International Business Machines Corporation
Augmented data collection from suspected attackers of a computer network

Abstract:

Technology for isolating suspicious activity on a plurality of servers for the purpose of mitigating damage (for example, unauthorized access to server data) to a network of computers and eliciting information about any suspicious clients involved in the suspicious activity. A suspicious client is identified, isolated, and permitted to continue interacting with the computer network to elicit information about the activity (for example, the identify of a suspicious client). Suspicious activity is defined by network administrators and determined using conventional techniques. The suspicious activity is isolated to prevent the suspicious client(s) from unauthorized and/or harmful actions on the network. The suspicious client(s) are permitted to resume network requests, in isolation, to covertly elicit information about the suspicious activity. Any data collected about the suspicious activity and/or suspicious client(s) are output, during and/or after the suspicious client(s) have disconnected from the network, for analysis.