CA2901302A1 - Deception-based responses to security attacks - Google Patents

Deception-based responses to security attacks Download PDF

Info

Publication number
CA2901302A1
CA2901302A1 CA2901302A CA2901302A CA2901302A1 CA 2901302 A1 CA2901302 A1 CA 2901302A1 CA 2901302 A CA2901302 A CA 2901302A CA 2901302 A CA2901302 A CA 2901302A CA 2901302 A1 CA2901302 A1 CA 2901302A1
Authority
CA
Canada
Prior art keywords
attack
monitored
adversary
document
monitored computing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
CA2901302A
Other languages
English (en)
French (fr)
Inventor
Adam S. Meyers
Dmitri Alperovitch
George Robert Kurtz
David F. Diehl
Sven Krasser
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Crowdstrike Inc
Original Assignee
Crowdstrike Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Crowdstrike Inc filed Critical Crowdstrike Inc
Publication of CA2901302A1 publication Critical patent/CA2901302A1/en
Abandoned legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1491Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2111Location-sensitive, e.g. geographical location, GPS
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2129Authenticate client device independently of the user

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Computing Systems (AREA)
  • Virology (AREA)
  • Computer And Data Communications (AREA)
  • User Interface Of Digital Computer (AREA)
  • Information Transfer Between Computers (AREA)
CA2901302A 2013-03-04 2014-02-24 Deception-based responses to security attacks Abandoned CA2901302A1 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US13/784,720 US10713356B2 (en) 2013-03-04 2013-03-04 Deception-based responses to security attacks
US13/784,720 2013-03-04
PCT/US2014/017950 WO2014137640A1 (en) 2013-03-04 2014-02-24 Deception-based responses to security attacks

Publications (1)

Publication Number Publication Date
CA2901302A1 true CA2901302A1 (en) 2014-09-12

Family

ID=51421725

Family Applications (1)

Application Number Title Priority Date Filing Date
CA2901302A Abandoned CA2901302A1 (en) 2013-03-04 2014-02-24 Deception-based responses to security attacks

Country Status (9)

Country Link
US (4) US10713356B2 (enExample)
EP (4) EP3731125B1 (enExample)
JP (1) JP2016514313A (enExample)
AU (1) AU2014226405A1 (enExample)
BR (1) BR112015021552A2 (enExample)
CA (1) CA2901302A1 (enExample)
IL (1) IL240743A0 (enExample)
SG (1) SG11201506719QA (enExample)
WO (1) WO2014137640A1 (enExample)

Families Citing this family (48)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10713356B2 (en) * 2013-03-04 2020-07-14 Crowdstrike, Inc. Deception-based responses to security attacks
US9158914B2 (en) * 2013-04-19 2015-10-13 Crowdstrike, Inc. Executable component injection utilizing hotpatch mechanisms
US10432658B2 (en) * 2014-01-17 2019-10-01 Watchguard Technologies, Inc. Systems and methods for identifying and performing an action in response to identified malicious network traffic
US10264025B2 (en) 2016-06-24 2019-04-16 Varmour Networks, Inc. Security policy generation for virtualization, bare-metal server, and cloud computing environments
US10091238B2 (en) 2014-02-11 2018-10-02 Varmour Networks, Inc. Deception using distributed threat detection
US8997226B1 (en) * 2014-04-17 2015-03-31 Shape Security, Inc. Detection of client-side malware activity
US9769204B2 (en) * 2014-05-07 2017-09-19 Attivo Networks Inc. Distributed system for Bot detection
US9609019B2 (en) * 2014-05-07 2017-03-28 Attivo Networks Inc. System and method for directing malicous activity to a monitoring system
US11507663B2 (en) 2014-08-11 2022-11-22 Sentinel Labs Israel Ltd. Method of remediating operations performed by a program and system thereof
US9710648B2 (en) 2014-08-11 2017-07-18 Sentinel Labs Israel Ltd. Method of malware detection and system thereof
US10193929B2 (en) 2015-03-13 2019-01-29 Varmour Networks, Inc. Methods and systems for improving analytics in distributed networks
US9380027B1 (en) 2015-03-30 2016-06-28 Varmour Networks, Inc. Conditional declarative policies
US10191758B2 (en) 2015-12-09 2019-01-29 Varmour Networks, Inc. Directing data traffic between intra-server virtual machines
US9680852B1 (en) 2016-01-29 2017-06-13 Varmour Networks, Inc. Recursive multi-layer examination for computer network security remediation
JP2019511055A (ja) 2016-03-24 2019-04-18 カーボン ブラック, インコーポレイテッド サイバーセキュリティインシデントに対する応答を誘導するためのシステムおよび技術
US9853999B2 (en) * 2016-04-27 2017-12-26 Acalvio Technologies, Inc. Context-aware knowledge system and methods for deploying deception mechanisms
US10681059B2 (en) 2016-05-25 2020-06-09 CyberOwl Limited Relating to the monitoring of network security
US10755334B2 (en) 2016-06-30 2020-08-25 Varmour Networks, Inc. Systems and methods for continually scoring and segmenting open opportunities using client data and product predictors
US11616812B2 (en) 2016-12-19 2023-03-28 Attivo Networks Inc. Deceiving attackers accessing active directory data
US11695800B2 (en) 2016-12-19 2023-07-04 SentinelOne, Inc. Deceiving attackers accessing network data
JP2020530922A (ja) 2017-08-08 2020-10-29 センチネル ラボ, インコーポレイテッドSentinel Labs, Inc. エッジネットワーキングのエンドポイントを動的にモデリングおよびグループ化する方法、システム、およびデバイス
US10785258B2 (en) 2017-12-01 2020-09-22 At&T Intellectual Property I, L.P. Counter intelligence bot
RU2697950C2 (ru) * 2018-02-06 2019-08-21 Акционерное общество "Лаборатория Касперского" Система и способ выявления скрытого поведения расширения браузера
US11470115B2 (en) 2018-02-09 2022-10-11 Attivo Networks, Inc. Implementing decoys in a network environment
JP7278423B2 (ja) 2019-05-20 2023-05-19 センチネル ラブス イスラエル リミテッド 実行可能コード検出、自動特徴抽出及び位置独立コード検出のためのシステム及び方法
US11863580B2 (en) 2019-05-31 2024-01-02 Varmour Networks, Inc. Modeling application dependencies to identify operational risk
US11310284B2 (en) 2019-05-31 2022-04-19 Varmour Networks, Inc. Validation of cloud security policies
US11575563B2 (en) 2019-05-31 2023-02-07 Varmour Networks, Inc. Cloud security management
US11711374B2 (en) 2019-05-31 2023-07-25 Varmour Networks, Inc. Systems and methods for understanding identity and organizational access to applications within an enterprise environment
US11290494B2 (en) 2019-05-31 2022-03-29 Varmour Networks, Inc. Reliability prediction for cloud security policies
US11290493B2 (en) 2019-05-31 2022-03-29 Varmour Networks, Inc. Template-driven intent-based security
CN111786964B (zh) * 2020-06-12 2022-09-30 深信服科技股份有限公司 网络安全检测方法、终端及网络安全设备
US12375527B2 (en) * 2020-06-24 2025-07-29 Fortinet, Inc. Leveraging network security scanning to obtain enhanced information regarding an attack chain involving a decoy file
US11546368B2 (en) * 2020-09-28 2023-01-03 T-Mobile Usa, Inc. Network security system including a multi-dimensional domain name system to protect against cybersecurity threats
US11496522B2 (en) 2020-09-28 2022-11-08 T-Mobile Usa, Inc. Digital on-demand coupons for security service of communications system
US11558352B2 (en) * 2020-10-19 2023-01-17 Cycraft Singapore Pte. Ltd. Cyber security protection system and related proactive suspicious domain alert system
US11579857B2 (en) 2020-12-16 2023-02-14 Sentinel Labs Israel Ltd. Systems, methods and devices for device fingerprinting and automatic deployment of software in a computing network using a peer-to-peer approach
US11818152B2 (en) 2020-12-23 2023-11-14 Varmour Networks, Inc. Modeling topic-based message-oriented middleware within a security system
US11876817B2 (en) 2020-12-23 2024-01-16 Varmour Networks, Inc. Modeling queue-based message-oriented middleware relationships in a security system
US11777978B2 (en) 2021-01-29 2023-10-03 Varmour Networks, Inc. Methods and systems for accurately assessing application access risk
US12050693B2 (en) 2021-01-29 2024-07-30 Varmour Networks, Inc. System and method for attributing user behavior from multiple technical telemetry sources
US11734316B2 (en) 2021-07-08 2023-08-22 Varmour Networks, Inc. Relationship-based search in a computing environment
US11899782B1 (en) 2021-07-13 2024-02-13 SentinelOne, Inc. Preserving DLL hooks
US12072405B2 (en) * 2021-11-08 2024-08-27 Nightwing Group, Llc Context-aware, intelligent beaconing
US12423414B2 (en) * 2022-02-14 2025-09-23 The George Washington University MAYA: a hardware-based cyber-deception framework to combat malware
US12452273B2 (en) 2022-03-30 2025-10-21 SentinelOne, Inc Systems, methods, and devices for preventing credential passing attacks
US12355792B2 (en) * 2022-11-30 2025-07-08 Palo Alto Networks, Inc. Strategically aged domain detection
WO2024152041A1 (en) 2023-01-13 2024-07-18 SentinelOne, Inc. Classifying cybersecurity threats using machine learning on non-euclidean data

Family Cites Families (54)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002007234A (ja) 2000-06-20 2002-01-11 Mitsubishi Electric Corp 不正メッセージ検出装置、不正メッセージ対策システム、不正メッセージ検出方法、不正メッセージ対策方法、及びコンピュータ読み取り可能な記録媒体
US20020066034A1 (en) * 2000-10-24 2002-05-30 Schlossberg Barry J. Distributed network security deception system
WO2002056132A2 (en) * 2000-11-01 2002-07-18 Snapnames Com Inc Domain name acquisition and management system and method
WO2002098100A1 (en) 2001-05-31 2002-12-05 Preventon Technologies Limited Access control systems
JP3914757B2 (ja) * 2001-11-30 2007-05-16 デュアキシズ株式会社 ウィルス検査のための装置と方法とシステム
US20040148521A1 (en) * 2002-05-13 2004-07-29 Sandia National Laboratories Method and apparatus for invisible network responder
JP2004102772A (ja) 2002-09-11 2004-04-02 Renesas Technology Corp 設計検証装置
US7437766B2 (en) * 2002-10-03 2008-10-14 Sandia National Laboratories Method and apparatus providing deception and/or altered operation in an information system operating system
US7376969B1 (en) * 2002-12-02 2008-05-20 Arcsight, Inc. Real time monitoring and analysis of events from multiple network security devices
US20040139170A1 (en) 2003-01-15 2004-07-15 Ming-Teh Shen Method and apparatus for management of shared wide area network connections
US7100205B2 (en) * 2003-10-22 2006-08-29 The United States Of America As Represented By The Secretary Of The Navy Secure attention instruction central processing unit and system architecture
US7356534B2 (en) 2004-03-15 2008-04-08 Microsoft Corporation Providing notifications for domain registration changes
US7870608B2 (en) * 2004-05-02 2011-01-11 Markmonitor, Inc. Early detection and monitoring of online fraud
US7908653B2 (en) * 2004-06-29 2011-03-15 Intel Corporation Method of improving computer security through sandboxing
US7515715B2 (en) * 2004-07-08 2009-04-07 Honeywell International Inc. Information security for aeronautical surveillance systems
US20060161982A1 (en) * 2005-01-18 2006-07-20 Chari Suresh N Intrusion detection system
EP1718034A1 (en) * 2005-04-25 2006-11-02 Thomson Multimedia Broadband Belgium Process for managing resource address requests and associated gateway device
JP2009512939A (ja) 2005-10-21 2009-03-26 ヴァー2アス インコーポレイテッド 複数のオペレーティングシステムのインスタンスが単一のマシン資源を安全に共有することを可能とする、オペレーティングシステムの仮想化、を有するコンピュータセキュリティ方法
US20120151553A1 (en) 2005-11-16 2012-06-14 Azos Ai, Llc System, method, and apparatus for data cognition incorporating autonomous security protection
US8375120B2 (en) * 2005-11-23 2013-02-12 Trend Micro Incorporated Domain name system security network
US20070226799A1 (en) * 2006-03-21 2007-09-27 Prem Gopalan Email-based worm propagation properties
US20080016339A1 (en) * 2006-06-29 2008-01-17 Jayant Shukla Application Sandbox to Detect, Remove, and Prevent Malware
JP4780413B2 (ja) 2007-01-12 2011-09-28 横河電機株式会社 不正アクセス情報収集システム
US20080270203A1 (en) * 2007-04-27 2008-10-30 Corporation Service Company Assessment of Risk to Domain Names, Brand Names and the Like
US9009829B2 (en) * 2007-06-12 2015-04-14 The Trustees Of Columbia University In The City Of New York Methods, systems, and media for baiting inside attackers
US20120084866A1 (en) * 2007-06-12 2012-04-05 Stolfo Salvatore J Methods, systems, and media for measuring computer security
WO2009032379A1 (en) * 2007-06-12 2009-03-12 The Trustees Of Columbia University In The City Of New York Methods and systems for providing trap-based defenses
CA2697632C (en) 2007-08-06 2015-05-12 Bernard De Monseignat System and method for authentication, data transfer, and protection against phishing
US8387040B2 (en) * 2008-01-24 2013-02-26 International Business Machines Corporation Dynamic creation of client-side environment for problem analysis
KR100985049B1 (ko) 2008-05-19 2010-10-04 주식회사 안철수연구소 파밍감지 시스템 및 이를 제어하는 방법
JP5328283B2 (ja) 2008-10-07 2013-10-30 Kddi株式会社 情報処理装置、プログラム、および記録媒体
US8769684B2 (en) * 2008-12-02 2014-07-01 The Trustees Of Columbia University In The City Of New York Methods, systems, and media for masquerade attack detection by monitoring computer user behavior
US8347394B1 (en) * 2009-07-15 2013-01-01 Trend Micro, Inc. Detection of downloaded malware using DNS information
US8321551B2 (en) 2010-02-02 2012-11-27 Symantec Corporation Using aggregated DNS information originating from multiple sources to detect anomalous DNS name resolutions
US8549643B1 (en) * 2010-04-02 2013-10-01 Symantec Corporation Using decoys by a data loss prevention system to protect against unscripted activity
US8650215B2 (en) * 2010-05-04 2014-02-11 Red Hat, Inc. Decoy application servers
US8260914B1 (en) 2010-06-22 2012-09-04 Narus, Inc. Detecting DNS fast-flux anomalies
US8661544B2 (en) * 2010-08-31 2014-02-25 Cisco Technology, Inc. Detecting botnets
US8312517B2 (en) 2010-08-31 2012-11-13 Intel Corporation User-entered credentials for a mobile station in a wireless network
US8453258B2 (en) 2010-09-15 2013-05-28 Bank Of America Corporation Protecting an electronic document by embedding an executable script
US8516585B2 (en) 2010-10-01 2013-08-20 Alcatel Lucent System and method for detection of domain-flux botnets and the like
JP5697206B2 (ja) 2011-03-31 2015-04-08 インターナショナル・ビジネス・マシーンズ・コーポレーションInternational Business Machines Corporation 不正アクセスに対する防御をするシステム、方法およびプログラム
US9467421B2 (en) 2011-05-24 2016-10-11 Palo Alto Networks, Inc. Using DNS communications to filter domain names
KR101115250B1 (ko) 2011-08-11 2012-02-15 주식회사 반딧불소프트웨어 Qr코드의 안전도 검사 장치 및 방법
US20130139259A1 (en) * 2011-11-30 2013-05-30 Elwha Llc Deceptive indicia profile generation from communications interactions
US8739281B2 (en) * 2011-12-06 2014-05-27 At&T Intellectual Property I, L.P. Multilayered deception for intrusion detection and prevention
US8925080B2 (en) * 2011-12-20 2014-12-30 Sap Se Deception-based network security using false positive responses to unauthorized access requests
US8949982B2 (en) * 2011-12-30 2015-02-03 Verisign, Inc. Method for administering a top-level domain
US9497212B2 (en) 2012-05-21 2016-11-15 Fortinet, Inc. Detecting malicious resources in a network based upon active client reputation monitoring
US8813228B2 (en) * 2012-06-29 2014-08-19 Deloitte Development Llc Collective threat intelligence gathering system
US9749336B1 (en) * 2013-02-26 2017-08-29 Palo Alto Networks, Inc. Malware domain detection using passive DNS
US10713356B2 (en) * 2013-03-04 2020-07-14 Crowdstrike, Inc. Deception-based responses to security attacks
US10298598B1 (en) * 2013-12-16 2019-05-21 Amazon Technologies, Inc. Countering service enumeration through imposter-driven response
US10178121B2 (en) 2015-10-01 2019-01-08 Michael Klatt Domain reputation evaluation process and method

Also Published As

Publication number Publication date
EP2965256A4 (en) 2017-03-22
EP2965256A1 (en) 2016-01-13
US20200285739A1 (en) 2020-09-10
EP3731123A1 (en) 2020-10-28
EP3731125A1 (en) 2020-10-28
US20200285740A1 (en) 2020-09-10
US20240028717A1 (en) 2024-01-25
BR112015021552A2 (pt) 2017-07-18
EP3731125B1 (en) 2022-06-08
US12118086B2 (en) 2024-10-15
JP2016514313A (ja) 2016-05-19
US10713356B2 (en) 2020-07-14
EP3731124A1 (en) 2020-10-28
US11809555B2 (en) 2023-11-07
IL240743A0 (en) 2015-10-29
EP3731123B1 (en) 2024-04-03
US20140250524A1 (en) 2014-09-04
EP3731124B1 (en) 2023-08-02
SG11201506719QA (en) 2015-09-29
WO2014137640A1 (en) 2014-09-12
AU2014226405A1 (en) 2015-09-10

Similar Documents

Publication Publication Date Title
US20240028717A1 (en) Deception-Based Responses to Security Attacks
US11882136B2 (en) Process-specific network access control based on traffic monitoring
US10812521B1 (en) Security monitoring system for internet of things (IOT) device environments
US12058148B2 (en) Distributed threat sensor analysis and correlation
US11489853B2 (en) Distributed threat sensor data aggregation and data export
US12041094B2 (en) Threat sensor deployment and management
US20160261631A1 (en) Emulating shellcode attacks
US20150244730A1 (en) System And Method For Verifying And Detecting Malware
US20150326599A1 (en) Evaluating URLS For Malicious Content
US20110078497A1 (en) Automated recovery from a security event
US20180034837A1 (en) Identifying compromised computing devices in a network
Almarri et al. Optimised malware detection in digital forensics
US20230342461A1 (en) Malware detection for documents using knowledge distillation assisted learning
US20250240313A1 (en) Large language model (llm) powered detection reasoning solution
Bu et al. The new era of botnets
US20240283818A1 (en) Using cross workloads signals to remediate password spraying attacks
US20230342460A1 (en) Malware detection for documents with deep mutual learning
WO2025174601A1 (en) Enabling device context awareness, data ingestion and real-time actions in mobile networks
Cunningham et al. Automated detection of Mirai-like IOT bots, in large scale internet service provider networks, through sampled traffic flow analysis
CN115486031A (zh) 威胁传感器部署和管理

Legal Events

Date Code Title Description
FZDE Discontinued

Effective date: 20200225