Systems and methods for the detection of advanced attackers using client side honeytokens
US10609048B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Aug 27, 2018 |
| Grant date | Mar 31, 2020 |
| Priority date | — |
| Expiry date | Aug 27, 2038 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1491
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
There is provided a method for detecting a malicious attempt to access a service providing server using credentials of a client terminal in a network, the method performed by a malicious event detection server analyzing packets transmitted over the network, comprising: analyzing at least one login-credential associated with an attempt to obtain authentication to access the service providing server to determine whether the login-credential matches an invalid login-credential included in a set of honeytoken-credentials, wherein the set of honeytoken-credentials is stored on a local memory of the client terminal, wherein the set of honeytoken-credentials includes the invalid login-credential and a valid login-credential, wherein the invalid login-credential is invalid for authentication of the client terminal to access the service providing server and the valid login-credential is valid for authentication of the client terminal to access the service providing server; and identifying a malicious event when the login-credential matches the invalid login-credential.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.