System for detecting, analyzing, and controlling infiltration of computer and network systems
First Claim
1. A method for detecting and manipulating a malicious actor/communication on a computer system, the method comprising the steps of:
- providing multiple detection points at specific locations in the computer system, each detection point presenting an opportunity to detect and manipulate a malicious actor/communication;
detecting a malicious actor/communication on the system based on a triggering of a first detection point;
controlling or manipulating the malicious actor/communication to a second detection point;
characterizing the malicious actor/communication to determine some information about the malicious actor/communication based on an analysis of the activities or aspects of the malicious actor/communication detected by the triggering of one or more of the detection points;
wherein there are multiple detection points provided in the system that are accessible from the first detection point;
wherein the step of controlling or manipulating the malicious actor/communication comprises permitting the malicious actor/communication to access the multiple detection points that are accessible from the first detection point; and
wherein the step of characterizing the malicious actor/communication involves determining an aspect of the malicious actor/communication based on which of the multiple detection points that are accessible from the first detection point are triggered by the malicious actor/communication.
3 Assignments
0 Petitions
Accused Products
Abstract
A method for detecting and manipulating a malicious actor/communication on a computer network or system. The method includes the steps of incorporating one or more synthetic vulnerabilities into the computer system at distinct locations, where each synthetic vulnerability presents an opportunity for exploitation by a malicious actor/communication, detecting an exploitation of one of the vulnerabilities by an actor, analyzing the actor to determine if the actor is a malicious actor/communication; and manipulating the malicious actor/communication. A computer program on a storage medium is also disclosed.
29 Citations
28 Claims
-
1. A method for detecting and manipulating a malicious actor/communication on a computer system, the method comprising the steps of:
-
providing multiple detection points at specific locations in the computer system, each detection point presenting an opportunity to detect and manipulate a malicious actor/communication; detecting a malicious actor/communication on the system based on a triggering of a first detection point; controlling or manipulating the malicious actor/communication to a second detection point; characterizing the malicious actor/communication to determine some information about the malicious actor/communication based on an analysis of the activities or aspects of the malicious actor/communication detected by the triggering of one or more of the detection points; wherein there are multiple detection points provided in the system that are accessible from the first detection point;
wherein the step of controlling or manipulating the malicious actor/communication comprises permitting the malicious actor/communication to access the multiple detection points that are accessible from the first detection point; and
wherein the step of characterizing the malicious actor/communication involves determining an aspect of the malicious actor/communication based on which of the multiple detection points that are accessible from the first detection point are triggered by the malicious actor/communication. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for detecting and manipulating a malicious actor/communication on a computer system, the method comprising the steps of:
-
providing multiple detection points at specific locations in the computer system, each detection point presenting an opportunity to detect and manipulate a malicious actor/communication; detecting a malicious actor/communication on the system based on a triggering of a first detection point; controlling or manipulating the malicious actor/communication to a second detection point; characterizing the malicious actor/communication to determine some information about the malicious actor/communication based on an analysis of the activities or aspects of the malicious actor/communication detected by the triggering of one or more of the detection points; wherein some of the multiple detection points are arranged in the system in a sequence with one detection point leading to another detection point thereby defining a mission; and
wherein the step of characterizing involves analyzing information related to the malicious actor/communication and its progression through the multiple detection points.
-
-
10. A method for detecting and manipulating a malicious actor/communication on a computer network or system, the method comprising the steps of:
-
creating multiple detection points for detecting, capturing or directing a malicious actor/communication; implementing, integrating, or applying the multiple detection points to a target system or network; intercepting a malicious actor/communication that is directed to the target system or network based on a triggering of a first detection point; controlling or manipulating the malicious actor/communication to proceed to another detection point; and characterizing the malicious actor/communication to determine some information about the malicious actor/communication based on an analysis of the activities or aspects of the malicious actor/communication that triggered at least one of the detection points; wherein the step of controlling or manipulating the malicious actor/communication involves providing the malicious actor/communication with access to multiple detection points that are directly accessible from the first detection point; and wherein the characterizing step involves analyzing which detection points were selected by the malicious actor/communication out of the multiple detection points, and determining an aspect of the malicious actor/communication based on that analysis. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A method for detecting and manipulating a malicious actor/communication on a computer network or system, the method comprising the steps of:
-
creating multiple detection points for detecting, capturing or directing a malicious actor/communication; implementing, integrating, or applying the multiple detection points to a target system or network; intercepting a malicious actor/communication that is directed to the target system or network based on a triggering of a first detection point; controlling or manipulating the malicious actor/communication to proceed to another detection point; and characterizing the malicious actor/communication to determine some information about the malicious actor/communication based on an analysis of the activities or aspects of the malicious actor/communication that triggered at least one of the detection points; wherein the step of implementing, integrating, or applying the one or more detection points involves creating a mission using multiple detection points, with each detection point leading to another detection point, the mission being indicative of certain information being sought by a malicious actor/communication.
-
-
25. A non-transitory computer usable medium having a computer readable program code embodied therein, the computer readable program code adapted to be executed to implement a method for detecting and manipulating a malicious actor/communication on a computer network or system, the method comprising the steps of:
-
creating multiple detection points for detecting, capturing or directing a malicious actor/communication; implementing, integrating, or applying the detection points to a target system or network; intercepting a malicious actor/communication that is directed to the target system or network based on a triggering of a first detection point; controlling or manipulating the malicious actor/communication to a second detection point; and characterizing the malicious actor/communication to determine some information about the malicious actor/communication based on an analysis of the activities or aspects of the malicious actor/communication detected by the triggering of one or more of the detection points; wherein there are multiple detection points provided in the system that are accessible from the first detection point;
wherein the step of controlling or manipulating the malicious actor/communication comprises permitting the malicious actor/communication to access the multiple detection points that are accessible from the first detection point; and
wherein the step of characterizing the malicious actor/communication involves determining an aspect of the malicious actor/communication based on which of the multiple detection points that are accessible from the first detection point are triggered by the malicious actor/communication.
-
-
26. A protection system for detecting and manipulating a malicious actor/communication on a target computer program, the protection system comprising:
-
a computer engine module configured to receive communications including malicious communications, the engine module including a first detection point and second detection points, each detection point including one or more match rules and actions to be accomplished upon a match being found, the engine module including program coding configured to compare the received communication against the match rules associated with the detection point to characterize the communication as a malicious communication, implement the actions associated with a detection point upon a determination that a communication matches the rules, and to control or manipulate the malicious communication; a report generator in communication with the engine module, the report generator adapted to generate a report upon a determination that a communication matches the rules; a storage database for receiving and storing detection points and reports; and an admin GUI module for creating detection points and sending the detection points to the engine module; wherein there are multiple second detection points provided in the system that are accessible from the first detection point;
wherein controlling or manipulating the malicious actor/communication comprises detecting the triggering by the malicious actor/communication of the first detection point, and permitting the malicious actor/communication to access the multiple second detection points that are accessible from the first detection point; and
wherein characterizing the malicious actor/communication involves determining an aspect of the malicious actor/communication based on which of the multiple second detection points that are accessible from the first detection point are triggered by the malicious actor/communication. - View Dependent Claims (27, 28)
-
Specification