Dynamically configuring a honeypot
First Claim
Patent Images
1. A computer-implemented method, comprising:
- crawling, by a web crawler, one or more webpages to gather information, resulting in gathered information;
generating candidate content based on the gathered information by generating fake notes appearing to be about the gathered information and appearing to tie the gathered information to fake project names assigned to honeypot content deployed by a honeypot;
obtaining, by a honeypot logger, activity log data of one or more hackers that access a portion of the honeypot content;
training a neural network using training data based on the activity log data;
determining a feature vector based on the gathered information and the activity log data;
determining, by the neural network, weights associated with different categories of the candidate content based on the feature vector; and
selecting the honeypot content from the candidate content based on the weights, wherein selecting the honeypot content based on the weights comprises selecting different amounts of the different categories of the candidate content based on the weights.
1 Assignment
0 Petitions
Accused Products
Abstract
A computer-implemented method includes crawling, by a web crawler, one or more webpages to gather information, resulting in gathered information. The computer-implemented method includes obtaining, by a honeypot logger, activity log data of one or more hackers that access a portion of honeypot content deployed by a honeypot. The computer-implemented method includes dynamically configuring, by a machine capable of learning, the honeypot using the activity log data and the gathered information.
16 Citations
17 Claims
-
1. A computer-implemented method, comprising:
-
crawling, by a web crawler, one or more webpages to gather information, resulting in gathered information; generating candidate content based on the gathered information by generating fake notes appearing to be about the gathered information and appearing to tie the gathered information to fake project names assigned to honeypot content deployed by a honeypot; obtaining, by a honeypot logger, activity log data of one or more hackers that access a portion of the honeypot content; training a neural network using training data based on the activity log data; determining a feature vector based on the gathered information and the activity log data; determining, by the neural network, weights associated with different categories of the candidate content based on the feature vector; and selecting the honeypot content from the candidate content based on the weights, wherein selecting the honeypot content based on the weights comprises selecting different amounts of the different categories of the candidate content based on the weights. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system, comprising:
-
a web crawler configured to crawl one or more webpages to gather information, resulting in gathered information; a honeypot logger configured to obtain activity log data of one or more hackers that access a portion of honeypot content deployed by a honeypot; and a honeypot configuration engine coupled to the web crawler and the honeypot logger and configured to; generate candidate content based on the gathered information by generating fake notes appearing to be about the gathered information and appearing to tie the gathered information to fake project names assigned to the honeypot content; train a neural network using training data based on the activity log data; determine a feature vector based on the gathered information and the activity log data; determine, by the neural network, weights associated with different categories of the candidate content based on the feature vector; and select the honeypot content from the candidate content based on the weights, wherein selecting the honeypot content based on the weights comprises selecting different amounts of the different categories of the candidate content based on the weights. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A computer program product comprising a computer readable storage medium having program instructions embodied therewith, wherein the program instructions are executable by a computer to cause the computer to:
-
crawl one or more webpages to gather information, resulting in gathered information; generate candidate content based on the gathered information by generating fake notes appearing to be about the gathered information and appearing to tie the gathered information to fake project names assigned to honeypot content deployed by a honeypot; obtain activity log data of one or more hackers that access a portion of the honeypot content deployed by the honeypot; train a neural network using training data based on the activity log data; determine a feature vector based on the gathered information and the activity log data; determine, by the neural network, weights associated with different categories of the candidate content based on the feature vector; and select the honeypot content from the candidate content based on the weights, wherein selecting the honeypot content based on the weights comprises selecting different amounts of the different categories of the candidate content based on the weights. - View Dependent Claims (15, 16, 17)
-
Specification