Methods, systems, and media for baiting inside attackers
First Claim
1. A method for providing trap-based defenses, the method comprising:
- generating, using a computing device, a plurality of decoy items from user-selected data items that are selected from data items stored in a computing environment, wherein a decoy item includes at least a portion of a data item and a beacon and wherein code embedded within the beacon causes a signal that includes identifying information associated with an attacker computing device to be transmitted to a remote server in response to detecting unauthorized access of the decoy item by the attacker computing device;
placing the plurality of decoy items into the computing environment, wherein the code embedded within the beacon is executed;
receiving an indication from the remote server relating to the unauthorized access of the decoy item by the attacker computing device, wherein the code embedded within the beacon of the decoy item causes the signal that included the identifying information associated with the attacker computing device to be transmitted to the remote server in response to detecting access of the decoy item;
in response to receiving the indication of the unauthorized access of the decoy item by the attacker computing device, determining the data item of the data items stored in the computing environment that corresponds to the decoy item that was accessed; and
transmitting a notification to a user of the computing device that the decoy item was accessed, wherein the notification includes the identifying information associated with the attacker computing device and the data item corresponding to the decoy item that was accessed.
0 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems, and media for providing trap-based defenses are provided. In accordance with some embodiments, a method for providing trap-based defenses is provided, the method comprising: generating decoy information based at least in part on actual information in a computing environment, wherein the decoy information is generated to comply with one or more document properties; embedding a beacon into the decoy information; and inserting the decoy information with the embedded beacon into the computing environment, wherein the embedded beacon provides a first indication that the decoy information has been accessed by an attacker and wherein the embedded beacon provides a second indication that differentiates between the decoy information and the actual information.
106 Citations
12 Claims
-
1. A method for providing trap-based defenses, the method comprising:
-
generating, using a computing device, a plurality of decoy items from user-selected data items that are selected from data items stored in a computing environment, wherein a decoy item includes at least a portion of a data item and a beacon and wherein code embedded within the beacon causes a signal that includes identifying information associated with an attacker computing device to be transmitted to a remote server in response to detecting unauthorized access of the decoy item by the attacker computing device; placing the plurality of decoy items into the computing environment, wherein the code embedded within the beacon is executed; receiving an indication from the remote server relating to the unauthorized access of the decoy item by the attacker computing device, wherein the code embedded within the beacon of the decoy item causes the signal that included the identifying information associated with the attacker computing device to be transmitted to the remote server in response to detecting access of the decoy item; in response to receiving the indication of the unauthorized access of the decoy item by the attacker computing device, determining the data item of the data items stored in the computing environment that corresponds to the decoy item that was accessed; and transmitting a notification to a user of the computing device that the decoy item was accessed, wherein the notification includes the identifying information associated with the attacker computing device and the data item corresponding to the decoy item that was accessed. - View Dependent Claims (2, 3, 4)
-
-
5. A system for providing trap-based defenses, the system comprising:
a computing device that; generates a plurality of decoy items from user-selected data items that are selected from data items stored in a computing environment, wherein a decoy item includes at least a portion of a data item and a beacon and wherein code embedded within the beacon causes a signal that includes identifying information associated with an attacker computing device to be transmitted to a remote server in response to detecting unauthorized access of the decoy item by the attacker computing device; places the plurality of decoy items into the computing environment, wherein the code embedded within the beacon is executed; receives an indication from the remote server relating to the unauthorized access of the decoy item by the attacker computing device, wherein the code embedded within the beacon of the decoy item caused the signal that included the identifying information associated with the attacker computing device to be transmitted to the remote server in response to detecting access of the decoy item; in response to receiving the indication of the unauthorized access of the decoy item by the attacker computing device, determines the data item of the data items stored in the computing environment that corresponds to the decoy item that was accessed; and transmits a notification to a user of the computing device that the decoy item was accessed, wherein the notification includes the identifying information associated with the attacker computing device and the data item corresponding to the decoy item that was accessed. - View Dependent Claims (6, 7, 8)
-
9. A non-transitory computer-readable medium containing computer-executable instructions that, when executed by a hardware processor, cause the hardware processor to perform a method for providing trap-based defenses, the method comprising:
-
generating a plurality of decoy items from user-selected data items that are selected from data items stored in a computing environment, wherein a decoy item includes at least a portion of a data item and a beacon and wherein code embedded within the beacon causes a signal that includes identifying information associated with an attacker computing device to be transmitted to a remote server in response to detecting unauthorized access of the decoy item by the attacker computing device; placing the plurality of decoy items into the computing environment, wherein the code embedded within the beacon is executed; receiving an indication from the remote server relating to the unauthorized access of the decoy item by the attacker computing device, wherein the code embedded within the beacon of the decoy item causes the signal that included the identifying information associated with the attacker computing device to be transmitted to the remote server in response to detecting access of the decoy item; in response to receiving the indication of the unauthorized access of the decoy item by the attacker computing device, determining the data item of the data items stored in the computing environment that corresponds to the decoy item that was accessed; and transmitting a notification to a user of the computing device that the decoy item was accessed, wherein the notification includes the identifying information associated with the attacker computing device and the data item corresponding to the decoy item that was accessed. - View Dependent Claims (10, 11, 12)
-
Specification