| CPC H04L 63/1491 (2013.01) [H04L 43/062 (2013.01); H04L 43/08 (2013.01); H04L 43/12 (2013.01); H04L 63/1416 (2013.01); H04L 63/1425 (2013.01); H04L 63/1433 (2013.01)] | 20 Claims |
|
1. A method for monitoring network traffic in one or more networks using one or more network computers, wherein execution of instructions by the one or more network computers causes performance of actions, comprising:
generating a plurality of honeypot traps that include false information to mimic one or more targets of one or more attacks in the one or more networks, wherein a plurality of other honeypot traps are generated to mimic the one or more targets based on ingress and egress of the monitored traffic associated with the plurality of honeypot traps;
determining one or more correlations between one or more metrics for ingress and egress information for monitored network traffic that is outside of the plurality of honeypot traps and the one or more other honeypot traps;
generating one or more configurations for the plurality of honeypot traps and the plurality of other honeypot traps based on the one or more correlations, wherein the use of the one or more correlations causes reduction in complexity for generation of the one or more configurations and increases complexity for detection by one or more attackers of monitored mimic behavior by the plurality of honeypot traps and the plurality of other honeypot traps;
generating one or more reports that include localization features and characteristic information on one or more subsequent attacks on the plurality of honeypots and the plurality of other honeypots.
|