SYSTEMS, METHODS, AND MEDIA FOR GENERATING BAIT INFORMATION FOR TRAP-BASED DEFENSES

US 20160277444A1
Filed: 05/16/2016
Published: 09/22/2016
Est. Priority Date: 05/31/2006
Status: Abandoned Application

First Claim

Patent Images

1. A method for detecting unauthorized activities, comprising:

recording, using a hardware processor, data sent over a network;

generating, using the hardware processor, a bait email message based on the data sent over the network that references a name of a bait document and a location where the bait document is stored;

sending the bait email message from a first decoy account to a second decoy account;

monitoring the bait document to detect whether the bait document has been accessed; and

in response to detecting that the bait document has been accessed, indicating that the security of at least one of the first decoy account and the second decoy account have been compromised.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, and media for generating bait information for trap-based defenses are provided. In some embodiments, methods for generating bait information for trap-based defenses include: recording historical information of a network; translating the historical information; and generating bait information by tailoring the translated historical information.

16 Citations

View as Search Results

18 Claims

1. A method for detecting unauthorized activities, comprising:
- recording, using a hardware processor, data sent over a network;
  
  generating, using the hardware processor, a bait email message based on the data sent over the network that references a name of a bait document and a location where the bait document is stored;
  
  sending the bait email message from a first decoy account to a second decoy account;
  
  monitoring the bait document to detect whether the bait document has been accessed; and
  
  in response to detecting that the bait document has been accessed, indicating that the security of at least one of the first decoy account and the second decoy account have been compromised.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the email message indicates that the bait document contains confidential information.
  - 3. The method of claim 1, wherein the data sent over the network comprises the content of a plurality of email messages sent over the network.
  - 4. The method of claim 3, wherein generating the bait email message comprises replacing a portion of one of the plurality of email messages sent over the network with altered data.
  - 5. The method of claim 4, wherein the altered data includes at least one of:
    - a date;
      
      a username;
      
      a password;
      
      a keyword;
      
      a geographical location; and
      
      a name.
  - 6. The method of claim 1, wherein generating the bait email message comprises causing a surrogate user bot (SUB) that uses virtualized keyboard and mouse drivers to provide inputs to write the bait email message.

7. A system for detecting unauthorized activities, comprising:
- a hardware processor that is programmed to;
  
  record data sent over a network;
  
  generate a bait email message based on the data sent over the network that references a name of a bait document and a location where the bait document is stored;
  
  send the bait email message from a first decoy account to a second decoy account;
  
  monitor the bait document to detect whether the bait document has been accessed; and
  
  in response to detecting that the bait document has been accessed, indicate that the security of at least one of the first decoy account and the second decoy account have been compromised.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, wherein the email message indicates that the bait document contains confidential information.
  - 9. The system of claim 7, wherein the data sent over the network comprises the content of a plurality of email messages sent over the network.
  - 10. The system of claim 9, wherein the hardware processor is further programmed to replace a portion of one of the plurality of email messages sent over the network with altered data.
  - 11. The system of claim 10, wherein the altered data includes at least one of:
    - a date;
      
      a username;
      
      a password;
      
      a keyword;
      
      a geographical location; and
      
      a name.
  - 12. The system of claim 7, wherein the hardware processor is further programmed to cause a surrogate user bot (SUB) that uses virtualized keyboard and mouse drivers to provide inputs to write the bait email message.

13. A non-transitory computer-readable medium containing computer-executable instructions that, when executed by a processor, causes the processor to perform a method for detecting unauthorized activities, the method comprising:
- recording data sent over a network;
  
  generating a bait email message based on the data sent over the network that references a name of a bait document and a location where the bait document is stored;
  
  sending the bait email message from a first decoy account to a second decoy account;
  
  monitoring the bait document to detect whether the bait document has been accessed; and
  
  in response to detecting that the bait document has been accessed, indicating that the security of at least one of the first decoy account and the second decoy account have been compromised.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The non-transitory computer-readable medium of claim 13, wherein the email message indicates that the bait document contains confidential information.
  - 15. The non-transitory computer-readable medium of claim 13, wherein the data sent over the network comprises the content of a plurality of email messages sent over the network.
  - 16. The non-transitory computer-readable medium of claim 15, wherein generating the bait email message comprises replacing a portion of one of the plurality of email messages sent over the network with altered data.
  - 17. The non-transitory computer-readable medium of claim 16, wherein the altered data includes at least one of:
    - a date;
      
      a username;
      
      a password;
      
      a keyword;
      
      a geographical location; and
      
      a name.
  - 18. The non-transitory computer-readable medium of claim 13, wherein generating the bait email message comprises causing a surrogate user bot (SUB) that uses virtualized keyboard and mouse drivers to provide inputs to write the bait email message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trustees Of Columbia University In The City Of New York (Columbia University)
Original Assignee
Trustees Of Columbia University In The City Of New York (Columbia University)
Inventors
Keromytis, Angelos D., Stolfo, Salvatore J.

Application Number

US15/155,790
Publication Number

US 20160277444A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 43/0876   Network utilisation, e.g. v...

H04L 51/42   Mailbox-related aspects, e....

H04L 63/1408   by monitoring network traff...

H04L 63/145   the attack involving the pr...

H04L 63/1491   using deception as counterm...

SYSTEMS, METHODS, AND MEDIA FOR GENERATING BAIT INFORMATION FOR TRAP-BASED DEFENSES

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

16 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS, METHODS, AND MEDIA FOR GENERATING BAIT INFORMATION FOR TRAP-BASED DEFENSES

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links