主权项 |
1. A method for detecting unauthorized access of a network environment, the method comprising:
monitoring, by a security computer system, access of authentically allocated network resources; detecting, by security computer system, one or more access requests referencing one or more dark space resources, the one or more dark space resources being network resources that have not been allocated authentically within the network environment; in response to detecting the one or more access requests—
allocating, by security computer system, to a decoy system the one or more dark space resources;routing, by security computer system, at least one of the one or more access requests and a subsequent request referencing the one or more dark space resources to the decoy system;monitoring, by security computer system, actions taken on the decoy system responsive to the at least one of the one or more access requests and the subsequent request;determining, by security computer system, that the actions taken on the decoy system indicate malicious activity;in response to determining that the actions taken on the decoy system indicate malicious activity, instructing one or more computer systems of the network environment to block access by a source of the one or more access requests. |