Method and system for morphing honeypot with computer security incident correlation

Assignee

• International Business Machines Corporation · US

Inventors

• Kenneth W. Blake · Austin, US
• Vikki Kim Converse · Austin, US
• Ronald O'Neal Edmark · Austin, US
• John Michael Garrison · Austin, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/1491
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A method, system, apparatus, or computer program product is presented for morphing a honeypot system on a dynamic and configurable basis. The morphing honeypot emulates a variety of services while falsely presenting information about potential vulnerabilities within the system that supports the honeypot. The morphing honeypot has the ability to dynamically change its personality or displayed characteristics using a variety of algorithms and a database of known operating system and service vulnerabilities. The morphing honeypot's personality can be changed on a timed or scheduled basis, on the basis of activity that is generated by the presented honeypot personality, or on some other basis. The morphing honeypot can also be integrated with intrusion detection systems and other types of computer security incident recognition systems to correlate its personality with detected nefarious activities.