BR112018009375A2 - sistema tipo honeypot dinâmico - Google Patents
sistema tipo honeypot dinâmicoInfo
- Publication number
- BR112018009375A2 BR112018009375A2 BR112018009375A BR112018009375A BR112018009375A2 BR 112018009375 A2 BR112018009375 A2 BR 112018009375A2 BR 112018009375 A BR112018009375 A BR 112018009375A BR 112018009375 A BR112018009375 A BR 112018009375A BR 112018009375 A2 BR112018009375 A2 BR 112018009375A2
- Authority
- BR
- Brazil
- Prior art keywords
- target application
- malicious
- computing device
- determining whether
- activity
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Abstract
várias modalidades incluem um sistema tipo honeypot configurado para engatilhar atividades maliciosas por aplicativos maliciosos com o uso de um algoritmo de análise comportamental e fornecimento de recurso dinâmico. um método realizado por um processador de um dispositivo de computação, que pode ser um dispositivo de computação móvel, pode incluir determinar se um aplicativo-alvo que é executado atualmente no dispositivo de computação é ou não potencialmente malicioso com base, pelo menos em parte, na análise, na previsão de uma condição de engatilhamento do aplicativo-alvo em resposta à determinação de que o aplicativo-alvo é potencialmente malicioso, no fornecimento de um ou mais recursos com base, pelo menos em parte, na condição de engatilhamento prevista, no monitoramento das atividades do aplicativo-alvo que correspondem aos um ou mais recursos fornecidos e na determinação da possibilidade de o aplicativo-alvo ser um aplicativo malicioso com base, pelo menos em parte, nas atividades monitoradas. os recursos podem ser componentes de dispositivo (por exemplo, interface (ou interfaces) de rede, sensor (ou sensores), etc.) e/ou dados (por exemplo, arquivos, etc.).
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/935,522 US20170134405A1 (en) | 2015-11-09 | 2015-11-09 | Dynamic Honeypot System |
PCT/US2016/056438 WO2017083043A1 (en) | 2015-11-09 | 2016-10-11 | Dynamic honeypot system |
Publications (2)
Publication Number | Publication Date |
---|---|
BR112018009375A2 true BR112018009375A2 (pt) | 2018-11-13 |
BR112018009375A8 BR112018009375A8 (pt) | 2019-02-26 |
Family
ID=57218995
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
BR112018009375A BR112018009375A8 (pt) | 2015-11-09 | 2016-10-11 | sistema tipo honeypot dinâmico |
Country Status (8)
Country | Link |
---|---|
US (1) | US20170134405A1 (pt) |
EP (1) | EP3375159B1 (pt) |
JP (1) | JP2018536932A (pt) |
KR (1) | KR20180080227A (pt) |
CN (1) | CN108353078A (pt) |
BR (1) | BR112018009375A8 (pt) |
TW (1) | TW201717088A (pt) |
WO (1) | WO2017083043A1 (pt) |
Families Citing this family (60)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9710648B2 (en) | 2014-08-11 | 2017-07-18 | Sentinel Labs Israel Ltd. | Method of malware detection and system thereof |
US11507663B2 (en) | 2014-08-11 | 2022-11-22 | Sentinel Labs Israel Ltd. | Method of remediating operations performed by a program and system thereof |
US9602536B1 (en) | 2014-12-04 | 2017-03-21 | Amazon Technologies, Inc. | Virtualized network honeypots |
US10178195B2 (en) * | 2015-12-04 | 2019-01-08 | Cloudflare, Inc. | Origin server protection notification |
US10135867B2 (en) * | 2015-12-08 | 2018-11-20 | Bank Of America Corporation | Dynamically updated computing environments for detecting and capturing unauthorized computer activities |
US20170228540A1 (en) * | 2016-02-09 | 2017-08-10 | Appdome Ltd. | Method and a system for detecting malicious code activity by generating software traps per application |
US10484416B2 (en) * | 2016-03-18 | 2019-11-19 | AO Kaspersky Lab | System and method for repairing vulnerabilities of objects connected to a data network |
US10528734B2 (en) * | 2016-03-25 | 2020-01-07 | The Mitre Corporation | System and method for vetting mobile phone software applications |
US9979750B2 (en) | 2016-04-26 | 2018-05-22 | Acalvio Technologies, Inc. | Tunneling for network deceptions |
US10326796B1 (en) * | 2016-04-26 | 2019-06-18 | Acalvio Technologies, Inc. | Dynamic security mechanisms for mixed networks |
US10581914B2 (en) | 2016-06-03 | 2020-03-03 | Ciena Corporation | Method and system of mitigating network attacks |
JP6738013B2 (ja) * | 2016-06-23 | 2020-08-12 | 富士通株式会社 | 攻撃内容分析プログラム、攻撃内容分析方法及び攻撃内容分析装置 |
US10715533B2 (en) * | 2016-07-26 | 2020-07-14 | Microsoft Technology Licensing, Llc. | Remediation for ransomware attacks on cloud drive folders |
EP3291501A1 (en) * | 2016-08-31 | 2018-03-07 | Siemens Aktiengesellschaft | System and method for using a virtual honeypot in an industrial automation system and cloud connector |
US10447734B2 (en) * | 2016-11-11 | 2019-10-15 | Rapid7, Inc. | Monitoring scan attempts in a network |
US10298605B2 (en) * | 2016-11-16 | 2019-05-21 | Red Hat, Inc. | Multi-tenant cloud security threat detection |
US11695800B2 (en) | 2016-12-19 | 2023-07-04 | SentinelOne, Inc. | Deceiving attackers accessing network data |
US10599842B2 (en) * | 2016-12-19 | 2020-03-24 | Attivo Networks Inc. | Deceiving attackers in endpoint systems |
US11616812B2 (en) | 2016-12-19 | 2023-03-28 | Attivo Networks Inc. | Deceiving attackers accessing active directory data |
US10223536B2 (en) * | 2016-12-29 | 2019-03-05 | Paypal, Inc. | Device monitoring policy |
US10924502B2 (en) * | 2016-12-29 | 2021-02-16 | Noblis, Inc. | Network security using inflated files for anomaly detection |
US10628585B2 (en) | 2017-01-23 | 2020-04-21 | Microsoft Technology Licensing, Llc | Ransomware resilient databases |
CN109033885B (zh) * | 2017-06-09 | 2022-11-18 | 腾讯科技(深圳)有限公司 | 一种数据响应方法、终端设备以及服务器 |
EP3643040A4 (en) | 2017-08-08 | 2021-06-09 | SentinelOne, Inc. | METHODS, SYSTEMS AND DEVICES FOR DYNAMIC MODELING AND GROUPING OF END POINTS FOR EDGE NETWORKING |
US20190108355A1 (en) * | 2017-10-09 | 2019-04-11 | Digital Guardian, Inc. | Systems and methods for identifying potential misuse or exfiltration of data |
US10867039B2 (en) * | 2017-10-19 | 2020-12-15 | AO Kaspersky Lab | System and method of detecting a malicious file |
US10915629B2 (en) * | 2017-11-02 | 2021-02-09 | Paypal, Inc. | Systems and methods for detecting data exfiltration |
US10771482B1 (en) * | 2017-11-14 | 2020-09-08 | Ca, Inc. | Systems and methods for detecting geolocation-aware malware |
US10826939B2 (en) * | 2018-01-19 | 2020-11-03 | Rapid7, Inc. | Blended honeypot |
US11368474B2 (en) | 2018-01-23 | 2022-06-21 | Rapid7, Inc. | Detecting anomalous internet behavior |
US11470115B2 (en) | 2018-02-09 | 2022-10-11 | Attivo Networks, Inc. | Implementing decoys in a network environment |
US10635939B2 (en) | 2018-07-06 | 2020-04-28 | Capital One Services, Llc | System, method, and computer-accessible medium for evaluating multi-dimensional synthetic data using integrated variants analysis |
US10404747B1 (en) * | 2018-07-24 | 2019-09-03 | Illusive Networks Ltd. | Detecting malicious activity by using endemic network hosts as decoys |
EP3918500B1 (en) * | 2019-03-05 | 2024-04-24 | Siemens Industry Software Inc. | Machine learning-based anomaly detections for embedded software applications |
US11057428B1 (en) * | 2019-03-28 | 2021-07-06 | Rapid7, Inc. | Honeytoken tracker |
EP3973427A4 (en) | 2019-05-20 | 2023-06-21 | Sentinel Labs Israel Ltd. | SYSTEMS AND METHODS FOR EXECUTABLE CODE DETECTION, AUTOMATIC FEATURE EXTRACTION, AND POSITION-INDEPENDENT CODE DETECTION |
US11303643B1 (en) | 2019-06-06 | 2022-04-12 | NortonLifeLock Inc. | Systems and methods for protecting users |
CN110677408B (zh) * | 2019-07-09 | 2021-07-09 | 腾讯科技(深圳)有限公司 | 攻击信息的处理方法和装置、存储介质及电子装置 |
CN110675228B (zh) * | 2019-09-27 | 2021-05-28 | 支付宝(杭州)信息技术有限公司 | 用户购票行为检测方法以及装置 |
CN111308958B (zh) * | 2019-11-14 | 2021-04-20 | 广州安加互联科技有限公司 | 一种基于蜜罐技术的cnc设备仿真方法、系统和工控蜜罐 |
CN113132293B (zh) * | 2019-12-30 | 2022-10-04 | 中国移动通信集团湖南有限公司 | 攻击检测方法、设备及公共蜜罐系统 |
CN111431891A (zh) * | 2020-03-20 | 2020-07-17 | 广州锦行网络科技有限公司 | 一种蜜罐部署方法 |
CN111541670A (zh) * | 2020-04-17 | 2020-08-14 | 广州锦行网络科技有限公司 | 一种新型动态蜜罐系统 |
US11030261B1 (en) * | 2020-08-06 | 2021-06-08 | Coupang Corp. | Computerized systems and methods for managing and monitoring services and modules on an online platform |
CN112039861B (zh) * | 2020-08-20 | 2023-04-18 | 咪咕文化科技有限公司 | 风险识别方法、装置、电子设备和计算机可读存储介质 |
US11824894B2 (en) * | 2020-11-25 | 2023-11-21 | International Business Machines Corporation | Defense of targeted database attacks through dynamic honeypot database response generation |
US11720709B1 (en) | 2020-12-04 | 2023-08-08 | Wells Fargo Bank, N.A. | Systems and methods for ad hoc synthetic persona creation |
US11579857B2 (en) | 2020-12-16 | 2023-02-14 | Sentinel Labs Israel Ltd. | Systems, methods and devices for device fingerprinting and automatic deployment of software in a computing network using a peer-to-peer approach |
CN112788023B (zh) * | 2020-12-30 | 2023-02-24 | 成都知道创宇信息技术有限公司 | 基于安全网络的蜜罐管理方法及相关装置 |
US11386197B1 (en) | 2021-01-11 | 2022-07-12 | Bank Of America Corporation | System and method for securing a network against malicious communications through peer-based cooperation |
US11641366B2 (en) | 2021-01-11 | 2023-05-02 | Bank Of America Corporation | Centralized tool for identifying and blocking malicious communications transmitted within a network |
US11777988B1 (en) * | 2021-03-09 | 2023-10-03 | Rapid7, Inc. | Probabilistically identifying anomalous honeypot activity |
CN112800417B (zh) * | 2021-04-15 | 2021-07-06 | 远江盛邦(北京)网络安全科技股份有限公司 | 基于服务状态机的反馈式蜜罐系统的识别方法及系统 |
US20220374516A1 (en) * | 2021-05-20 | 2022-11-24 | Stairwell, Inc. | Real time threat knowledge graph |
US11947694B2 (en) | 2021-06-29 | 2024-04-02 | International Business Machines Corporation | Dynamic virtual honeypot utilizing honey tokens and data masking |
US11899782B1 (en) | 2021-07-13 | 2024-02-13 | SentinelOne, Inc. | Preserving DLL hooks |
CN113609483B (zh) * | 2021-07-16 | 2024-05-03 | 山东云海国创云计算装备产业创新中心有限公司 | 一种服务器病毒处理的方法、装置、设备及可读介质 |
CN114168947B (zh) * | 2021-12-14 | 2022-10-25 | Tcl通讯科技(成都)有限公司 | 一种攻击检测方法、装置、电子设备及存储介质 |
IT202100033158A1 (it) * | 2021-12-30 | 2023-06-30 | Thegg Domotica S R L | Dispositivo honeypot tailor-made e relativo metodo di realizzazione nel rispetto normativo di applicazione |
KR102657010B1 (ko) * | 2023-12-04 | 2024-04-12 | 주식회사 심시스글로벌 | 샌드박스 기반의 가상 망 분리 방법 및 시스템 |
Family Cites Families (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050166072A1 (en) * | 2002-12-31 | 2005-07-28 | Converse Vikki K. | Method and system for wireless morphing honeypot |
EP1872222A1 (en) * | 2005-04-18 | 2008-01-02 | The Trustees of Columbia University in the City of New York | Systems and methods for detecting and inhibiting attacks using honeypots |
US9171157B2 (en) * | 2006-03-28 | 2015-10-27 | Blue Coat Systems, Inc. | Method and system for tracking access to application data and preventing data exploitation by malicious programs |
CN101567887B (zh) * | 2008-12-25 | 2012-05-23 | 中国人民解放军总参谋部第五十四研究所 | 一种漏洞拟真超载蜜罐方法 |
US8479286B2 (en) * | 2009-12-15 | 2013-07-02 | Mcafee, Inc. | Systems and methods for behavioral sandboxing |
CN102088379B (zh) * | 2011-01-24 | 2013-03-13 | 国家计算机网络与信息安全管理中心 | 基于沙箱技术的客户端蜜罐网页恶意代码检测方法与装置 |
US9672355B2 (en) * | 2011-09-16 | 2017-06-06 | Veracode, Inc. | Automated behavioral and static analysis using an instrumented sandbox and machine learning classification for mobile security |
US8739281B2 (en) * | 2011-12-06 | 2014-05-27 | At&T Intellectual Property I, L.P. | Multilayered deception for intrusion detection and prevention |
CN103051615B (zh) * | 2012-12-14 | 2015-07-29 | 陈晶 | 一种蜜场系统中抗大流量攻击的动态防御系统 |
CN103268448B (zh) * | 2013-05-24 | 2016-04-20 | 北京网秦天下科技有限公司 | 动态检测移动应用的安全性的方法和系统 |
US9652362B2 (en) * | 2013-12-06 | 2017-05-16 | Qualcomm Incorporated | Methods and systems of using application-specific and application-type-specific models for the efficient classification of mobile device behaviors |
-
2015
- 2015-11-09 US US14/935,522 patent/US20170134405A1/en not_active Abandoned
-
2016
- 2016-10-11 KR KR1020187012814A patent/KR20180080227A/ko unknown
- 2016-10-11 EP EP16788852.8A patent/EP3375159B1/en active Active
- 2016-10-11 WO PCT/US2016/056438 patent/WO2017083043A1/en active Application Filing
- 2016-10-11 JP JP2018521349A patent/JP2018536932A/ja not_active Ceased
- 2016-10-11 BR BR112018009375A patent/BR112018009375A8/pt not_active Application Discontinuation
- 2016-10-11 CN CN201680062961.2A patent/CN108353078A/zh active Pending
- 2016-10-13 TW TW105132994A patent/TW201717088A/zh unknown
Also Published As
Publication number | Publication date |
---|---|
WO2017083043A1 (en) | 2017-05-18 |
BR112018009375A8 (pt) | 2019-02-26 |
KR20180080227A (ko) | 2018-07-11 |
EP3375159A1 (en) | 2018-09-19 |
CN108353078A (zh) | 2018-07-31 |
JP2018536932A (ja) | 2018-12-13 |
EP3375159B1 (en) | 2020-03-18 |
US20170134405A1 (en) | 2017-05-11 |
TW201717088A (zh) | 2017-05-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
BR112018009375A2 (pt) | sistema tipo honeypot dinâmico | |
BR112013009440A2 (pt) | método e dispositivo de análise de sistema de computador | |
BR112018001050A2 (pt) | dispositivo eletrônico portátil, sistema, método, módulo de ativação-detecção, meio não transitório e armadilhas para monitoramento de controle de pragas e roedores | |
BR112018069481A2 (pt) | métodos e sistemas para utilizar informações coletadas a partir de múltiplos sensores para proteger um veículo contra softwares maliciosos e ataques | |
BR112015020950A2 (pt) | compartilhamento rápido de fotos | |
BR112015022493A2 (pt) | sistema de determinação de contexto demográfico | |
BR112019001323A2 (pt) | recuperação e acesso de partes de segmento para transmissão contínua de mídia | |
BR112018068044A2 (pt) | sistemas e métodos para gerenciamento de recursos computacionais em nuvem para sistemas de informação | |
BR112017014135A2 (pt) | métodos e sistemas para gerenciar permissões para acessar recursos de dispositivo móvel | |
BR112016023521A2 (pt) | método e sistema para inferir estados de aplicação por executar operações de análise comportamental em um dispositivo móvel | |
CA2899201C (en) | Method and system for intrusion and extrusion detection | |
BR112015022640A2 (pt) | sistemas e métodos para controle e comunicações telemáticas | |
BR112018069030A2 (pt) | proteção de dados que utiliza vistas de recursos visuais | |
JP2016149131A5 (pt) | ||
BR112017028567A2 (pt) | métodos e sistemas para a instalação de uma versão de aplicativo através de comunicações de curto alcance | |
BR112017007890A2 (pt) | método, dispositivo e sistema para monitorar remotamente um ou mais parâmetros associados a um animal de pastoreio, e, meio legível por computador não transitório. | |
BR112016023619A8 (pt) | técnicas para otimização de potência com base em parâmetros de rede | |
BR112016023700A2 (pt) | estrutura de integração de serviços no lado do cliente | |
BR112015023014A2 (pt) | privacidade de dados sem fio mantida através de rede social | |
BR112017017490A2 (pt) | ?sistemas de controle de bop e métodos relacionados? | |
BR112015023894A2 (pt) | sistema e método para determinação de propriedades de uma amostra | |
BR112016029297A2 (pt) | método para monitorização de desempenho de uma bomba submersível elétrica, sistema para monitorização de desempenho de uma bomba submersível elétrica, e meio legível por computador não transitório | |
BR112017003426A8 (pt) | Fluxo de dados construído para processamento de evento intensificado | |
BR112015003473A2 (pt) | sistemas e métodos para monitorar uma trajetória de fluxo | |
BR112015019554A2 (pt) | tela de bloqueio com aplicações socializadas |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
B06U | Preliminary requirement: requests with searches performed by other patent offices: procedure suspended [chapter 6.21 patent gazette] | ||
B11B | Dismissal acc. art. 36, par 1 of ipl - no reply within 90 days to fullfil the necessary requirements |