| CPC H04L 63/1416 (2013.01) [H04L 63/1433 (2013.01); H04L 63/1491 (2013.01)] | 5 Claims |
|
1. Method for improving the security of an electronic communication network using deception technology, in which lures and decoys are distributed in the communication network, in order to detect an attacker in the communication network, characterised in that an attack vector on the communications network is determined,
an attack graph is drawn up, on the basis of the attack vector, which graph shows possible weak points and attack paths as acyclic directed graphs having at least one sink representing the target, and at least one source representing the relevant weak point,
the type and the number of lures and decoys are determined on the basis of the structure of the attack graph, and
the lures and decoys are distributed in the communication network using a target function, wherein the target function takes into account the following parameters:
a) shorter paths to the target or the targets of the attack graph are particularly attractive for attackers;
b) a decoy is placed on as many paths as possible to the target or the targets of the attack graph; and
c) the lures and decoys are arranged as close as possible to the weak points of the attack graph,
wherein a new attack graph is created by the distribution of the lures and decoys, and wherein subsequently a comparison of the original attack graph with the newly created attack graph is carried out, and the change is assessed on the basis of the target function value.
|