Implementing decoys in a network environment
US11888897B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Aug 24, 2022 |
| Grant date | Jan 30, 2024 |
| Priority date | — |
| Expiry date | Aug 24, 2042 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2463/144
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A system includes one or more “BotMagnet” modules that are exposed to infection by malicious code. The BotMagnets may include one or more virtual machines hosting operating systems in which malicious code may be installed and executed without exposing sensitive data or other parts of a network. In particular, outbound traffic may be transmitted to a Sinkhole module that implements a service requested by the outbound traffic and transmits responses to the malicious code executing within the BotMagnet. Credentials for services implemented by a BotSink may be planted in an active directory (AD) server. The BotSink periodically uses the credentials thereby creating log entries indicating use thereof. When an attacker accesses the services using the credentials, the BotSink engages and monitors an attacker system and may generate an alert. Decoy services may be assigned to a domain and associated with names according to a naming convention of the domain.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.