Adapting decoy data present in a network

摘要

Disclosed are various embodiments for obtaining policy data specifying decoy data eligible to be inserted within a response to an access of a data store. The decoy data is detected in the response among a plurality of non-decoy data based at least upon the policy data. An action associated with the decoy data is initiated in response to the access of the data store meeting a configurable threshold.

主权项

1. A non-transitory computer-readable medium embodying a program executable in at least one computing device, the program comprising:
code that obtains policy data specifying decoy data eligible to be retrieved from a data store and further specifying at least one threshold associated with accessing the data store; code that obtains, via a network, a response to an access of the data store, the response comprising the decoy data among a plurality of non-decoy data, the access being made by a user of a client application; code that detects the decoy data in the response based at least upon the policy data, the decoy data being inserted in the response to the access of the data store; code that determines authorization for the user based at least in part upon the access of the data store meeting the at least one threshold; code that modifies the decoy data when the access by the user is authorized, wherein the modified decoy data is used to trace the response traversing the network without generating an alarm; code that interrupts delivery of the response to the client application when the access by the user is unauthorized; and code that generates a log of the access and the decoy data detected.