Cisco Systems, Inc.
Virtual traffic decoys

Abstract:

A network security method is provided. The method includes obtaining, at a network security device, first network traffic from a network device destined for a potential attacker; determining if the first network traffic is suspicious; when the first network traffic is determined to be suspicious: generating second network traffic based on the context of the network device and the first network traffic; providing the second network traffic to the potential attacker; obtaining, from the potential attacker, third network traffic in response to the second network traffic; and designating the potential attacker as malicious based on the third network traffic is disclosed. An apparatus and one or more non-transitory computer readable storage media are also disclosed.