SYSTEM AND METHOD FOR DIRECTING MALICOUS ACTIVITY TO A MONITORING SYSTEM
First Claim
1. A method comprising:
- transmitting, by a server system, to a client device a record with an instruction to store the record in a cache of the client device, the record mimicking data recording access of a service on the server system by the client device and not corresponding to any actual access of the service on the server system by the client device;
receiving, from a malicious module that has accessed the record and is executing on one of the client device and a different computing device, accessing of the service using data contained in the record;
monitoring, by the server system, activities of the malicious module with respect to the server system; and
characterizing, by the server system, the malicious module according to the monitoring of the activities of the malicious module.
3 Assignments
0 Petitions
Accused Products
Abstract
A system of client devices and a server system implementing services makes use of credentials to facilitate authentication of the client devices with the server and generates log entries for different accesses to the server system. A monitoring system places credentials and log entries referencing the monitoring system with the credentials and log entries on the client devices without any authentication or actual access attempts by the client devices to the monitoring system. Unauthorized access to the client devices may result in the credentials and log entries to the monitoring system being accessed and used to access the monitoring system. Attempts to exploit the monitoring system using the credentials and log entries is contained within the monitoring system and data is collected to characterize malicious code attempting to exploit the monitoring system. The data is then used to prevent attacks and detect compromised client devices and server systems.
-
Citations
20 Claims
-
1. A method comprising:
-
transmitting, by a server system, to a client device a record with an instruction to store the record in a cache of the client device, the record mimicking data recording access of a service on the server system by the client device and not corresponding to any actual access of the service on the server system by the client device; receiving, from a malicious module that has accessed the record and is executing on one of the client device and a different computing device, accessing of the service using data contained in the record; monitoring, by the server system, activities of the malicious module with respect to the server system; and characterizing, by the server system, the malicious module according to the monitoring of the activities of the malicious module. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method comprising:
-
accessing, by a client device, a service on a first server system; recording, by the client device in a memory device operably coupled thereto, a first record of the accessing of the service on the first server, the first record including an identifier of the first server system and a first description of the accessing of the service; receiving, by the client device, a second record referencing a second server system and a second description mimicking the first description, the second server system implementing services and monitoring functions operable to gather data with respect to unauthorized code accessing the second server system; recording, by the client device, the second record in the memory device; accessing, by the client device using a malicious code module one of accessing and executing on the client device, the second record; accessing, by the malicious code module executing on one of the client device and another device, the second server system using data contained in the second record; monitoring, by the second server, activities of the malicious module with respect to the second server; and characterizing, by the second server system, the malicious module according to the monitoring of the activities of the malicious module. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification