Cognitive malicious activity identification and handling

Assignee

• International Business Machines Corporation · US

Inventors

• Markus Ludwig · Waltham, US
• Johannes Noll · Heringen (Werra), DE
• Marc Noske · Kassel, DE
• Matthias Seul · Kassel, DE
• Volker Vogeley · Witzenhausen, DE

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/302
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Mechanisms are provided to implement a malicious activity response system (MARS) that automatically identifies and handles malicious activities within the data processing system. The MARS identifies threat intelligence associated with characteristics of malicious activity. The MARS forms a hypothesis for the malicious attack to identify a malicious attack that is occurring. The MARS identifies a trap for use in isolating the malicious activity; deploys the trap and automatically reconfiguring a network associated with the data processing system such that the malicious activity is routed to the trap thereby isolating the malicious activity, observes a behavior of the malicious activity within the trap; and extracts features associated with the malicious activity in the trap. The MARS then utilizes the extracted features to improve an operation of the malicious activity response system in handling future malicious activity.