User-customized deceptions and their deployment in networks

US 10,382,483 B1
Filed: 08/02/2018
Issued: 08/13/2019
Est. Priority Date: 08/02/2018
Status: Active Grant

First Claim

Patent Images

1. A system for generating and deploying custom deceptions for a network, comprising:

an administrator computer for generating custom deception entities (CDEs), each CDE comprising parameters including inter alia (i) a type of entity, (ii) conditions for deployment of the CDE, and (iii) a deception type; and

a management server, comprising;

an application programming interface (API) for use by said administrator computer to generate CDEs through a medium of a formal language for specifying deceptions, the formal language comprising keyword placeholders for servers, usernames and passwords; and

a translator for translating formal language CDEs to deceptions that are installable in network endpoint computers, comprising replacing the keyword placeholders for servers, usernames and passwords with actual server names, usernames and passwords,wherein said management computer receives a request from a network endpoint computer to retrieve CDEs, selects CDEs that are relevant to the requesting network endpoint computer based on the parameters of the CDE, translates the selected CDEs to installable deceptions, and transmits the installable deceptions to the network endpoint computer for installation thereon.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for generating and deploying custom deceptions for a network, including an administrator computer for generating custom deception entities (CDEs), each CDE including parameters including inter alia (i) a type of entity, (ii) conditions for deployment of the CDE, and (iii) a deception type, and a management server, comprising an application programming interface for use by the administrator computer to generate CDEs through the medium of a formal language for specifying deceptions, and a translator for translating formal language CDEs to deceptions that are installable in network endpoint computers, wherein the management computer receives a request from a network endpoint computer to retrieve CDEs, selects CDEs that are relevant to the requesting network endpoint computer based on the parameters of the CDE, translates the requested CDEs to installable deceptions, and transmits the installable deceptions to the network endpoint computer for installation thereon.

Citations

8 Claims

1. A system for generating and deploying custom deceptions for a network, comprising:
- an administrator computer for generating custom deception entities (CDEs), each CDE comprising parameters including inter alia (i) a type of entity, (ii) conditions for deployment of the CDE, and (iii) a deception type; and
  
  a management server, comprising;
  
  an application programming interface (API) for use by said administrator computer to generate CDEs through a medium of a formal language for specifying deceptions, the formal language comprising keyword placeholders for servers, usernames and passwords; and
  
  a translator for translating formal language CDEs to deceptions that are installable in network endpoint computers, comprising replacing the keyword placeholders for servers, usernames and passwords with actual server names, usernames and passwords,wherein said management computer receives a request from a network endpoint computer to retrieve CDEs, selects CDEs that are relevant to the requesting network endpoint computer based on the parameters of the CDE, translates the selected CDEs to installable deceptions, and transmits the installable deceptions to the network endpoint computer for installation thereon.
- View Dependent Claims (2, 3, 4)
- - 2. The system of claim 1 wherein said management server further comprises:
    - a policy manager for selecting a deception policy and enforcing it; and
      
      a deployer for planting deceptions in endpoint computers of the network in accordance with the selected deception policy.
  - 3. The system of claim 1 wherein said management server further comprises a forensic application for transmission to a network endpoint computer on which a CDE is installed when an attacker who has breached the network endpoint computer attempts to access the CDE, in order to collect forensics of the attacker'"'"'s activities.
  - 4. The system of claim 1 wherein said management server receives a request from said administration computer to delete designated CDEs, in response to which said management server deletes the designated CDEs from its storage.

5. A method performed by a management server of a network for generating and deploying custom deceptions for the network, comprising:
- providing an application programming interface for generating custom deception entities (CDEs) through a medium of a formal language for specifying deceptions, the formal language comprising keyword placeholders for servers, usernames and passwords, each CDE comprising parameters including inter alia (i) a type of entity, (ii) conditions for deployment of the CDE, and (iii) a deception type;
  
  receiving a request from a network endpoint computer to retrieve CDEs;
  
  selecting CDEs that are relevant to the requesting network endpoint computer based on the parameters of the CDE;
  
  translating the selected CDEs from their formal language description to installable deceptions, comprising replacing the keyword placeholders for servers, usernames and passwords with actual server names, usernames and passwords; and
  
  transmitting the installable deceptions to the network endpoint computer for installation thereon.
- View Dependent Claims (6, 7, 8)
- - 6. The method of claim 5 further comprising:
    - selecting a deception policy; and
      
      planting deceptions in endpoint computers of the network in accordance with the selected deception policy.
  - 7. The method of claim 5 further comprising transmitting a forensic application to a network endpoint computer on which a CDE is installed when an attacker who has breached the network endpoint computer attempts to access the CDE, in order to collect forensics of the attacker'"'"'s activities.
  - 8. The method of claim 5 further comprising:
    - further receiving a request to delete designated CDEs; and
      
      in response to said further receiving a request, deleting the designated CDEs from its storage.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
illusive networks LTD.
Original Assignee
illusive networks LTD.
Inventors
Kafri, Alon, Kahana, Tom, Margulis, Shani, Sela, Tom, Ben-Shushan, Dolev, Shamul, Tomer
Primary Examiner(s)
Zhao, Don G

Application Number

US16/053,773
Time in Patent Office

376 Days
Field of Search
US Class Current
CPC Class Codes

G06F 8/61   Installation

G06F 9/54   Interprogram communication

G06F 9/541   via adapters, e.g. between ...

H04L 63/1491   using deception as counterm...

H04L 63/20   for managing network securi...

User-customized deceptions and their deployment in networks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

User-customized deceptions and their deployment in networks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links