Adapting decoy data present in a network
First Claim
Patent Images
1. A non-transitory computer-readable medium embodying a program executable in at least one computing device, the program, when executed, causing the at least one computing device to at least:
- obtain policy data, the policy data specifying decoy data eligible to be inserted in a data store and an access policy for accessing the data store;
obtain a response to an access of the data store, the response to the access of the data store comprising the decoy data among a plurality of non-decoy data;
determine legitimacy of the access of the data store based at least in part upon a comparison between the access policy and a characteristic associated with the access of the data store; and
remove the decoy data from among the plurality of non-decoy data in the response to the access of the data store based at least in part upon the access being legitimate according to the access policy.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed are various embodiments for obtaining policy data specifying decoy data eligible to be inserted within a response to an access of a data store. The decoy data is detected in the response among a plurality of non-decoy data based at least upon the policy data. An action associated with the decoy data is initiated in response to the access of the data store meeting a configurable threshold.
-
Citations
20 Claims
-
1. A non-transitory computer-readable medium embodying a program executable in at least one computing device, the program, when executed, causing the at least one computing device to at least:
-
obtain policy data, the policy data specifying decoy data eligible to be inserted in a data store and an access policy for accessing the data store; obtain a response to an access of the data store, the response to the access of the data store comprising the decoy data among a plurality of non-decoy data; determine legitimacy of the access of the data store based at least in part upon a comparison between the access policy and a characteristic associated with the access of the data store; and remove the decoy data from among the plurality of non-decoy data in the response to the access of the data store based at least in part upon the access being legitimate according to the access policy. - View Dependent Claims (2, 3)
-
-
4. A system, comprising:
at least one computing device connected to a network, the at least one computing device configured to at least; obtain policy data, the policy data specifying decoy data eligible to be inserted in a data store and an access policy for accessing a data store; obtain a response to an access of the data store, the response to the access of the data store comprising the decoy data among a plurality of non-decoy data; determine legitimacy of the access of the data store based at least in part upon a comparison between the access policy and a characteristic associated with the access of the data store; and remove the decoy data from among the plurality of non-decoy data in the response to the access of the data store based at least in part upon the access being legitimate according to the access policy. - View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12)
-
13. A method, comprising:
-
obtaining, by at least one computing device, policy data specifying decoy data eligible to be inserted within a response to an access of a data store and further specifying an access policy threshold associated with a user accessing the data store; detecting, by the at least one computing device, the decoy data in the response to the access of the data store among a plurality of non-decoy data based at least upon the policy data; determining, by the at least one computing device, legitimacy of the access of the data store based at least in part upon the access policy threshold; interrupting, by the at least one computing device, delivery of the response to the access of the data store to a client application when the access does not meet the access policy threshold; and modifying, by the at least one computing device, the decoy data among a plurality of non-decoy data in the response to the access of the data store when the access meets the access policy threshold. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification