NETWORK INTRUSION DIVERSION USING A SOFTWARE DEFINED NETWORK

Methods, devices, and systems are described for diverting a computer hacker from a physical or other targeted production computer to a decoy software-based host emulator that emulates the physical computer. The decoy has the exact same IP address as the physical computer. In order to avoid packet co...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: HART CATHERINE V, WINSBORROW ERIC, WU JOHNSON L, VERSOLA LEO R
Format: Patent
Sprache:eng
Schlagworte:
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue
container_start_page
container_title
container_volume
creator HART CATHERINE V
WINSBORROW ERIC
WU JOHNSON L
VERSOLA LEO R
description Methods, devices, and systems are described for diverting a computer hacker from a physical or other targeted production computer to a decoy software-based host emulator that emulates the physical computer. The decoy has the exact same IP address as the physical computer. In order to avoid packet collisions, a programmable physical switch and a virtual networking switch are employed, both of which can use software-defined networking (SDN). The virtual switch prevents packets from the decoy from flowing out of its virtual network until commanded. Upon a command, the physical switch redirects specific flows to the virtual switch, and the virtual switch opens specific flows from the decoy. The specific flows are those with packets containing the hacker's computer IP address, production computer IP address, and production computer port. The packets are associated with TCP connections or UDP sessions. The decoy host emulator can be a virtual machine (VM) running alongside many other VMs in a single computer. If the hacker performs a horizontal scan of the network, additional flows are diverted to other decoy host emulators.
format Patent
fullrecord <record><control><sourceid>epo_EVB</sourceid><recordid>TN_cdi_epo_espacenet_US2016080415A1</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>US2016080415A1</sourcerecordid><originalsourceid>FETCH-epo_espacenet_US2016080415A13</originalsourceid><addsrcrecordid>eNrjZLDxcw0J9w_yVvD0CwkKDfb091Nw8QxzDQKzgHw_dwVHhWB_t5BwxyBXBRdXN08_VxcFqCYeBta0xJziVF4ozc2g7OYa4uyhm1qQH59aXJCYnJqXWhIfGmxkYGhmYGFgYmjqaGhMnCoA5IAq4A</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>patent</recordtype></control><display><type>patent</type><title>NETWORK INTRUSION DIVERSION USING A SOFTWARE DEFINED NETWORK</title><source>esp@cenet</source><creator>HART CATHERINE V ; WINSBORROW ERIC ; WU JOHNSON L ; VERSOLA LEO R</creator><creatorcontrib>HART CATHERINE V ; WINSBORROW ERIC ; WU JOHNSON L ; VERSOLA LEO R</creatorcontrib><description>Methods, devices, and systems are described for diverting a computer hacker from a physical or other targeted production computer to a decoy software-based host emulator that emulates the physical computer. The decoy has the exact same IP address as the physical computer. In order to avoid packet collisions, a programmable physical switch and a virtual networking switch are employed, both of which can use software-defined networking (SDN). The virtual switch prevents packets from the decoy from flowing out of its virtual network until commanded. Upon a command, the physical switch redirects specific flows to the virtual switch, and the virtual switch opens specific flows from the decoy. The specific flows are those with packets containing the hacker's computer IP address, production computer IP address, and production computer port. The packets are associated with TCP connections or UDP sessions. The decoy host emulator can be a virtual machine (VM) running alongside many other VMs in a single computer. If the hacker performs a horizontal scan of the network, additional flows are diverted to other decoy host emulators.</description><language>eng</language><subject>ELECTRIC COMMUNICATION TECHNIQUE ; ELECTRICITY ; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><creationdate>2016</creationdate><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20160317&amp;DB=EPODOC&amp;CC=US&amp;NR=2016080415A1$$EHTML$$P50$$Gepo$$Hfree_for_read</linktohtml><link.rule.ids>230,308,780,885,25564,76547</link.rule.ids><linktorsrc>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20160317&amp;DB=EPODOC&amp;CC=US&amp;NR=2016080415A1$$EView_record_in_European_Patent_Office$$FView_record_in_$$GEuropean_Patent_Office$$Hfree_for_read</linktorsrc></links><search><creatorcontrib>HART CATHERINE V</creatorcontrib><creatorcontrib>WINSBORROW ERIC</creatorcontrib><creatorcontrib>WU JOHNSON L</creatorcontrib><creatorcontrib>VERSOLA LEO R</creatorcontrib><title>NETWORK INTRUSION DIVERSION USING A SOFTWARE DEFINED NETWORK</title><description>Methods, devices, and systems are described for diverting a computer hacker from a physical or other targeted production computer to a decoy software-based host emulator that emulates the physical computer. The decoy has the exact same IP address as the physical computer. In order to avoid packet collisions, a programmable physical switch and a virtual networking switch are employed, both of which can use software-defined networking (SDN). The virtual switch prevents packets from the decoy from flowing out of its virtual network until commanded. Upon a command, the physical switch redirects specific flows to the virtual switch, and the virtual switch opens specific flows from the decoy. The specific flows are those with packets containing the hacker's computer IP address, production computer IP address, and production computer port. The packets are associated with TCP connections or UDP sessions. The decoy host emulator can be a virtual machine (VM) running alongside many other VMs in a single computer. If the hacker performs a horizontal scan of the network, additional flows are diverted to other decoy host emulators.</description><subject>ELECTRIC COMMUNICATION TECHNIQUE</subject><subject>ELECTRICITY</subject><subject>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><fulltext>true</fulltext><rsrctype>patent</rsrctype><creationdate>2016</creationdate><recordtype>patent</recordtype><sourceid>EVB</sourceid><recordid>eNrjZLDxcw0J9w_yVvD0CwkKDfb091Nw8QxzDQKzgHw_dwVHhWB_t5BwxyBXBRdXN08_VxcFqCYeBta0xJziVF4ozc2g7OYa4uyhm1qQH59aXJCYnJqXWhIfGmxkYGhmYGFgYmjqaGhMnCoA5IAq4A</recordid><startdate>20160317</startdate><enddate>20160317</enddate><creator>HART CATHERINE V</creator><creator>WINSBORROW ERIC</creator><creator>WU JOHNSON L</creator><creator>VERSOLA LEO R</creator><scope>EVB</scope></search><sort><creationdate>20160317</creationdate><title>NETWORK INTRUSION DIVERSION USING A SOFTWARE DEFINED NETWORK</title><author>HART CATHERINE V ; WINSBORROW ERIC ; WU JOHNSON L ; VERSOLA LEO R</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-epo_espacenet_US2016080415A13</frbrgroupid><rsrctype>patents</rsrctype><prefilter>patents</prefilter><language>eng</language><creationdate>2016</creationdate><topic>ELECTRIC COMMUNICATION TECHNIQUE</topic><topic>ELECTRICITY</topic><topic>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</topic><toplevel>online_resources</toplevel><creatorcontrib>HART CATHERINE V</creatorcontrib><creatorcontrib>WINSBORROW ERIC</creatorcontrib><creatorcontrib>WU JOHNSON L</creatorcontrib><creatorcontrib>VERSOLA LEO R</creatorcontrib><collection>esp@cenet</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>HART CATHERINE V</au><au>WINSBORROW ERIC</au><au>WU JOHNSON L</au><au>VERSOLA LEO R</au><format>patent</format><genre>patent</genre><ristype>GEN</ristype><title>NETWORK INTRUSION DIVERSION USING A SOFTWARE DEFINED NETWORK</title><date>2016-03-17</date><risdate>2016</risdate><abstract>Methods, devices, and systems are described for diverting a computer hacker from a physical or other targeted production computer to a decoy software-based host emulator that emulates the physical computer. The decoy has the exact same IP address as the physical computer. In order to avoid packet collisions, a programmable physical switch and a virtual networking switch are employed, both of which can use software-defined networking (SDN). The virtual switch prevents packets from the decoy from flowing out of its virtual network until commanded. Upon a command, the physical switch redirects specific flows to the virtual switch, and the virtual switch opens specific flows from the decoy. The specific flows are those with packets containing the hacker's computer IP address, production computer IP address, and production computer port. The packets are associated with TCP connections or UDP sessions. The decoy host emulator can be a virtual machine (VM) running alongside many other VMs in a single computer. If the hacker performs a horizontal scan of the network, additional flows are diverted to other decoy host emulators.</abstract><oa>free_for_read</oa></addata></record>
fulltext fulltext_linktorsrc
identifier
ispartof
issn
language eng
recordid cdi_epo_espacenet_US2016080415A1
source esp@cenet
subjects ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
title NETWORK INTRUSION DIVERSION USING A SOFTWARE DEFINED NETWORK
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-24T06%3A16%3A12IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-epo_EVB&rft_val_fmt=info:ofi/fmt:kev:mtx:patent&rft.genre=patent&rft.au=HART%20CATHERINE%20V&rft.date=2016-03-17&rft_id=info:doi/&rft_dat=%3Cepo_EVB%3EUS2016080415A1%3C/epo_EVB%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true