Managing dynamic deceptive environments
First Claim
1. A deception management system (DMS) to detect attackers within a dynamically changing network of computer resources, comprising:
- a deployment governor dynamically designating deception policies, each deception policy comprising one or more decoy attack vectors, one or more computer resources of the network in which the one or more decoy attack vectors are generated, and a schedule for generating the one or more decoy attack vectors in the one or more resources, wherein an attack vector is an object in a first resource of the network that has a potential to be used by an attacker to access or discover a second resource of the network, and wherein the network of resources is dynamically changing;
a deception adaptor dynamically extracting characteristics of the network;
a deception diversifier dynamically triggering changes in the deception policy based on changes in the network as detected from the network characteristics extracted by said deception adaptor, and enabling an administrator of the network to set levels of deception diversity across resources in the network; and
a deception deployer dynamically generating one or more decoy attack vectors in the one or more resources in the network, in accordance with the current deception policy and in accordance with the levels of diversity set by the administrator.
1 Assignment
0 Petitions
Accused Products
Abstract
A deception management system to detect attackers within a dynamically changing network, including a deployment governor dynamically designating a deception policy that includes one or more decoy attack vectors, one or more resources of the network in which the decoy attack vectors are generated, and a schedule for generating the decoy attack vectors in the resources, wherein an attack vector is an object in a first resource that may be used by an attacker to access or discover a second resource, and wherein the network of resources is dynamically changing, a deception deployer dynamically generating decoy attack vectors on resources in the network, in accordance with the current deception policy, a deception adaptor dynamically extracting characteristics of the network, and a deception diversifier dynamically triggering changes in the deception policy based on changes in the network as detected from the network characteristics extracted by the deception adaptor.
66 Citations
14 Claims
-
1. A deception management system (DMS) to detect attackers within a dynamically changing network of computer resources, comprising:
-
a deployment governor dynamically designating deception policies, each deception policy comprising one or more decoy attack vectors, one or more computer resources of the network in which the one or more decoy attack vectors are generated, and a schedule for generating the one or more decoy attack vectors in the one or more resources, wherein an attack vector is an object in a first resource of the network that has a potential to be used by an attacker to access or discover a second resource of the network, and wherein the network of resources is dynamically changing; a deception adaptor dynamically extracting characteristics of the network; a deception diversifier dynamically triggering changes in the deception policy based on changes in the network as detected from the network characteristics extracted by said deception adaptor, and enabling an administrator of the network to set levels of deception diversity across resources in the network; and a deception deployer dynamically generating one or more decoy attack vectors in the one or more resources in the network, in accordance with the current deception policy and in accordance with the levels of diversity set by the administrator. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for detecting attackers within a dynamically changing network of computer resources, comprising:
-
repeatedly designating a current deception policy that comprises one or more decoy attack vectors, one or more computer resources of the network in which the one or more decoy attack vectors are generated, and a schedule for generating the one or more decoy attack vectors in the one or more resources, wherein an attack vector is an object in a first resource of the network that has a potential to be used by an attacker to access or discover a second resource of the network, and wherein the network of resources is dynamically changing, comprising specifying levels of deception diversity across resources in the network, the levels being set by an administrator of the network; repeatedly generating one or more decoy attack vectors in one or more resources in the network, in accordance with the current deception policy and in accordance with the specified levels of deception diversity; repeatedly extracting characteristics of the network; and repeatedly triggering changes in the deception policy based on changes in the network as detected from the thus-extracted network characteristics. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
Specification