual network until commanded. Upon a command, the physical switch redirects specific flows to the virtual switch, and the virtual switch opens specific flows from the decoy. The specific flows are those with packets containing the hacker's computer IP address, production computer IP address, and production computer port. The packets are associated with TCP connections or UDP sessions. The decoy host emulator can be a virtual machine (VM) running alongside many other VMs in a single computer. If the hacker performs a horizontal scan of the network, additional flows are diverted to other decoy host emulators.

    ACTIVE DECEPTION SYSTEM
    3.
    发明申请

    公开(公告)号:US20170264639A1

    公开(公告)日:2017-09-14

    申请号:US15454181

    申请日:2017-03-09

    IPC分类号: H04L29/06

    摘要: Provided are methods, including computer-implemented methods or methods implemented by a network device, devices including network devices, and computer-program products for an active deception system. The active deception system can separate execution of services from deception mechanisms on a network. In particular, the active deception system can include a sensor on the network. The sensor can establish a two-way connection with a remote server executing the services. The sensor can receive communications from client devices and forward the communications to the remote server. While this forward can happen, the client devices might not be aware of the forward. In fact, the client device might only be aware that the sensor receives a communication and responds to the communication.

    USING HIGH-INTERACTION NETWORKS FOR TARGETED THREAT INTELLIGENCE

    公开(公告)号:US20170223037A1

    公开(公告)日:2017-08-03

    申请号:US15404434

    申请日:2017-01-12

    IPC分类号: H04L29/06 H04L12/26

    摘要: Provided are methods, network devices, and computer-program products for targeted threat intelligence using a high-interaction network. In some implementations, a network device in a network may receive suspect network traffic. The suspect network traffic may include network traffic identified as potentially causing harm to the network. The network device may determine that the suspect traffic is associated with an unknown threat. The network device may further analyze the suspect network traffic using a high-interaction network. In various implementations, the high-interaction network may be configured to emulate at least a part of the network. In various implementations, analyzing the suspect network traffic may include determining a behavior of the suspect network traffic in the high-interaction network. The network device may further generate indicators, where the indicators may describe the suspect network traffic. In various implementations, the indicators facilitate analysis of a network's susceptibility to the unknown threat.

    Deception mechanisms in containerized environments

    公开(公告)号:US10972503B1

    公开(公告)日:2021-04-06

    申请号:US16536217

    申请日:2019-08-08

    摘要: Provided are systems, methods, and computer-program products for deception mechanisms in a containerized environment. In various implementations, a deception platform can detect the configuration of a containerized environment, including namespaces, services, and configuration of the environment. The deception platform can determine appropriate decoy containerized services for the environment, and can deploy the decoy alongside production containerized service. The deception platform can further determine decoy breadcrumbs for luring attackers to the decoy containerized service. The decoy breadcrumbs can be injected into the environment at locations where an attacker will look for information for further infiltrating the environment. The deception platform can then monitor the decoy containerized service for unexpected accesses.

    Dynamic security mechanisms for mixed networks

    公开(公告)号:US10326796B1

    公开(公告)日:2019-06-18

    申请号:US15611731

    申请日:2017-06-01

    IPC分类号: H04L29/06

    摘要: Provided are methods, including computer-implemented methods or methods implemented by a network device, devices including network devices, and computer-program products for providing dynamic security mechanisms for mixed networks. A mixed network can include an IoT type device and a non-IoT device. Using a configuration of the network, a deception device type can be determined. A second network that includes a deception mechanism corresponding to the deception device type can be determined. A network tunnel from the mixed network to the second network can be configured. The network tunnel enables the deception mechanism to be a node on the mixed network, such that the deception mechanism can be accessed from the mixed network. The deception mechanism can be used to monitor the mixed network for network abnormalities. An action can be taken when the deception mechanism detects an abnormality.

    Tunneling for network deceptions
    9.
    发明授权

    公开(公告)号:US09979750B2

    公开(公告)日:2018-05-22

    申请号:US15498300

    申请日:2017-04-26

    IPC分类号: H04L29/06 H04L12/24

    摘要: Provided are systems, methods, and computer-program products for providing network deceptions using a network tunnel. In various implementations, a network device on a first network can be configured as a projection point. A projection point can be configured as one endpoint of a network tunnel. The other end of the network tunnel can terminate at a deception center. The deception center can host a second network, where the second network includes network devices configured as deception mechanisms. By assigning a deception mechanism a network address from the first network, the network address and the network tunnel enable the deception mechanism to appear as a node in the first network.