公开(公告)号：US09009829B2

公开(公告)日：2015-04-14

申请号：US12565394

申请日：2009-09-23

申请人： Salvatore J. Stolfo ,  Angelos D. Keromytis ,  Brian M. Bowen ,  Shlomo Hershkop ,  Vasileios P. Kemerlis ,  Pratap V. Prabhu ,  Malek Ben Salem

发明人： Salvatore J. Stolfo ,  Angelos D. Keromytis ,  Brian M. Bowen ,  Shlomo Hershkop ,  Vasileios P. Kemerlis ,  Pratap V. Prabhu ,  Malek Ben Salem

IPC分类号： G06F11/00 ,  G06F21/55 ,  G06F21/56 ,  H04L29/06

CPC分类号： G06F21/554 ,  G06F21/552 ,  G06F21/566 ,  G06F2221/034 ,  G06F2221/2123 ,  H04L63/1466

摘要： Methods, systems, and media for providing trap-based defenses are provided. In accordance with some embodiments, a method for providing trap-based defenses is provided, the method comprising: generating decoy information based at least in part on actual information in a computing environment, wherein the decoy information is generated to comply with one or more document properties; embedding a beacon into the decoy information; and inserting the decoy information with the embedded beacon into the computing environment, wherein the embedded beacon provides a first indication that the decoy information has been accessed by an attacker and wherein the embedded beacon provides a second indication that differentiates between the decoy information and the actual information.

摘要翻译： 提供了用于提供基于陷阱的防御的方法，系统和媒体。 根据一些实施例，提供了一种用于提供基于陷阱的防御的方法，所述方法包括：至少部分地基于计算环境中的实际信息生成诱饵信息，其中所述诱饵信息被生成以符合一个或多个文档 属性; 将信标嵌入诱饵信息中; 以及将具有所嵌入的信标的诱饵信息插入所述计算环境中，其中所述嵌入式信标提供所述诱饵信息已被攻击者访问的第一指示，并且其中所述嵌入信标提供区分所述诱饵信息和所述实际信息之间的第二指示 信息。

公开(公告)号：US20100077483A1

公开(公告)日：2010-03-25

申请号：US12565394

申请日：2009-09-23

申请人： Salvatore J. Stolfo ,  Angelos D. Keromytis ,  Brian M. Bowen ,  Shlomo Hershkop ,  Vasileios P. Kemerlis ,  Pratap V. Prabhu ,  Malek Ben Salem

发明人： Salvatore J. Stolfo ,  Angelos D. Keromytis ,  Brian M. Bowen ,  Shlomo Hershkop ,  Vasileios P. Kemerlis ,  Pratap V. Prabhu ,  Malek Ben Salem

IPC分类号： G06F11/00

CPC分类号： G06F21/554 ,  G06F21/552 ,  G06F21/566 ,  G06F2221/034 ,  G06F2221/2123 ,  H04L63/1466

摘要： Methods, systems, and media for providing trap-based defenses are provided. In accordance with some embodiments, a method for providing trap-based defenses is provided, the method comprising: generating decoy information based at least in part on actual information in a computing environment, wherein the decoy information is generated to comply with one or more document properties; embedding a beacon into the decoy information; and inserting the decoy information with the embedded beacon into the computing environment, wherein the embedded beacon provides a first indication that the decoy information has been accessed by an attacker and wherein the embedded beacon provides a second indication that differentiates between the decoy information and the actual information.

摘要翻译： 提供了用于提供基于陷阱的防御的方法，系统和媒体。 根据一些实施例，提供了一种用于提供基于陷阱的防御的方法，所述方法包括：至少部分地基于计算环境中的实际信息生成诱饵信息，其中所述诱饵信息被生成以符合一个或多个文档 属性; 将信标嵌入诱饵信息中; 以及将具有所嵌入的信标的诱饵信息插入所述计算环境中，其中所述嵌入式信标提供所述诱饵信息已被攻击者访问的第一指示，并且其中所述嵌入信标提供区分所述诱饵信息和所述实际信息之间的第二指示 信息。

公开(公告)号：US08528091B2

公开(公告)日：2013-09-03

申请号：US12982984

申请日：2010-12-31

申请人： Brian M. Bowen ,  Pratap V. Prabhu ,  Vasileios P. Kemerlis ,  Stylianos Sidiroglou ,  Salvatore J. Stolfo ,  Angelos D. Keromytis

发明人： Brian M. Bowen ,  Pratap V. Prabhu ,  Vasileios P. Kemerlis ,  Stylianos Sidiroglou ,  Salvatore J. Stolfo ,  Angelos D. Keromytis

IPC分类号： G06F11/00 ,  H04L9/32

CPC分类号： G06F21/56 ,  G06F21/566 ,  G06F21/577 ,  H04L63/1441 ,  H04L63/1491

摘要： Methods, systems, and media for detecting covert malware are provided. In accordance with some embodiments, a method for detecting covert malware in a computing environment is provided, the method comprising: generating simulated user activity outside of the computing environment; conveying the simulated user activity to an application inside the computing environment; and determining whether a decoy corresponding to the simulated user activity has been accessed by an unauthorized entity.

摘要翻译： 提供了用于检测隐蔽恶意软件的方法，系统和媒体。 根据一些实施例，提供了一种用于在计算环境中检测隐匿恶意软件的方法，所述方法包括：在所述计算环境之外生成模拟用户活动; 将所述模拟用户活动传达到所述计算环境内的应用; 以及确定是否已经被未经授权的实体访问与所述模拟用户活动相对应的诱饵。

公开(公告)号：US20110167494A1

公开(公告)日：2011-07-07

申请号：US12982984

申请日：2010-12-31

申请人： Brian M. Bowen ,  Pratap V. Prabhu ,  Vasileios P. Kemerlis ,  Stylianos Sidiroglou ,  Salvatore J. Stolfo ,  Angelos D. Keromytis

发明人： Brian M. Bowen ,  Pratap V. Prabhu ,  Vasileios P. Kemerlis ,  Stylianos Sidiroglou ,  Salvatore J. Stolfo ,  Angelos D. Keromytis

IPC分类号： G06F21/00

CPC分类号： G06F21/56 ,  G06F21/566 ,  G06F21/577 ,  H04L63/1441 ,  H04L63/1491

摘要： Methods, systems, and media for detecting covert malware are provided. In accordance with some embodiments, a method for detecting covert malware in a computing environment is provided, the method comprising: generating simulated user activity outside of the computing environment; conveying the simulated user activity to an application inside the computing environment; and determining whether a decoy corresponding to the simulated user activity has been accessed by an unauthorized entity.

摘要翻译： 提供了用于检测隐蔽恶意软件的方法，系统和媒体。 根据一些实施例，提供了一种用于在计算环境中检测隐匿恶意软件的方法，所述方法包括：在所述计算环境之外生成模拟用户活动; 将所述模拟用户活动传达到所述计算环境内的应用; 以及确定是否已经被未经授权的实体访问与所述模拟用户活动相对应的诱饵。