SYSTEMS AND METHODS FOR THE DETECTION OF ADVANCED ATTACKERS USING CLIENT SIDE HONEYTOKENS

There is provided a method for detecting a malicious attempt to access a service providing server using credentials of a client terminal in a network, the method performed by a malicious event detection server analyzing packets transmitted over the network, comprising: analyzing at least one login-c...

Full description

Saved in:
Bibliographic Details
Main Authors Grady, Itai, Be'ery, Tal Arieh
Format Patent
LanguageEnglish
Published 04.07.2019
Subjects
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online AccessGet full text

Cover

More Information
Summary:There is provided a method for detecting a malicious attempt to access a service providing server using credentials of a client terminal in a network, the method performed by a malicious event detection server analyzing packets transmitted over the network, comprising: analyzing at least one login-credential associated with an attempt to obtain authentication to access the service providing server to determine whether the login-credential matches an invalid login-credential included in a set of honeytoken-credentials, wherein the set of honeytoken-credentials is stored on a local memory of the client terminal, wherein the set of honeytoken-credentials includes the invalid login-credential and a valid login-credential, wherein the invalid login-credential is invalid for authentication of the client terminal to access the service providing server and the valid login-credential is valid for authentication of the client terminal to access the service providing server; and identifying a malicious event when the login-credential matches the invalid login-credential.
Bibliography:Application Number: US201816113124