CPC H04L 63/1491 (2013.01) [H04L 45/64 (2013.01); H04L 63/1416 (2013.01); H04L 63/1433 (2013.01)] | 20 Claims |
1. A computer-implemented method comprising:
receiving, by one or more processors, from a rule-based intrusion detection system, an intercepted request sent by a hacker;
responsive to receiving the intercepted request, analyzing, by the one or more processors, the intercepted request to determine, in part, a type of service and a type of hacker;
responsive to analyzing the intercepted request, building, by the one or more processors, an initial layer of a honeypot maze that includes at least one service corresponding to the service type and the type of hacker from the analyzed intercepted request;
responsive to building the initial layer of the honeypot maze, simulating, by the one or more processors, the initial layer of the honeypot maze to the hacker; and
iteratively building, by the one or more processors, additional layers of the honeypot maze based on additional intercepted requests from the hacker using a Software-Defined Networking (SDN) approach.
|