METHODS, SYSTEMS, AND MEDIA FOR BAITING INSIDE ATTACKERS
First Claim
1. A method for providing trap-based defenses, the method comprising:
- generating decoy information based at least in part on actual information in a computing environment, wherein the decoy information is generated to comply with one or more document properties;
embedding a beacon into the decoy information; and
inserting the decoy information with the embedded beacon into the computing environment, wherein the embedded beacon provides a first indication that the decoy information has been accessed by an attacker and wherein the embedded beacon provides a second indication that differentiates between the decoy information and the actual information.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, systems, and media for providing trap-based defenses are provided. In accordance with some embodiments, a method for providing trap-based defenses is provided, the method comprising: generating decoy information based at least in part on actual information in a computing environment, wherein the decoy information is generated to comply with one or more document properties; embedding a beacon into the decoy information; and inserting the decoy information with the embedded beacon into the computing environment, wherein the embedded beacon provides a first indication that the decoy information has been accessed by an attacker and wherein the embedded beacon provides a second indication that differentiates between the decoy information and the actual information.
471 Citations
64 Claims
-
1. A method for providing trap-based defenses, the method comprising:
-
generating decoy information based at least in part on actual information in a computing environment, wherein the decoy information is generated to comply with one or more document properties; embedding a beacon into the decoy information; and inserting the decoy information with the embedded beacon into the computing environment, wherein the embedded beacon provides a first indication that the decoy information has been accessed by an attacker and wherein the embedded beacon provides a second indication that differentiates between the decoy information and the actual information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method for providing trap-based defenses, the method comprising:
-
receiving trace data; determining protocol types of the received trace data based at least in part on the content of application layer headers contained in the received trace data; generating one or more candidate flows for each protocol type from the received trace data; modifying the one or more candidate flows with decoy information; and inserting the modified candidate flows into a communications network. - View Dependent Claims (22, 23, 24, 25, 26)
-
-
27. A system for providing trap-based defenses, the system comprising:
a processor that; generates decoy information based at least in part on actual information in a computing environment, wherein the decoy information is generated to comply with one or more document properties; embeds a beacon into the decoy information; and inserts the decoy information with the embedded beacon into the computing environment, wherein the embedded beacon provides a first indication that the decoy information has been accessed by an attacker and wherein the embedded beacon provides a second indication that differentiates between the decoy information and the actual information. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
-
40. A system for providing trap-based defenses, the system comprising:
a processor that; receives trace data; determines protocol types of the received trace data based at least in part on the content of application layer headers contained in the received trace data; generates one or more candidate flows for each protocol type from the received trace data; modifies the one or more candidate flows with decoy information; and inserts the modified candidate flows into a communications network. - View Dependent Claims (41, 42, 43, 44, 45)
-
46. A non-transitory computer-readable medium containing computer-executable instructions that, when executed by a processor, cause the processor to perform a method for providing trap-based defenses, the method comprising:
-
generating decoy information based at least in part on actual information in a computing environment, wherein the decoy information is generated to comply with one or more document properties; embedding a beacon into the decoy information; and inserting the decoy information with the embedded beacon into the computing environment, wherein the embedded beacon provides a first indication that the decoy information has been accessed by an attacker and wherein the embedded beacon provides a second indication that differentiates between the decoy information and the actual information. - View Dependent Claims (47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58)
-
-
59. A non-transitory computer-readable medium containing computer-executable instructions that, when executed by a processor, cause the processor to perform a method for providing trap-based defenses, the method comprising:
-
receiving trace data; determining protocol types of the received trace data based at least in part on the content of application layer headers contained in the received trace data; generating one or more candidate flows for each protocol type from the received trace data; modifying the one or more candidate flows with decoy information; and inserting the modified candidate flows into a communications network. - View Dependent Claims (60, 61, 62, 63, 64)
-
Specification