ALTERNATE FILES RETURNED FOR SUSPICIOUS PROCESSES IN A COMPROMISED COMPUTER NETWORK
First Claim
1. A method of obscuring computer files from hackers in a computer, the method comprising:
- monitoring read requests to a file system of a computer operating system;
intercepting, at a software filter, a first read request for a first file before the first read request reaches the file system;
ascertaining a file attribute of the first file to which the first read request is directed;
identifying a process executable that posted the first read request;
determining a security rating of the process executable;
comparing the security rating to a threshold;
revising, at the software filter, the first read request into a second read request, the revising based on the file attribute of the first file and the comparison; and
sending the second read request to the file system.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems are presented of presenting false and/or decoy content to an intruder operating on a computer system by obfuscating critical files on a computer storage device with data that directs subsequent infiltration and propagation to designated decoy hosts and decoy applications.
Method and systems are provided for selectively presenting different contents to different viewers/users of application resource files for the purpose of preventing the valuable content from being read, tampered with, exfiltrated, or used as a means to perform subsequent attacks on network resources.
-
Citations
12 Claims
-
1. A method of obscuring computer files from hackers in a computer, the method comprising:
-
monitoring read requests to a file system of a computer operating system; intercepting, at a software filter, a first read request for a first file before the first read request reaches the file system; ascertaining a file attribute of the first file to which the first read request is directed; identifying a process executable that posted the first read request; determining a security rating of the process executable; comparing the security rating to a threshold; revising, at the software filter, the first read request into a second read request, the revising based on the file attribute of the first file and the comparison; and sending the second read request to the file system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of obscuring registry entries from hackers in a computer, the method comprising:
-
monitoring read requests to a registry system of a computer operating system; intercepting, at a software filter, a read request for a registry entry before the request reaches the registry system; ascertaining an attribute of the registry entry to which the read request is directed; identifying a process executable that posted the read request; determining a security rating of the process executable; comparing the security rating to a threshold; and revising, at the software filter, the read request based on the attribute and the comparison. - View Dependent Claims (12)
-
Specification