US 11,689,568 B2
Dynamic maze honeypot response system
Francesco Maria Carteri, Rome (IT); and Roberto Ragusa, Rome (IT)
Assigned to International Business Machines Corporation, Armonk, NY (US)
Filed by International Business Machines Corporation, Armonk, NY (US)
Filed on May 8, 2020, as Appl. No. 16/869,928.
Prior Publication US 2021/0352103 A1, Nov. 11, 2021
Int. Cl. H04L 29/06 (2006.01); H04L 12/715 (2013.01); H04L 9/40 (2022.01); H04L 45/64 (2022.01)
CPC H04L 63/1491 (2013.01) [H04L 45/64 (2013.01); H04L 63/1416 (2013.01); H04L 63/1433 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A computer-implemented method comprising:
receiving, by one or more processors, from a rule-based intrusion detection system, an intercepted request sent by a hacker;
responsive to receiving the intercepted request, analyzing, by the one or more processors, the intercepted request to determine, in part, a type of service and a type of hacker;
responsive to analyzing the intercepted request, building, by the one or more processors, an initial layer of a honeypot maze that includes at least one service corresponding to the service type and the type of hacker from the analyzed intercepted request;
responsive to building the initial layer of the honeypot maze, simulating, by the one or more processors, the initial layer of the honeypot maze to the hacker; and
iteratively building, by the one or more processors, additional layers of the honeypot maze based on additional intercepted requests from the hacker using a Software-Defined Networking (SDN) approach.