NETWORK ATTACK DETECTION AND PREVENTION BASED ON EMULATION OF SERVER RESPONSE AND VIRTUAL SERVER CLONING
First Claim
Patent Images
1. A method, comprising:
- in a computer network, receiving a service request directed to an unauthorized access point; and
providing a decoy response.
1 Assignment
0 Petitions
Accused Products
Abstract
Network attacks can be evaluated to determine typical responses provided by networks configured to provide services. Typically, service requests directed to a selected address are associated with data or a data streams responsive to requests to selected addresses. These responses are used to define scripts that can be executed by decoy nodes responsive to service requests at the selected addresses. Receipt of a request for services at an unused IP address and port number can trigger playback of the associated script, typically as a data stream mimicking that produced by an operational network.
-
Citations
25 Claims
-
1. A method, comprising:
-
in a computer network, receiving a service request directed to an unauthorized access point; and providing a decoy response. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
- 9. A computing device, comprising a processor configured to implement a plurality of decoy nodes based on computer executable instructions stored in a computer storage device, wherein each of the decoy nodes is associated with a response script based on a decoy node address.
-
13. A method, comprising:
-
establishing a data sequence associated with a response to a request for services; and defining a response script based on the established data sequence. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
20. A computing system, comprising at least one computing device configured to execute computer readable instructions to:
-
determine a data sequence associated with a request for services directed to a selected network address; and based on the determined data sequence, define a decoy script responsive to corresponding requests for service. - View Dependent Claims (21, 22, 23)
-
-
24. A computing device, configured to execute computer executable instructions to:
-
scan at least a plurality of network nodes and record scan responses; associate a plurality of response data streams with scan requests directed to corresponding nodes; based on the response data streams, define decoy responses associated with corresponding nodes; and activate decoy nodes configured to provide corresponding decoy responses. - View Dependent Claims (25)
-
Specification