| 发明名称 | Methods, systems, and media for baiting inside attackers | ||
| 摘要 | Methods, systems, and media for providing trap-based defenses are provided. In accordance with some embodiments, a method for providing trap-based defenses is provided, the method comprising: generating decoy information based at least in part on actual information in a computing environment, wherein the decoy information is generated to comply with one or more document properties; embedding a beacon into the decoy information; and inserting the decoy information with the embedded beacon into the computing environment, wherein the embedded beacon provides a first indication that the decoy information has been accessed by an attacker and wherein the embedded beacon provides a second indication that differentiates between the decoy information and the actual information. | ||
| 申请公布号 | US9501639(B2) | 申请公布日期 | 2016.11.22 |
| 申请号 | US201514642401 | 申请日期 | 2015.03.09 |
| 申请人 | The Trustees of Columbia University in the City of New York | 发明人 | Stolfo Salvatore J.;Keromytis Angelos D.;Bowen Brian M.;Hershkop Shlomo;Kemerlis Vasileios P.;Prabhu Pratap V.;Ben Salem Malek |
| 分类号 | G06F11/00;G06F21/55;G06F21/56;H04L29/06 | 主分类号 | G06F11/00 |
| 代理机构 | Byme Poh LLP | 代理人 | Byme Poh LLP |
| 主权项 | 1. A method for providing trap-based defenses, the method comprising: generating, using a computing device, a plurality of decoy items from user-selected data items that are selected from data items stored in a computing environment, wherein a decoy item includes at least a portion of a data item and a beacon and wherein code embedded within the beacon causes a signal that includes identifying information associated with an attacker computing device to be transmitted to a remote server in response to detecting unauthorized access of the decoy item by the attacker computing device; placing the plurality of decoy items into the computing environment, wherein the code embedded within the beacon is executed; receiving an indication from the remote server relating to the unauthorized access of the decoy item by the attacker computing device, wherein the code embedded within the beacon of the decoy item causes the signal that included the identifying information associated with the attacker computing device to be transmitted to the remote server in response to detecting access of the decoy item; in response to receiving the indication of the unauthorized access of the decoy item by the attacker computing device, determining the data item of the data items stored in the computing environment that corresponds to the decoy item that was accessed; and transmitting a notification to a user of the computing device that the decoy item was accessed, wherein the notification includes the identifying information associated with the attacker computing device and the data item corresponding to the decoy item that was accessed. | ||
| 地址 | New York NY US | ||