Managing dynamic deceptive environments
First Claim
1. A deception management system (DMS) to detect attackers within a dynamically changing network of computer resources, comprising:
- a deployment governor dynamically designating deception policies, each deception policy comprising (i) names of non-existing web servers, and (ii) levels of diversity for planting the names of non-existing web servers in browser histories of web browsers within the computer resources of the network, the levels of diversity specifying how densely the name of each non-existing web server is planted within the computer resources of the network;
a deception deployer dynamically planting the names of non-existing web servers in the browser histories of the web browsers in the computer resources in the network, in accordance with the levels of diversity of a current deception policy; and
a notification processor transmitting an alert to an administrator of the network in response to an attempt to access one of the non-existing web servers.
0 Assignments
0 Petitions
Accused Products
Abstract
A deception management system to detect attackers within a dynamically changing network of computer resources, including a deployment governor dynamically designating deception policies, each deception policy including names of non-existing web servers, and levels of diversity for planting the names of non-existing web servers in browser histories of web browsers within resources of the network, the levels of diversity specifying how densely the name of each non-existing web server is planted within resources of the network, a deception deployer dynamically planting the names of non-existing web servers in the browser histories of the web browsers in resources in the network, in accordance with the levels of diversity of the current deception policy, and a notification processor transmitting an alert to an administrator of the network in response to an attempt to access one of the non-existing web servers.
133 Citations
8 Claims
-
1. A deception management system (DMS) to detect attackers within a dynamically changing network of computer resources, comprising:
-
a deployment governor dynamically designating deception policies, each deception policy comprising (i) names of non-existing web servers, and (ii) levels of diversity for planting the names of non-existing web servers in browser histories of web browsers within the computer resources of the network, the levels of diversity specifying how densely the name of each non-existing web server is planted within the computer resources of the network; a deception deployer dynamically planting the names of non-existing web servers in the browser histories of the web browsers in the computer resources in the network, in accordance with the levels of diversity of a current deception policy; and a notification processor transmitting an alert to an administrator of the network in response to an attempt to access one of the non-existing web servers. - View Dependent Claims (2, 3, 4)
-
-
5. A deception management system (DMS) to detect attackers within a dynamically changing network of computer resources, comprising:
-
a deployment governor dynamically designating deception policies, each deception policy comprising (i) files containing non-existing usernames and passwords, and (ii) levels of diversity for planting the files containing the non-existing usernames and passwords within the computer resources of the network, the levels of diversity specifying how densely each file containing a non-existing username and password is planted within the computer resources of the network; a deception deployer dynamically planting the files containing non-existing usernames and passwords in the computer resources in the network, in accordance with the levels of diversity of a current deception policy; and a notification processor transmitting an alert to an administrator of the network in response to an attempt to use one of the non-existing usernames and passwords. - View Dependent Claims (6, 7, 8)
-
Specification