US 11,750,653 B2
Network intrusion counter-intelligence
Navindra Yadav, Cupertino, CA (US); Shih-Chun Chang, San Jose, CA (US); Shashi Gandham, Fremont, CA (US); Xiaofei Guo, Palo Alto, CA (US); Hoang Viet Nguyen, Pleasanton, CA (US); Xin Liu, San Mateo, CA (US); Thanh Trung Ngo, Menlo Park, CA (US); Duan Tran, Los Altos, CA (US); and Xuan Loc Bui, Sunnyvale, CA (US)
Assigned to Cisco Technology, Inc., San Jose, CA (US)
Filed by Cisco Technology, Inc., San Jose, CA (US)
Filed on Dec. 20, 2021, as Appl. No. 17/556,673.
Application 17/556,673 is a continuation of application No. 15/862,363, filed on Jan. 4, 2018, granted, now 11,233,821.
Prior Publication US 2022/0116421 A1, Apr. 14, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/1491 (2013.01) [H04L 63/102 (2013.01); H04L 63/1425 (2013.01); H04L 63/20 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method, comprising:
identifying a malicious user accessing network services through a network environment associated with an enterprise based on a signature of a previously identified malicious user, wherein the signature of the previously identified malicious user includes one or more patterns of network service access requests and responses of the previously identified malicious user in one or more previous attacks, the signature being refined over time based at least in part on previous interactions with a decoy network environment;
receiving network service access requests from the malicious user in interacting with the network environment associated with the enterprise;
directing the network service access requests received from the malicious user to the decoy network environment in response to identifying the malicious user based on the signature of the malicious user; and
maintaining malicious user analytics based on the network service access requests of the malicious user directed to the decoy network environment.