Systems and methods for creating a deception computing system
First Claim
1. A computer-implemented method for creating a deception computing system, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- identifying, by the computing device, a dataset of security alert signatures from a set of client devices;
determining, by the computing device, a set of software vulnerabilities based on the dataset of security alert signatures;
clustering, by the computing device, the set of software vulnerabilities to increase a length of at least one potential attack path within a predetermined number of honeypot machines; and
distributing, by the computing device, a set of vulnerable software among a set of honeypot machines within a honeynet by, for each honeypot machine, assigning a distribution of vulnerable software to the honeypot machine based on a cluster of software vulnerabilities.
2 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented method for creating a deception computing system may include (i) identifying, by a computing device, a dataset of security alert signatures from a set of client devices, (ii) determining, by the computing device, a set of software vulnerabilities based on the dataset of security alert signatures, (iii) clustering, by the computing device, the set of software vulnerabilities to increase a length of at least one potential attack path within a predetermined number of honeypot machines, and (iv) distributing, by the computing device and based on clusters of software vulnerabilities, a set of vulnerable software among a set of honeypot machines within a honeynet. Various other methods, systems, and computer-readable media are also disclosed.
-
Citations
20 Claims
-
1. A computer-implemented method for creating a deception computing system, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
-
identifying, by the computing device, a dataset of security alert signatures from a set of client devices; determining, by the computing device, a set of software vulnerabilities based on the dataset of security alert signatures; clustering, by the computing device, the set of software vulnerabilities to increase a length of at least one potential attack path within a predetermined number of honeypot machines; and distributing, by the computing device, a set of vulnerable software among a set of honeypot machines within a honeynet by, for each honeypot machine, assigning a distribution of vulnerable software to the honeypot machine based on a cluster of software vulnerabilities. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for creating a deception computing system, the system comprising:
-
an identification module, stored in memory, that identifies, by a computing device, a dataset of security alert signatures from a set of client devices; a determination module, stored in memory, that determines, by the computing device, a set of software vulnerabilities based on the dataset of security alert signatures; a clustering module, stored in memory, that clusters, by the computing device, the set of software vulnerabilities to increase a length of at least one potential attack path within a predetermined number of honeypot machines; a distribution module, stored in memory, that distributes, by the computing device, a set of vulnerable software among a set of honeypot machines within a honeynet by, for each honeypot machine, assigning a distribution of vulnerable software to the honeypot machine based on a cluster of software vulnerabilities; and at least one processor that executes the identification module, the determination module, the clustering module, and the distribution module. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer-readable medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
-
identify, by the computing device, a dataset of security alert signatures from a set of client devices; determine, by the computing device, a set of software vulnerabilities based on the dataset of security alert signatures; cluster, by the computing device, the set of software vulnerabilities to increase a length of at least one potential attack path within a predetermined number of honeypot machines; and distribute, by the computing device, a set of vulnerable software among a set of honeypot machines within a honeynet by, for each honeypot machine, assigning a distribution of vulnerable software to the honeypot machine based on a cluster of software vulnerabilities. - View Dependent Claims (18, 19, 20)
-
Specification