Deception using screen capture
First Claim
1. A system, comprising:
- a microprocessor; and
a memory that stores executable instructions that, when executed by the processor, facilitate performance of operations, comprising;
receiving request data indicative of a request for media data that is being presented via an output interface of the system; and
in response to determining, based on an analysis of the request data, that the request data does not satisfy a defined access criterion,embedding deception data into the media data to generate modified media data, wherein the media data is a screenshot image, andemploying the modified media data to respond to the request.
1 Assignment
0 Petitions
Accused Products
Abstract
Multiple deception techniques utilized to mislead malicious entities that attempt to gather information associated with a computing device are implemented by changing a single result. In one aspect, requests for screen captures are intercepted and it is determined whether the requests are triggered due to user interaction (e.g., pressing a button and/or key) and/or received from an authorized application/device. If determined that the requests are not triggered due to user interaction and/or are received from an unauthorized application/device, a response comprising one of several pre-prepared or dynamically generated screen captures that are embedded (and/or appended) with misleading information (e.g., fake credentials, fake documents marked as important/hidden, etc.) is generated. Applications that attempt to utilize the misleading information can be flagged as malware.
31 Citations
20 Claims
-
1. A system, comprising:
-
a microprocessor; and a memory that stores executable instructions that, when executed by the processor, facilitate performance of operations, comprising; receiving request data indicative of a request for media data that is being presented via an output interface of the system; and in response to determining, based on an analysis of the request data, that the request data does not satisfy a defined access criterion, embedding deception data into the media data to generate modified media data, wherein the media data is a screenshot image, and employing the modified media data to respond to the request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method, comprising:
-
intercepting, by a system comprising a processor, a request for display data that is being presented via an output interface of the system; and in response to determining that the request does not satisfy a defined access criterion, modifying, by the system, the display data, wherein the modifying comprises adding deception data to the display data to generate modified display data that is to be employed to respond to the request, wherein the display data is a screenshot image of information presented via a screen associated with the system. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A non-transitory machine-readable storage medium, comprising executable instructions that, when executed by a processor, facilitate performance of operations, comprising:
-
in response to determining that command data, indicative of an instruction to provide content that has been presented via an output interface of a device, has been received, analyzing the command data, wherein the content is a screenshot image of information presented via a screen associated with the device; and in response to determining that the command data does not satisfy a defined access criterion, providing an altered version of the content, wherein the altered version of the content comprises deception data that has been added the content. - View Dependent Claims (19, 20)
-
Specification