US 12,107,887 B2
Bespoke honeypot (chimaera) for network security
Mario D. Santana, Annapolis, MD (US)
Assigned to El Orangutan, LLC, Annapolis, MD (US)
Filed by El Orangutan, LLC, Annapolis, MD (US)
Filed on Jul. 31, 2020, as Appl. No. 16/945,771.
Prior Publication US 2022/0038499 A1, Feb. 3, 2022
Int. Cl. H04L 29/06 (2006.01); H04L 9/40 (2022.01)
CPC H04L 63/1491 (2013.01) [H04L 63/0236 (2013.01); H04L 63/102 (2013.01); H04L 63/1416 (2013.01); H04L 63/1425 (2013.01); H04L 63/20 (2013.01)] 14 Claims
OG exemplary drawing
 
1. A network security method comprising:
duplicating a protected image of a presentation layer of a network accessible application from a primary container in which the protected image executes into a secondary container as a duplicated image and duplicating data for the network accessible application in the primary container into the secondary container for use by the duplicated image, but changing values of the duplicated data while maintaining a formatting of the duplicated data in the secondary container by applying an algorithmic formula to the data of the network accessible application in the primary container to transform the data of the network accessible application into the changed values;
logging incoming requests to the protected image of the primary container along with corresponding responses to the incoming requests produced by the protected image of the primary container, characterizing the incoming requests according to request characteristics including request address, one or more request parameters and one or more request headers and storing the requests and corresponding responses including data in association with the request characteristics into a request-response table;
detecting an attempted intrusion in the protected image of the primary container; and,
responsive to the detection,
identifying a network source of the attempted intrusion,
routing subsequent requests from the identified network source to the duplicated image in the secondary container,
for each one of the subsequent requests, characterizing the one of the subsequent requests, mapping the characterization of the one of the subsequent requests to a pre-stored response with data in the request-response table, modifying the data in the pre-stored response to include different values while retaining a same format as corresponding values of the protected image by transforming original alphanumeric characters in the data algorithmically into differing alphanumeric characters but maintaining a same format of the differing alphanumeric characters as the original alphanumeric characters; and
logging interactions between the identified network source and the duplicated image.