System and method for generating fictitious content for a computer
First Claim
1. A method for generating fictitious computer file system content for a computing system configured to provide, to an intruder who has gained or is attempting to gain unauthorized access to a network with which the computing system is associated, a deception environment in which the intruder is allowed to access at least part of the generated fictitious computer file system content to keep the intruder from gaining access to a protected network resource located outside the deception environment, comprising:
- creating a plurality of templates;
providing a collection of data items available to be inserted into the templates;
selecting one or more of said templates; and
for each template selected;
automatically selecting at least one data item from the collection; and
populating the template with the at least one data item from the collection;
wherein for at least one selected template, selecting the at least one data item is based at least in part on the relative probability of occurrence of the at least one data item to make the deception environment more realistic by ensuring that data items occur with the frequency one would expect in a real, non-deception computing environment associated with network; and
intentionally altering at least one populated template to introduce at least one spelling error to make the deception environment appear more realistic by ensuring that at least some of the generated file system content is not entirely free of spelling errors.
12 Assignments
0 Petitions
Accused Products
Abstract
A system and method are disclosed for generating fictitious computer file system content. A template is created. A collection of data items available to be inserted into the template is provided. The template is populated with at least one data item from the collection.
-
Citations
26 Claims
-
1. A method for generating fictitious computer file system content for a computing system configured to provide, to an intruder who has gained or is attempting to gain unauthorized access to a network with which the computing system is associated, a deception environment in which the intruder is allowed to access at least part of the generated fictitious computer file system content to keep the intruder from gaining access to a protected network resource located outside the deception environment, comprising:
-
creating a plurality of templates; providing a collection of data items available to be inserted into the templates; selecting one or more of said templates; and for each template selected; automatically selecting at least one data item from the collection; and populating the template with the at least one data item from the collection; wherein for at least one selected template, selecting the at least one data item is based at least in part on the relative probability of occurrence of the at least one data item to make the deception environment more realistic by ensuring that data items occur with the frequency one would expect in a real, non-deception computing environment associated with network; and intentionally altering at least one populated template to introduce at least one spelling error to make the deception environment appear more realistic by ensuring that at least some of the generated file system content is not entirely free of spelling errors. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 21, 22, 23, 24)
-
-
19. A system for generating fictitious computer file system content for a computing system configured to provide, to an intruder who has gained or is attempting to gain unauthorized access to a network with which the computing system is associated, a deception environment in which the intruder is allowed to access at least part of the generated fictitious computer file system content to keep the intruder from gaining access to a protected network resource located outside the deception environment, comprising:
-
a computer configured to; select one or more of a plurality of templates; and for each template selected; automatically select at least one data item from a collection of data items available to be inserted into the template; and populate the template with the at least one data item from the collection; and a database configured to store the collection; wherein for at least one selected template, selecting the at least one data item is based at least in part on the relative probability of occurrence of the at least one data item to make the deception environment more realistic by ensuring that data items occur with the frequency one would expect in a real, non-deception computing environment associated with network; wherein the computer is further configured to intentionally alter at least one populated template to introduce at least one spelling error to make the deception environment appear more realistic by ensuring that at least some of the generated file system content is not entirely free of spelling errors.
-
-
20. A computer program product for generating fictitious file system content for a computer for a computing system configured to provide, to an intruder who has gained or is attempting to gain unauthorized access to a network with which the computing system is associated, a deception environment in which the intruder is allowed to access at least part of the generated fictitious computer file system content to keep the intruder from gaining access to a protected network resource located outside the deception environment, the computer program product being embodied in a computer readable medium and comprising computer instructions for:
-
selecting one or more of a plurality of templates; and for each template selected; automatically selecting at least one data item from a collection of data items available to be inserted into the template; and populating the template with the at least one data item from the collection; wherein for at least one selected template, selecting the at least one data item is based at least in part on the relative probability of occurrence of the at least one data item to make the deception environment more realistic by ensuring that data items occur with the frequency one would expect in a real, non-deception computing environment associated with network; and intentionally altering at least one populated template to introduce at least one spelling error to make the deception environment appear more realistic by ensuring that at least some of the generated file system content is not entirely free of spelling errors.
-
-
25. A method for generating fictitious computer file system content for a computing system configured to provide, to an intruder who has gained or is attempting to gain unauthorized access to a network with which the computing system is associated, a deception environment in which the intruder is allowed to access at least part of the generated fictitious computer file system content to keep the intruder from gaining access to a protected network resource located outside the deception environment, comprising:
-
creating a plurality of templates; providing a collection of data items available to be inserted into the templates; selecting one or more of said templates; and for each template selected; automatically selecting at least one data item from the collection; and populating the template with the at least one data item from the collection; wherein for at least one selected template, selecting the at least one data item is based at least in part on the relative probability of occurrence of the at least one data item to make the deception environment more realistic by ensuring that data items occur with the frequency one would expect in a real, non-deception computing environment associated with network; and intentionally including at least one spelling error in at least one template to make the deception environment appear more realistic by ensuring that at least some of the generated file system content is not entirely free of spelling errors.
-
-
26. A method for generating fictitious computer file system content for a computing system configured to provide, to an intruder who has gained or is attempting to gain unauthorized access to a network with which the computing system is associated, a deception environment in which the intruder is allowed to access at least part of the generated fictitious computer file system content to keep the intruder from gaining access to a protected network resource located outside the deception environment, comprising:
-
creating a plurality of templates; providing a collection of data items available to be inserted into the templates; selecting one or more of said templates; and for each template selected; automatically selecting at least one data item from the collection; and populating the template with the at least one data item from the collection; wherein for at least one selected template, selecting the at least one data item is based at least in part on the relative probability of occurrence of the at least one data item to make the deception environment more realistic by ensuring that data items occur with the frequency one would expect in a real, non-deception computing environment associated with network; and intentionally introducing at least one grammatical error into at least one populated template to make the deception environment appear more realistic by ensuring that at least some of the generated file system content is not entirely free of grammatical errors.
-
Specification