Scarecrow for data security
First Claim
Patent Images
1. A computer-implemented method comprising:
- receiving information pertaining to network data traffic being communicated between a protected resource that is network accessible and a plurality of computers, including a first computer that is at least partially under the control of a user;
determining, by machine logic performed by a machine, and based at least in part on a set of detection rules, and the information, that the plurality of computers are acting in concert to perform a hacking transaction with respect to the protected resource; and
in response to determining that the plurality of computers are acting in concert to perform the hacking transaction;
generating, by machine logic performed by a machine, a plurality of scarecrow messages, respectively corresponding to the plurality of computers, designed for display in human understandable form and format,sending the plurality of scarecrow messages, through a network communication channel, to respectively corresponding computers of the plurality of computers, andsending, by machine logic performed by a machine, a security alert to a security product;
wherein;
the set of detection rules enables detection of at least one indicator of a hacking transaction where the indicator of the hacking transaction is any set of communication(s) from the first computer that tend to indicate that the first computer is engaged in subverting security of the protected resource; and
each respective scarecrow message is a customized warning message, the content of which comprises an element that is selected from the group consisting of;
an internet protocol (IP) address associated with the respectively corresponding computer;
a phantom background process; and
a log-in chain associated with the respectively corresponding computer.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, computer program product and/or system receives information pertaining to network data traffic from and/or to a network accessible resource, analyzes the information to determine whether a user is engaged in potential hacking transaction(s) with respect to the resource. On condition that the user is determined to be engaged in potential hacking transaction(s), a “scarecrow” message designed for display to the user, is generated and sent to the user.
-
Citations
15 Claims
-
1. A computer-implemented method comprising:
-
receiving information pertaining to network data traffic being communicated between a protected resource that is network accessible and a plurality of computers, including a first computer that is at least partially under the control of a user; determining, by machine logic performed by a machine, and based at least in part on a set of detection rules, and the information, that the plurality of computers are acting in concert to perform a hacking transaction with respect to the protected resource; and in response to determining that the plurality of computers are acting in concert to perform the hacking transaction; generating, by machine logic performed by a machine, a plurality of scarecrow messages, respectively corresponding to the plurality of computers, designed for display in human understandable form and format, sending the plurality of scarecrow messages, through a network communication channel, to respectively corresponding computers of the plurality of computers, and sending, by machine logic performed by a machine, a security alert to a security product; wherein; the set of detection rules enables detection of at least one indicator of a hacking transaction where the indicator of the hacking transaction is any set of communication(s) from the first computer that tend to indicate that the first computer is engaged in subverting security of the protected resource; and each respective scarecrow message is a customized warning message, the content of which comprises an element that is selected from the group consisting of;
an internet protocol (IP) address associated with the respectively corresponding computer;
a phantom background process; and
a log-in chain associated with the respectively corresponding computer. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer program product comprising a computer readable storage medium having stored thereon:
-
first program instructions programmed to receive information pertaining to network data traffic being communicated between a protected resource that is network accessible and a plurality of computers, including a first computer that is at least partially under the control of a user; second program instructions programmed to determine, by machine logic performed by a machine, and based at least in part on a set of detection rules, and the information, that the plurality of computers are acting in concert to perform a hacking transaction with respect to the protected resource; and in response to determining that the plurality of computers are acting in concert to perform the hacking transaction; third program instructions programmed to generate a plurality of scarecrow messages, respectively corresponding to the plurality of computers, designed for display in human understandable form and format, fourth program instructions programmed to send the plurality of scarecrow messages, through a network communication channel, to the respectively corresponding computers of the plurality of computers, and fifth program instructions programmed to send a security alert to a security product; wherein; the set of detection rules enables detection of at least one indicator of a hacking transaction where the indicator of the hacking transaction is as any set of communication(s) from the first computer that tend to indicate that the first computer is engaged in subverting security of the protected resource; and each respective scarecrow message is a customized warning message, the content of which comprises an element that is selected from the group consisting of;
an internet protocol (IP) address associated with the respectively corresponding computer;
a phantom background process; and
a log-in chain associated with the respectively corresponding computer. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A computer system comprising:
-
a processor(s) set; and a computer readable storage medium; wherein; the processor(s) set is structured, located, connected and/or programmed to run program instructions stored on the computer readable storage medium; and the program instructions include; first program instructions programmed to receive information pertaining to network data traffic being communicated between a protected resource that is network accessible and a plurality of computers, including a first computer that is at least partially under the control of a user; second program instructions programmed to determine, by machine logic performed by a machine, and based at least in part on a set of detection rules, and the information, that the plurality of computers are acting in concert to perform a hacking transaction with respect to the protected resource; and in response to determining that the plurality of computers are acting in concert to perform the hacking transaction; third program instructions programmed to generate a plurality of scarecrow messages, respectively corresponding to the plurality of computers, designed for display in human understandable form and format, fourth program instructions programmed to send the plurality of scarecrow messages, through a network communication channel, to the respectively corresponding computers of the plurality of computers, and fifth program instructions programmed to send a security alert to a security product; wherein; the set of detection rules enables detection of at least one indicator of a hacking transaction where the indicator of the hacking transaction is as any set of communication(s) from the first computer that tend to indicate that the first computer is engaged in subverting security of the protected resource; and each respective scarecrow message is a customized warning message, the content of which comprises an element that is selected from the group consisting of;
an internet protocol (IP) address associated with the respectively corresponding computer;
a phantom background process; and
a log-in chain associated with the respectively corresponding computer. - View Dependent Claims (12, 13, 14, 15)
-
Specification