| CPC H04L 63/1416 (2013.01) [G06F 21/6218 (2013.01); H04L 63/1433 (2013.01); H04L 63/1491 (2013.01)] | 39 Claims |
|
1. A method for generating a cyber deception strategy to be implemented on a computing network, the method comprising:
receiving one or more user preferences regarding the cyber deception strategy to be implemented on the computing network;
mapping the received one or more user preferences to one or more parameters using one or more machine learning models;
receiving a plurality of candidate objects from the computing network, wherein the plurality of candidate objects include one or more files stored on the computing network that will be used to generate decoy files for the cyber deception strategy;
selecting one or more candidate objects of the plurality of candidate objects to be used in the cyber deception strategy based on the one or more parameters;
determining one or more cyber-attacks occurring on the computing network;
generating a plurality of candidate deception actions based on the selected one or more candidate objects and based on the one or more determined cyber-attacks occurring on the computing network;
applying an optimization process to the to the generated plurality of candidate deception actions, wherein the optimization process is configured to maximize a cost to an attacker associated with implementation of the plurality of candidate deception actions and minimize a cost to legitimate users of the computing network associated with the plurality of candidate deception actions; and
selecting one or more the of candidate deceptions actions for implementation on the computing network based on one or more results of the optimization process.
|