← Current filings
Not in archiveU.S. Navy

Deceptive Resistance to Adversary Cyber Operations (DRACO)

US20250088536A1

Drawing from US20250088536A1

Description (excerpt)

CROSS-REFERENCE TO RELATED APPLICATIONS This application claims priority to U.S. Provisional Patent Application No. 63/538,027, filed on Sep. 12, 2023, which is incorporated by reference in its entirety. BACKGROUND The present disclosure relates to the enhancement of cybersecurity through the deployment of advanced deception techniques, specifically focusing on improved defense against adversary cyber operations. This disclosure pertains to innovative methods of cybersecurity deception, particularly the use of deception as a service (DaaS) through cloud-hosted honeypots and network redirection technologies, which provide an effective yet secure approach to misleading and identifying malicious actors in both operational and research environments. These methods offer significant advantages in scenarios where traditional cybersecurity defenses are insufficient, such as protecting critical infrastructure, government networks, and cloud-based services from advanced persistent threats (APTs) or state-sponsored cyber espionage activities. In today's cyber threat landscape, organizations face increasingly sophisticated attacks that can easily bypass traditional perimeter defenses. Cyber incidents are unpredictable and can result in significant damage to organizational assets, including sensitive data, intellectual property, and operational systems. Common cyber defense techniques, such as firewalls and intrusion detection systems, often fail to provide effective monitoring and engagement with attackers once they have infiltrated a network. The risk is compounded by the challenges in attributing and responding to these threats, particularly when cybercriminals use anonymization techniques and botnets to evade detection. Current cybersecurity protocols focus heavily on preventing attacks, but they often neglect the importance of ongoing engagement and intelligence gathering once an attack is underway, limiting the ability of defenders to respond effectively. Cybersecurity professionals often lack the tools to continuously monitor attacker behavior in a way that provides deep insights into adversary tactics, techniques, and procedures (TTPs). The overwhelming volume of traffic and data from multiple systems can saturate security operations teams, making it difficult to distinguish real threats from false positives. Traditional security alerts focus on isolated events but fail to account for broader attack patterns, often leading to alarm fatigue and missed opportunities to detect and stop advanced cyber threats. These challenges are exacerbated by the evolving nature of cyberattacks, including multi-stage attacks that blend reconnaissance, exploitation, and persistence over extended time frames, making real-time monitoring and response critical to maintaining network integrity. The Deceptive Resistance to Adversary Cyber Operations (DRACO) system provides a solution to these challenges by enabling continuous engagement with cyber adversaries through its deception-as-a-service architecture. By leveraging cloud-hosted honeypots and network address translation (NAT) technologies, DRACO ensures that attackers are engaged and monitored from the initial compromise to the final stages of the attack, without exposing the operational network to significant risk. This system allows security professionals to gather valuable intelligence on adversarial behavior, including the identification of attack infrastructure and techniques, while keeping production systems secure. DRACO also enables rapid response interventions by automatically redirecting malicious traffic to deception networks, allowing defenders to isolate and neutralize threats before they can cause widespread damage. The present disclosure proposes a comprehensive solution for overcoming these problems and improving cybersecurity defense. BRIEF SUMMARY A system for deceptive resistance to adversary cyber operations is disclosed. The system comprises a deception server within a deception network, which responds to cyber threat actors by impersonating an operational server on the operational network. This is achieved using network traffic redirection and network address translation (NAT), allowing the system to log relevant network events generated by the cyber threat actor. An analytics server, also part of the deception network, receives and stores these logs, generating visual analytics in the form of dashboards for end users. The system includes a network firewall that manages connections between the deception network and the Internet, and facilitates the administration of the deception network. A router routes traffic between components of the deception network and terminates virtual private network (VPN) connections to the operational network. The analytics server may be integrated into the deception network itself, providing localized processing capabilities. Additionally, the system may include a border router located outside the operational network, designed to route

Filing details

Inventors
Mathieu Couillard
Assignee
The United States Of America, As Represented By The Secretary Of The Navy
Filed
Sep 12, 2024
Granted
Application pending

Bibliographic data and excerpted text sourced from Google Patents (public record) as part of IP TechMatch's current-filings monitor. This filing is not part of the 2019 historical archive. For the authoritative full text, drawings, and legal status, see the source links above or consult USPTO records directly.