Managing dynamic deceptive environments
First Claim
1. A deception management system (DMS) to detect attackers within a network of computer resources, comprising:
- a deception deployer planting one or more decoy attack vectors in memory or storage of one or more real resources in the network, an attack vector, of the one or more decoy attack vectors, being an object in a real resource of the network that has a potential to lead an attacker to access or discover a decoy resource of the network;
a deception adaptor self-triggering modification of activity logs of login access and data editing for one or more decoy resources, the one or more decoy resources appearing to the attacker as being active in the network; and
an access governor authorizing access to resources in the network, and issuing a notification upon recognizing an attempt to access one or more of the decoy resources of the network via one or more of the decoy attack vectors planted by said deception deployer.
0 Assignments
0 Petitions
Accused Products
Abstract
A deception management system (DMS) to detect attackers within a network of computer resources, including a discovery tool auto-learning the network naming conventions for user names, workstation names, server names and shared folder names, and a deception deployer generating one or more decoy attack vectors in the one or more resources in the network based on the network conventions learned by the discovery tool, so that the decoy attack vectors conform with the network conventions, wherein an attack vector is an object in a first resource of the network that has a potential to lead an attacker to access or discover a second resource of the network.
100 Citations
12 Claims
-
1. A deception management system (DMS) to detect attackers within a network of computer resources, comprising:
-
a deception deployer planting one or more decoy attack vectors in memory or storage of one or more real resources in the network, an attack vector, of the one or more decoy attack vectors, being an object in a real resource of the network that has a potential to lead an attacker to access or discover a decoy resource of the network; a deception adaptor self-triggering modification of activity logs of login access and data editing for one or more decoy resources, the one or more decoy resources appearing to the attacker as being active in the network; and an access governor authorizing access to resources in the network, and issuing a notification upon recognizing an attempt to access one or more of the decoy resources of the network via one or more of the decoy attack vectors planted by said deception deployer. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for detecting attackers within a network of computer resources, comprising:
-
planting one or more decoy attack vectors in memory or storage of one or more real resources in the network, an attack vector, of the one or more decoy attacked vectors, being an object in a real resource of the network that has a potential to lead an attacker to access or discover a decoy resource of the network; self-triggering modification of activity logs of login access and data editing for one or more decoy resources, the one or more decoy resources appearing to the attacker as being active in the network; and issuing a notification upon recognizing an attempt to access one or more of the decoy resources of the network via one or more of the decoy attack vectors planted by said planting. - View Dependent Claims (8, 9, 10, 11, 12)
-
Specification