Deception using screen capture
Abstract
Multiple deception techniques utilized to mislead malicious entities that attempt to gather information associated with a computing device are implemented by changing a single result. In one aspect, requests for screen captures are intercepted and it is determined whether the requests are triggered due to user interaction (e.g., pressing a button and/or key) and/or received from an authorized application/device. If determined that the requests are not triggered due to user interaction and/or are received from an unauthorized application/device, a response comprising one of several pre-prepared or dynamically generated screen captures that are embedded (and/or appended) with misleading information (e.g., fake credentials, fake documents marked as important/hidden, etc.) is generated. Applications that attempt to utilize the misleading information can be flagged as malware.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A method, comprising:
receiving, by network equipment comprising a processor, a request for a screenshot image represented via a display device; and in response to determining that the request does not satisfy a defined criterion:
selecting, by the network equipment, deception data from a group of deception data based on a time of day of the request,
embedding, by the network equipment, the deception data into the screenshot image to generate a modified screenshot image, wherein the deception data is generated to appear, visibly to a human eye, to be legitimate data, and
employing, by the network equipment, the modified screenshot image to respond to the request.
2 . The method of claim 1 , wherein the deception data represents false login data for a login field in the screenshot image.
3 . The method of claim 1 , wherein the deception data further comprises an additional image, and wherein the embedding comprises overlaying the additional image on the screenshot image.
4 . The method of claim 1 , wherein the determining comprises determining that the request has not been triggered in response to a user interaction event.
5 . The method of claim 1 , wherein the determining comprises determining that the request is received from an application that has not been authorized to access the screenshot image.
6 . The method of claim 1 , wherein the deception data comprises false credential data representing false credentials.
7 . The method of claim 1 , wherein the deception data comprises false address data representing a non-genuine internet protocol address.
8 . Network equipment, comprising:
a processor; and a memory that stores executable instructions that, when executed by the processor, facilitate performance of operations, comprising: in response to determining that a request for a screenshot image associated with an output device does not satisfy a defined access criterion:
selecting deception data from a group of deception data based on bandwidth data for the network equipment,
embedding the deception data into the screenshot image to generate a modified screenshot image, wherein the deception data comprises false data that is generated to appear to be legitimate data, and
using the modified screenshot image to respond to the request.
9 . The network equipment of claim 8 , wherein the deception data represents false password data for a login field in the screenshot image.
10 . The network equipment of claim 8 , wherein the deception data further comprises an additional image, and wherein the embedding comprises overlaying the additional image with respect to the screenshot image.
11 . The network equipment of claim 8 , wherein the determining comprises determining that the request has not been triggered in response to a user interaction event that is part of a user interaction with an input device.
12 . The network equipment of claim 8 , wherein the defined access criterion comprises a specification that the request is received from an application that, when executed, has a graphical user interface associated with the application.
13 . The network equipment of claim 8 , wherein the deception data comprises false credential data representing a false credential that is unable to be used to authenticate any user.
14 . The network equipment of claim 8 , wherein the deception data comprises false address data representing a non-genuine internet protocol address.
15 . A non-transitory machine-readable medium, comprising executable instructions that, when executed by a processor of network equipment, facilitate performance of operations, comprising:
in response to determining that a request for a screenshot image for presentation via an output interface of the network equipment is from an unauthorized entity:
selecting misleading data from a group of misleading data based on resource availability data associated with a resource of the network equipment,
embedding the misleading data into the screenshot image to generate a modified screenshot image, wherein the misleading data comprises false data usable to deceive as representing legitimate data, and
utilizing the modified screenshot image to respond to the request.
16 . The non-transitory machine-readable medium of claim 15 , wherein the misleading data represents false username data for a login field in the screenshot image.
17 . The non-transitory machine-readable medium of claim 15 , wherein the misleading data further comprises an additional image, and wherein the embedding comprises overlaying the additional image over the screenshot image.
18 . The non-transitory machine-readable medium of claim 15 , wherein the determining that the request is from the unauthorized entity comprises determining that the request has not been triggered in response to user input.
19 . The non-transitory machine-readable medium of claim 15 , wherein the determining that the request is from the unauthorized entity comprises determining that the request is received from an application that has not been authorized to access the screenshot image.
20 . The non-transitory machine-readable medium of claim 15 , wherein the misleading data represents false credential data generated to be false.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.