Toward a robust method of presenting a rich, interconnected deceptive network topology
Loading...
Authors
West, Austin
Subjects
Topological deception
active defense
traceroute
network defense
active defense
traceroute
network defense
Advisors
Beverly, Robert
Date of Issue
2015-03
Date
March 2015
Publisher
Monterey, California: Naval Postgraduate School
Language
Abstract
Every day, adversaries bombard Department of Defense computer networks with scanning traffic in order to gather information about the target network. This reconnaissance is typically a precursor to attacks designed to access data, exfiltrate information, or plant malware in order to gain a military advantage. One specific reconnaissance tool, traceroute, is used to map the network topology of a target network. We implement an active network defense tool, dubbed DeTracer, that seeks to thwart network mapping attacks through the use of deception. We deploy DeTracer in several environments, including the Internet, to demonstrate that an attacker attempting to map a target network using traceroute probes can be presented with a false network topology of the defender’s choosing. Our experiments show that a defender can present an adversary with a credible false network topology. We are able to deceive all types of incoming traceroute probes, present a complex false network topology on a per source and destination basis, and deploy our deception scheme without disrupting service to the real production infrastructure on our network.
Type
Thesis
Description
Series/Report No
Department
Computer Science
Computer Science
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.