Alternate files returned for suspicious processes in a compromised computer network

摘要

Methods and systems are presented of presenting false and/or decoy content to an intruder operating on a computer system by obfuscating critical files on a computer storage device with data that directs subsequent infiltration and propagation to designated decoy hosts and decoy applications.;Method and systems are provided for selectively presenting different contents to different viewers/users of application resource files for the purpose of preventing the valuable content from being read, tampered with, exfiltrated, or used as a means to perform subsequent attacks on network resources.

主权项

1. A computer-implemented method comprising:
monitoring, by one or more hardware processors in a computing device, read requests for files in a file system of a computer operating system, wherein the read requests are sent from legitimate and illegitimate applications, wherein an application is associated with a security rating, and wherein an illegitimate application has a security rating above a threshold; intercepting, at a software filter, a read request for an actual file, wherein the read request for the actual file is intercepted before the read request for the actual file reaches the file system; identifying an application that sent the read request for the actual file; ascertaining an attribute of the application; determining a security rating associated with the application, wherein the security rating associated with the application is determined using the attribute of the application; comparing the security rating associated with the application to a threshold; determining the application is illegitimate when the security rating associated with the application is above the threshold; revising the read request for the actual file into a read request for a false file when the application is determined to be illegitimate, wherein revising includes changing an actual filename for the actual file into a false filename for the false file; and sending the read request for the false file to the file system.