System and method for generating fictitious content for a computer

US 7,117,532 B1
Filed: 07/14/2000
Issued: 10/03/2006
Est. Priority Date: 07/14/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method for generating fictitious computer file system content for a computing system configured to provide, to an intruder who has gained or is attempting to gain unauthorized access to a network with which the computing system is associated, a deception environment in which the intruder is allowed to access at least part of the generated fictitious computer file system content to keep the intruder from gaining access to a protected network resource located outside the deception environment, comprising:

creating a plurality of templates;

providing a collection of data items available to be inserted into the templates;

selecting one or more of said templates; and

for each template selected;

automatically selecting at least one data item from the collection; and

populating the template with the at least one data item from the collection;

wherein for at least one selected template, selecting the at least one data item is based at least in part on the relative probability of occurrence of the at least one data item to make the deception environment more realistic by ensuring that data items occur with the frequency one would expect in a real, non-deception computing environment associated with network; and

intentionally altering at least one populated template to introduce at least one spelling error to make the deception environment appear more realistic by ensuring that at least some of the generated file system content is not entirely free of spelling errors.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method are disclosed for generating fictitious computer file system content. A template is created. A collection of data items available to be inserted into the template is provided. The template is populated with at least one data item from the collection.

Citations

26 Claims

1. A method for generating fictitious computer file system content for a computing system configured to provide, to an intruder who has gained or is attempting to gain unauthorized access to a network with which the computing system is associated, a deception environment in which the intruder is allowed to access at least part of the generated fictitious computer file system content to keep the intruder from gaining access to a protected network resource located outside the deception environment, comprising:
- creating a plurality of templates;
  
  providing a collection of data items available to be inserted into the templates;
  
  selecting one or more of said templates; and
  
  for each template selected;
  
  automatically selecting at least one data item from the collection; and
  
  populating the template with the at least one data item from the collection;
  
  wherein for at least one selected template, selecting the at least one data item is based at least in part on the relative probability of occurrence of the at least one data item to make the deception environment more realistic by ensuring that data items occur with the frequency one would expect in a real, non-deception computing environment associated with network; and
  
  intentionally altering at least one populated template to introduce at least one spelling error to make the deception environment appear more realistic by ensuring that at least some of the generated file system content is not entirely free of spelling errors.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 21, 22, 23, 24)
- - 2. The method of claim 1 wherein the collection of data items comprises one or more names.
  - 3. The method of claim 1 wherein the collection of data items comprises one or more dates.
  - 4. The method of claim 1 wherein at least one template is an e-mail message requiring at least one item of data to be complete.
  - 5. The method of claim 1 wherein at least one template is a word processing document requiring at least one item of data to be complete.
  - 6. The method of claim 1 wherein at least one template is a spreadsheet requiring at least one item of data to be complete.
  - 7. The method of claim 1 wherein for at least one selected template the step of populating comprises receiving a number from a random number generator.
  - 8. The method of claim 7 wherein the random number generator is a pseudo random number generator.
  - 9. The method of claim 8 wherein the pseudo random number generator employs a unique key to generate numbers.
  - 10. The method of claim 1 wherein for at least one selected template the step of populating comprises correlating a random number to an item of data in the collection.
  - 11. The method of claim 1 wherein for at least one selected template the step of populating comprises inserting an item of data into the template.
  - 12. The method of claim 1 further comprising intentionally including at least one spelling error in at least one template to make the deception environment appear more realistic by ensuring that at least some of the generated file system content is not entirely free of spelling errors.
  - 13. The method of claim 1 wherein a random number is used to determine what the at least spelling error will be.
  - 14. The method of claim 1 further comprising intentionally introducing at least one grammatical error into at least one populated template to make the deception environment appear more realistic by ensuring that at least some of the generated file system content is not entirely free of grammatical errors.
  - 15. The method of claim 1 wherein for at least one selected template, selecting the at least one data item is a function of (1) a random number and (2) the relative probability of occurrence of the at least one data item.
  - 16. The method of claim 15 wherein a pseudo random number generator provides the random number.
  - 17. The method of claim 1, further comprising associating a probability of occurrence with each template and wherein selecting one or more of said templates is based at least in part on the associated probability of occurrence.
  - 18. The method of claim 1 wherein at least one template requires that at least two items of data be compatible with one another.
  - 21. The method of claim 1, wherein the collection includes at least one data item that is not fictitious.
  - 22. The method of claim 1, wherein the deception environment is on a server.
  - 23. The method of claim 1, wherein the deception environment is on a PC.
  - 24. The method of claim 1, wherein the deception environment is part of a trap system.

19. A system for generating fictitious computer file system content for a computing system configured to provide, to an intruder who has gained or is attempting to gain unauthorized access to a network with which the computing system is associated, a deception environment in which the intruder is allowed to access at least part of the generated fictitious computer file system content to keep the intruder from gaining access to a protected network resource located outside the deception environment, comprising:
- a computer configured to;
  
  select one or more of a plurality of templates; and
  
  for each template selected;
  
  automatically select at least one data item from a collection of data items available to be inserted into the template; and
  
  populate the template with the at least one data item from the collection; and
  
  a database configured to store the collection;
  
  wherein for at least one selected template, selecting the at least one data item is based at least in part on the relative probability of occurrence of the at least one data item to make the deception environment more realistic by ensuring that data items occur with the frequency one would expect in a real, non-deception computing environment associated with network;
  
  wherein the computer is further configured to intentionally alter at least one populated template to introduce at least one spelling error to make the deception environment appear more realistic by ensuring that at least some of the generated file system content is not entirely free of spelling errors.

20. A computer program product for generating fictitious file system content for a computer for a computing system configured to provide, to an intruder who has gained or is attempting to gain unauthorized access to a network with which the computing system is associated, a deception environment in which the intruder is allowed to access at least part of the generated fictitious computer file system content to keep the intruder from gaining access to a protected network resource located outside the deception environment, the computer program product being embodied in a computer readable medium and comprising computer instructions for:
- selecting one or more of a plurality of templates; and
  
  for each template selected;
  
  automatically selecting at least one data item from a collection of data items available to be inserted into the template; and
  
  populating the template with the at least one data item from the collection;
  
  wherein for at least one selected template, selecting the at least one data item is based at least in part on the relative probability of occurrence of the at least one data item to make the deception environment more realistic by ensuring that data items occur with the frequency one would expect in a real, non-deception computing environment associated with network; and
  
  intentionally altering at least one populated template to introduce at least one spelling error to make the deception environment appear more realistic by ensuring that at least some of the generated file system content is not entirely free of spelling errors.

25. A method for generating fictitious computer file system content for a computing system configured to provide, to an intruder who has gained or is attempting to gain unauthorized access to a network with which the computing system is associated, a deception environment in which the intruder is allowed to access at least part of the generated fictitious computer file system content to keep the intruder from gaining access to a protected network resource located outside the deception environment, comprising:
- creating a plurality of templates;
  
  providing a collection of data items available to be inserted into the templates;
  
  selecting one or more of said templates; and
  
  for each template selected;
  
  automatically selecting at least one data item from the collection; and
  
  populating the template with the at least one data item from the collection;
  
  wherein for at least one selected template, selecting the at least one data item is based at least in part on the relative probability of occurrence of the at least one data item to make the deception environment more realistic by ensuring that data items occur with the frequency one would expect in a real, non-deception computing environment associated with network; and
  
  intentionally including at least one spelling error in at least one template to make the deception environment appear more realistic by ensuring that at least some of the generated file system content is not entirely free of spelling errors.

26. A method for generating fictitious computer file system content for a computing system configured to provide, to an intruder who has gained or is attempting to gain unauthorized access to a network with which the computing system is associated, a deception environment in which the intruder is allowed to access at least part of the generated fictitious computer file system content to keep the intruder from gaining access to a protected network resource located outside the deception environment, comprising:
- creating a plurality of templates;
  
  providing a collection of data items available to be inserted into the templates;
  
  selecting one or more of said templates; and
  
  for each template selected;
  
  automatically selecting at least one data item from the collection; and
  
  populating the template with the at least one data item from the collection;
  
  wherein for at least one selected template, selecting the at least one data item is based at least in part on the relative probability of occurrence of the at least one data item to make the deception environment more realistic by ensuring that data items occur with the frequency one would expect in a real, non-deception computing environment associated with network; and
  
  intentionally introducing at least one grammatical error into at least one populated template to make the deception environment appear more realistic by ensuring that at least some of the generated file system content is not entirely free of grammatical errors.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Gen Digital Inc.
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Lyle, Michael P., Ross, Robert F., Maricondo, James R.
Primary Examiner(s)
Sheikh, Ayaz R.
Assistant Examiner(s)
ZIA, SYED

Application Number

US09/616,805
Time in Patent Office

2,272 Days
Field of Search

713/200, 726/2, 726/3, 726/22, 726/23, 726/26, 726/27
US Class Current

726/23
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2127   Bluffing

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1441   Countermeasures against mal...

H04L 63/1491   using deception as counterm...

System and method for generating fictitious content for a computer

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for generating fictitious content for a computer

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links