Abstract: Methods, devices, and systems are described for diverting a computer hacker from a physical or other targeted production computer to a decoy software-based host emulator that emulates the physical computer. The decoy has the exact same IP address as the physical computer. In order to avoid packet collisions, a programmable physical switch and a virtual networking switch are employed, both of which can use software-defined networking (SDN). The virtual switch prevents packets from the decoy from flowing out of its virtual network until commanded. Upon a command, the physical switch redirects specific flows to the virtual switch, and the virtual switch opens specific flows from the decoy. The specific flows are those with packets containing the hacker's computer IP address, production computer IP address, and production computer port. The packets are associated with TCP connections or UDP sessions. The decoy host emulator can be a virtual machine (VM) running alongside many other VMs in a single computer.

Abstract: A shadow network, which can be a virtual reproduction of a real, physical, base computer network, is described. Shadow networks duplicate the topology, services, host, and network traffic of the base network using shadow hosts, which are low interaction, minimal-resource-using host emulators. The shadow networks are connected to the base network through virtual switches, etc. in order to form a large obfuscated network. When a hacker probes into a host emulator, a more resource-intensive virtual machine can be swapped in to take its place. When a connection is attempted from a host emulator to a physical computer, the a host emulator can step in to take the place of the physical computer, and software defined networking (SDN) can prevent collisions between the duplicated IP addresses. Replicating the shadow networks within the network introduces problems for hackers and allows a system administrator easier ways to identify intrusions.

Abstract: A shadow network, which can be a virtual reproduction of a real, physical, base computer network, is described. Shadow networks duplicate the topology, services, host, and network traffic of the base network using shadow hosts, which are low interaction, minimal-resource-using host emulators. The shadow networks are connected to the base network through virtual switches, etc. in order to form a large obfuscated network. When a hacker probes into a host emulator, a more resource-intensive virtual machine can be swapped in to take its place. When a connection is attempted from a host emulator to a physical computer, the a host emulator can step in to take the place of the physical computer, and software defined networking (SDN) can prevent collisions between the duplicated IP addresses. Replicating the shadow networks within the network introduces problems for hackers and allows a system administrator easier ways to identify intrusions.

Abstract: A shadow network, which can be a virtual reproduction of a real, physical, base computer network, is described. Shadow networks duplicate the topology, services, host, and network traffic of the base network using shadow hosts, which are low interaction, minimal-resource-using host emulators. The shadow networks are connected to the base network through virtual switches, etc. in order to form a large obfuscated network. When a hacker probes into a host emulator, a more resource-intensive virtual machine can be swapped in to take its place. When a connection is attempted from a host emulator to a physical computer, the a host emulator can step in to take the place of the physical computer, and software defined networking (SDN) can prevent collisions between the duplicated IP addresses. Replicating the shadow networks within the network introduces problems for hackers and allows a system administrator easier ways to identify intrusions.

Abstract: Methods, devices, and systems are described for diverting a computer hacker from a physical or other targeted production computer to a decoy software-based host emulator that emulates the physical computer. The decoy has the exact same IP address as the physical computer. In order to avoid packet collisions, a programmable physical switch and a virtual networking switch are employed, both of which can use software-defined networking (SDN). The virtual switch prevents packets from the decoy from flowing out of its virtual network until commanded. Upon a command, the physical switch redirects specific flows to the virtual switch, and the virtual switch opens specific flows from the decoy. The specific flows are those with packets containing the hacker's computer IP address, production computer IP address, and production computer port. The packets are associated with TCP connections or UDP sessions. The decoy host emulator can be a virtual machine (VM) running alongside many other VMs in a single computer.

Abstract: A shadow network, which can be a virtual reproduction of a real, physical, base computer network, is described. Shadow networks duplicate the topology, services, host, and network traffic of the base network using shadow hosts, which are low interaction, minimal-resource-using host emulators. The shadow networks are connected to the base network through virtual switches, etc. in order to form a large obfuscated network. When a hacker probes into a host emulator, a more resource-intensive virtual machine can be swapped in to take its place. When a connection is attempted from a host emulator to a physical computer, the a host emulator can step in to take the place of the physical computer, and software defined networking (SDN) can prevent collisions between the duplicated IP addresses. Replicating the shadow networks within the network introduces problems for hackers and allows a system administrator easier ways to identify intrusions.

Abstract: A shadow network, which can be a virtual reproduction of a real, physical, base computer network, is described. Shadow networks duplicate the topology, services, host, and network traffic of the base network using shadow hosts, which are low interaction, minimal-resource-using host emulators. The shadow networks are connected to the base network through virtual switches, etc. in order to form a large obfuscated network. When a hacker probes into a host emulator, a more resource-intensive virtual machine can be swapped in to take its place. When a connection is attempted from a host emulator to a physical computer, the a host emulator can step in to take the place of the physical computer, and software defined networking (SDN) can prevent collisions between the duplicated IP addresses. Replicating the shadow networks within the network introduces problems for hackers and allows a system administrator easier ways to identify intrusions.

Abstract: A shadow network, which can be a virtual reproduction of a real, physical, base computer network, is described. Shadow networks duplicate the topology, services, host, and network traffic of the base network using shadow hosts, which are low interaction, minimal-resource-using host emulators. The shadow networks are connected to the base network through virtual switches, etc. in order to form a large obfuscated network. When a hacker probes into a host emulator, a more resource-intensive virtual machine can be swapped in to take its place. When a connection is attempted from a host emulator to a physical computer, the a host emulator can step in to take the place of the physical computer, and software defined networking (SDN) can prevent collisions between the duplicated IP addresses. Replicating the shadow networks within the network introduces problems for hackers and allows a system administrator easier ways to identify intrusions.