×

Cyber attack disruption through multiple detonations of received payloads

  • US 8,943,594 B1
  • Filed: 12/18/2013
  • Issued: 01/27/2015
  • Est. Priority Date: 06/24/2013
  • Status: Active Grant
First Claim
Patent Images

1. A method comprising:

  • using a local network accessible system to receive a payload transmitted across a computer network, the local network accessible system comprising a processor, an associated memory and a decoy environment;

    copying the received payload to the decoy environment and to the associated memory; and

    repetitively detonating, within the decoy environment, the copied payload a plurality of times while concurrently activating, within the associated memory, the copied payload at least once,wherein the received payload includes a malicious component from an attacking party configured to carry out a malicious action responsive to activation of the payload,wherein the malicious action is carried out responsive to both the detonating of the copied payload within the decoy environment and activating of the copied payload within the associated memory,wherein the malicious action comprises generating a callback communication to the attacking party,wherein the detonation of the copied payload in the decoy environment said plurality of times in succession generates a corresponding plurality of decoy callback communications that are transferred across the network to the attacking party,wherein the activation of the copied payload in the associated memory generates at least one authentic callback communication that is transferred across the network to the attacking party during the continued transfer of said decoy callback communications so that the at least one authentic callback communication is masked within said decoy callback communications; and

    wherein the copied payload is detonated within the decoy environment a plurality of times in succession at a time varying rate over an applicable period of time using a predefined profile so that a number of detonations is different for at least some successive elapsed time periods over the applicable period of time and the authentic callback communication is transferred during an intermediate one of the successive elapsed time periods.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×