Multilayered deception for intrusion detection and prevention
First Claim
Patent Images
1. A method comprising:
- generating, by a processor executing a multilayer deception system controller application, a plurality of honey entities and an instance of honey activity associated with one honey entity of the plurality of honey entities at a private network, the plurality of honey entities including a honey profile for a honey user, wherein the honey profile is generated based upon a real profile of a real user associated with the private network, wherein the real profile comprises a first version of contact information, and wherein the honey profile comprises a second version of the contact information;
exposing, by the processor, the honey profile outside of the private network by uploading information associated with the honey profile to a social networking service;
detecting, by the processor, an interaction with the one honey entity of the plurality of honey entities; and
analyzing, by the processor, the interaction to determine if the interaction corresponds to an attack.
1 Assignment
0 Petitions
Accused Products
Abstract
Concepts and technologies are disclosed herein for multilayered deception for intrusion detection. According to various embodiments of the concepts and technologies disclosed herein, a multilayer deception system includes honey servers, honey files and folders, honey databases, and/or honey computers. A multilayer deception system controller generates honey activity between the honey entities and exposes a honey profile with contact information associated with a honey user. Contact directed at the honey user and/or activity at any of the honey entities can trigger alarms and/or indicate an attack, and can be analyzed to prevent future attacks.
41 Citations
16 Claims
-
1. A method comprising:
-
generating, by a processor executing a multilayer deception system controller application, a plurality of honey entities and an instance of honey activity associated with one honey entity of the plurality of honey entities at a private network, the plurality of honey entities including a honey profile for a honey user, wherein the honey profile is generated based upon a real profile of a real user associated with the private network, wherein the real profile comprises a first version of contact information, and wherein the honey profile comprises a second version of the contact information; exposing, by the processor, the honey profile outside of the private network by uploading information associated with the honey profile to a social networking service; detecting, by the processor, an interaction with the one honey entity of the plurality of honey entities; and analyzing, by the processor, the interaction to determine if the interaction corresponds to an attack. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system comprising:
-
a processor; and a memory that stores computer-executable instructions that, when executed by the processor, cause the processor to perform operations comprising identifying a real user as a target of an electronic attack, generating a honey profile for a honey user, the honey profile comprising a first version of contact information that differs from a second version of contact information associated with the real user, generating a honey entity and an instance of honey activity between a computer operating on a private network and the honey entity, exposing the honey profile on a public network by uploading the honey profile to a social networking server accessible via the public network, detecting an interaction with the honey entity, and determining, based upon detecting the interaction with the honey entity, if the interaction corresponds to the electronic attack. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A computer storage medium having computer-executable instructions stored thereon that, when executed by a processor, cause the processor to perform operations comprising:
-
determining that a real user of a private network is a target of an attacker; generating a honey user and a honey profile for the honey user, the honey profile comprising a first version of contact information that differs from a second version of contact information associated with a real profile of the real user; exposing the honey profile outside of a private network associated with the real user by uploading the honey profile to a social networking server accessible via a public network; hosting honey entities at the private network; generating an instance of honey activity between a computer operating on the private network and the honey entities; detecting an interaction with one honey entity of the honey entities; and determining, based upon detecting the interaction with the one of the honey entities, if the interaction corresponds to an attack by the attacker. - View Dependent Claims (14, 15, 16)
-
Specification