Browse Prior Art Database

system and method of virtual fake connection to trace the purpose of attacking

IP.com Disclosure Number: IPCOM000238162D
Publication Date: 2014-Aug-06
Document File: 4 page(s) / 153K

Publishing Venue

The IP.com Prior Art Database

Abstract

Our disclosure defines a new process which provide the fake connections, for the fake process, the system would perform normally for the connector, but the return information is incorrect. Before our process, when the system detects the threat connection would terminate the connections immediately. But it is not effective for analyzing the attacker's purpose and subdividing threat type.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 01 of 4

system and method of virtual fake connection to trace the purpose of attacking

Security becomes more and more important in system analyzing. But currently, most of the system have policy to avoid the security access for sensitive information. When the actions are detected, the connection would be cut immediately, the system could not know what the connector would do in the following time.

Currently, system have careful defined policy to cut connections when the thread actions are detected, so we could not analyze the following behaviors for the following, and it is hard analyzing the type of the attacking.

Our solution is that when the system detects the thread for the system, we transfer the connection to a fake system with virtual database for response with a similar actions to make the action trend continue. The potential threaten connection would be transmitted to fake system which would perform as the normal connection but return the incorrect information, so the security project system could analyze the attacker's trend and determine whether the connection is dangerous and how dangerous it is.

Our disclosure defines a new process which provide the fake connections, for the fake process, the system would perform normally for the connector, but the return information is incorrect. Before our process, when the system detects the threat connection would terminate the connections immediately. But it is not effective for analyzing the attacker's purpose and subdividing threat type.The blue part is the key for our disclosure, it would keep the react with connectors, but the connection would transmit to a virtual server rather than application server. The virtual system would also give the messages to the connectors with logical dependency between information, but all the message is meaningless.

1



Page 02 of 4

The following is the process for the fake system:

2



Page...