首页>
外国专利>
LEVERAGING NETWORK SECURITY SCANNING TO OBTAIN ENHANCED INFORMATION REGARDING AN ATTACK CHAIN INVOLVING A DECOY FILE
LEVERAGING NETWORK SECURITY SCANNING TO OBTAIN ENHANCED INFORMATION REGARDING AN ATTACK CHAIN INVOLVING A DECOY FILE
展开▼
机译:利用网络安全扫描以获得有关涉及诱饵文件的攻击链的增强信息
展开▼
页面导航
摘要
著录项
相似文献
摘要
Systems and methods for identifying a source of an attack chain based on network security scanning events triggered by movement of a decoy file are provided. A decoy file is stored on a deception host deployed by a deception-based intrusion detection system (IDS) within a private network. The decoy file contains therein a traceable object that is detectable by network security scanning performed by multiple network security devices protecting the private network. Information regarding an attack chain associated with an access to the decoy file or a transmission of the decoy file through the one or more network security devices is received by the deception-based IDS from the one or more network security devices. The information is created responsive to detection of a security incident by the network security scanning. Finally, an Internet Protocol (IP) address of a computer system that originated the attack chain is determined.
展开▼