Method and apparatus for providing mobile honeypots
First Claim
Patent Images
1. A method of detecting an originator of traffic of interest, comprising:
- establishing a honeypot in a first autonomous system controlled by a first network administrator, wherein the establishing the honeypot comprises;
establishing in the first autonomous system a dark prefix associated with a destination;
advertising the dark prefix; and
collecting data associated with the traffic of interest received by the destination; and
communicating to a network of friendly autonomous systems information that the dark prefix is associated with the honeypot, wherein the information is dynamically shared with the network of friendly autonomous systems, wherein the network of friendly autonomous systems comprises a second autonomous system that is controlled by a second network administrator that is different from the first network administrator.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus for detecting an originator of traffic of interest is provided. One or more honeypots are established. Mobility is then provided to the one or more honeypots. In one embodiment, mobility is provided by communicating information associated with one or more dark prefixes. In another embodiment, mobility is provided by varying information related to the one or more dark prefixes.
-
Citations
15 Claims
-
1. A method of detecting an originator of traffic of interest, comprising:
-
establishing a honeypot in a first autonomous system controlled by a first network administrator, wherein the establishing the honeypot comprises; establishing in the first autonomous system a dark prefix associated with a destination; advertising the dark prefix; and collecting data associated with the traffic of interest received by the destination; and communicating to a network of friendly autonomous systems information that the dark prefix is associated with the honeypot, wherein the information is dynamically shared with the network of friendly autonomous systems, wherein the network of friendly autonomous systems comprises a second autonomous system that is controlled by a second network administrator that is different from the first network administrator. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 14, 15)
-
-
10. A non-transitory computer-readable medium having stored thereon a plurality of instructions, the plurality of instructions including instructions which, when executed by a processor, cause the processor to perform a method of detecting an originator of traffic of interest, comprising:
-
establishing a honeypot in a first autonomous system controlled by a first network administrator, wherein the establishing the honeypot comprises; establishing in the first autonomous system a dark prefix associated with a destination; advertising the dark prefix; and collecting data associated with the traffic of interest received by the destination; and communicate to a network of friendly autonomous systems information that the dark prefix is associated with the honeypot, wherein the information is dynamically shared with the network of friendly autonomous systems, wherein the network of friendly autonomous systems comprises a second autonomous system that is controlled by a second network administrator that is different from the first network administrator.
-
-
11. An apparatus for detecting an originator of traffic of interest, comprising:
a processor configured to; establish a honeypot in a first autonomous system controlled by a first network administrator by; establishing in the first autonomous system a dark prefix associated with a destination; advertising the dark prefix; and collecting data associated with the traffic of interest received by the destination; and communicating to a network of friendly autonomous systems that the dark prefix is associated with the honeypot, wherein the information is dynamically shared with the network of friendly autonomous systems, wherein the network of friendly autonomous systems comprises a second autonomous system that is controlled by a second network administrator that is different from the first network administrator.
Specification