MANAGING DYNAMIC DECEPTIVE ENVIRONMENTS
0 Assignments
0 Petitions
Accused Products
Abstract
A deception management system to detect attackers within a dynamically changing network of computer resources, including a deployment governor dynamically designating deception policies, each deception policy including names of non-existing web servers, and levels of diversity for planting the names of non-existing web servers in browser histories of web browsers within resources of the network, the levels of diversity specifying how densely the name of each non-existing web server is planted within resources of the network, a deception deployer dynamically planting the names of non-existing web servers in the browser histories of the web browsers in resources in the network, in accordance with the levels of diversity of the current deception policy, and a notification processor transmitting an alert to an administrator of the network in response to an attempt to access one of the non-existing web servers.
14 Citations
28 Claims
-
1-20. -20. (canceled)
-
21. A deception management system (DMS) to detect attackers within a dynamically changing network of computer resources, comprising:
-
a deployment governor dynamically designating deception policies, each deception policy comprising (i) names of non-existing web servers, and (ii) levels of diversity for planting the names of non-existing web servers in browser histories of web browsers within resources of the network, the levels of diversity specifying how densely the name of each non-existing web server is planted within resources of the network; a deception deployer dynamically planting the names of non-existing web servers in the browser histories of the web browsers in resources in the network, in accordance with the levels of diversity of the current deception policy; and a notification processor transmitting an alert to an administrator of the network in response to an attempt to access one of the non-existing web servers. - View Dependent Claims (22, 23, 24)
-
-
25. A deception management system (DMS) to detect attackers within a dynamically changing network of computer resources, comprising:
-
a deployment governor dynamically designating deception policies, each deception policy comprising (i) files containing non-existing usernames and passwords, and (ii) levels of diversity for planting the files containing the non-existing usernames and passwords within resources of the network, the levels of diversity specifying how densely each file containing non-existing usernames and passwords is planted within resources of the network; a deception deployer dynamically planting the files containing non-existing usernames and passwords in resources in the network, in accordance with the levels of diversity of the current deception policy; and a notification processor transmitting an alert to an administrator of the network in response to an attempt to user one of the non-existing usernames and passwords. - View Dependent Claims (26, 27, 28)
-
Specification
-
- Resources
-
Current Assigneeillusive networks LTD.
-
Original Assigneeillusive networks LTD.
-
InventorsTouboul, Shlomo, Levin, Hanan, Roubach, Stephane, Mischari, Assaf, Ben David, Itai, Avraham, Itay, Ozer, Adi, Kazaz, Chen, Israeli, Ofer, Vingurt, Olga, Gareh, Liad, Grimberg, Israel, Cohen, Cobby, Sultan, Sharon, Kubovsky, Matan
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current
-
CPC Class CodesG06F 21/55 Detecting local intrusion o...G06F 21/554 involving event detection a...G06F 21/56 Computer malware detection ...G06F 21/577 Assessing vulnerabilities a...G06N 20/00 Machine learningH04L 2463/146 Tracing the source of attacksH04L 63/10 for controlling access to d...H04L 63/102 Entity profilesH04L 63/1416 Event detection, e.g. attac...H04L 63/1425 Traffic logging, e.g. anoma...H04L 63/1433 Vulnerability analysisH04L 63/1441 Countermeasures against mal...H04L 63/1491 using deception as counterm...H04L 63/20 for managing network securi...
