A Technique for Network Topology Deception
Loading...
Authors
Trassare, Samuel
Beverly, Robert
Alderson, David
Subjects
Advisors
Date of Issue
2013
Date
2013
Publisher
Language
Abstract
Civilian and military networks are continually probed for vulnerabilities. Cyber criminals, and autonomous botnets under their control, regularly scan networks in search of vulnerable systems to co-opt. Military and more sophisticated adversaries may also scan and map networks as part of reconnaissance and intelligence gathering. This paper focuses on adversaries attempting to map a network's \emph{infrastructure}, \ie the critical routers and links supporting a network. We develop a novel methodology, rooted in principles of military deception, for deceiving a malicious traceroute probe and influencing the structure of the network as inferred by a mapping adversary. Our Linux-based implementation runs as a kernel module at a border router to present a deceptive external topology. We construct a proof-of-concept test network to show that a remote adversary using traceroute to map a defended network can be presented with a false topology of the defender's choice.
Type
Article
Description
Military Communications Conference (MILCOM 2013), San Diego, CA, November 2013.
Refereed Article
Refereed Article
Series/Report No
Department
Computer Science (CS)
Operations Research (OR)
Organization
Identifiers
NPS Report Number
Sponsors
Funding
Format
Citation
Distribution Statement
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.