发明名称 |
Alternate files returned for suspicious processes in a compromised computer network |
摘要 |
Methods and systems are presented of presenting false and/or decoy content to an intruder operating on a computer system by obfuscating critical files on a computer storage device with data that directs subsequent infiltration and propagation to designated decoy hosts and decoy applications.;Method and systems are provided for selectively presenting different contents to different viewers/users of application resource files for the purpose of preventing the valuable content from being read, tampered with, exfiltrated, or used as a means to perform subsequent attacks on network resources. |
申请公布号 |
US9576145(B2) |
申请公布日期 |
2017.02.21 |
申请号 |
US201414503014 |
申请日期 |
2014.09.30 |
申请人 |
ACALVIO TECHNOLOGIES, INC. |
发明人 |
Zhang Yadong;Tsai Ching-Hai;Wu Johnson L.;Schultz Craig A. |
分类号 |
G06F21/50;G06F21/62;G06F21/55 |
主分类号 |
G06F21/50 |
代理机构 |
Kilpatrick Townsend & Stockton LLP |
代理人 |
Kilpatrick Townsend & Stockton LLP |
主权项 |
1. A computer-implemented method comprising:
monitoring, by one or more hardware processors in a computing device, read requests for files in a file system of a computer operating system, wherein the read requests are sent from legitimate and illegitimate applications, wherein an application is associated with a security rating, and wherein an illegitimate application has a security rating above a threshold; intercepting, at a software filter, a read request for an actual file, wherein the read request for the actual file is intercepted before the read request for the actual file reaches the file system; identifying an application that sent the read request for the actual file; ascertaining an attribute of the application; determining a security rating associated with the application, wherein the security rating associated with the application is determined using the attribute of the application; comparing the security rating associated with the application to a threshold; determining the application is illegitimate when the security rating associated with the application is above the threshold; revising the read request for the actual file into a read request for a false file when the application is determined to be illegitimate, wherein revising includes changing an actual filename for the actual file into a false filename for the false file; and sending the read request for the false file to the file system. |
地址 |
Cupertino CA US |