US 12,464,020 B2
AI-generated virtual file honeypots for computing systems behavior-based protection against ransomware attacks
Vladimir Strogov, Singapore (SG); Alexey Kostyushko, Yerevan (AM); Aliaksei Dodz, Singapore (SG); Serg Bell, Costa del Sol (SG); and Stanislav Protasov, Singapore (SG)
Assigned to Acronis International GmbH, Schaffhausen (CH)
Filed by Acronis International GmbH, Schaffhausen (CH)
Filed on Mar. 28, 2024, as Appl. No. 18/620,399.
Prior Publication US 2025/0310376 A1, Oct. 2, 2025
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/1491 (2013.01) [H04L 63/1416 (2013.01); H04L 63/1466 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method for automatic generation of virtual file honeypots (VFHs) for protecting a target computing system (CS) against ransomware attacks using an artificial intelligence (AI) device, the method comprising:
pretraining a generative machine-learning device comprising a large language model (LLM) to generate VFHs for specific ransomware families and characteristic activities, wherein the pretraining comprises:
collecting a pretraining training dataset from threat-intelligence sources of ransomware data, wherein ransomware data comprises data specific to a ransomware family,
extracting features from the training dataset using natural language processing (NLP), and
categorizing the pretraining dataset based on ransomware families;
monitoring an operation of the CS;
determining whether the operation comprises suspicious activity according to a policy;
identifying a suspect actor associated with the suspicious activity;
collecting behavior information and characteristics of the suspect actor;
identifying a predicted ransomware family based on the operation comprising suspicious activity;
configuring VFH properties based on the predicted ransomware family and the collected behavior information and characteristics of the suspect actor; and
generating a plurality of VFHs according to the configured VFH properties using the generative machine-learning device.