A Technique for Presenting a Deceptive Dynamic Network Topology
Trassare, Samuel T.
MetadataShow full item record
Adversaries scan Department of Defense networks looking for vulnerabilities that allow surveillance or the embedding of destructive malware weapons. In cyberspace, adversaries either actively probe or passively observe defended computer networks in attempts to determine, among other attributes, the topology of the network. We develop a novel strategic deceptive methodology, based on principles of military deception, for deceiving a malicious traceroute probe in defense of a physical data communications network. We construct a proof-of-concept network to show that a remote adversary who uses traceroute to map the defended network_s topology can be presented with a false route of the defender_s choosing. Akin to military deception operations in the field and at sea, a network that employs a deception scheme implemented on an intelligent border router can present a deceptive topology to an adversary. Our experiments show that a defender using our technique can successfully deceive a traceroute probe, the first in a sequence of steps to mount a credible deception scheme against an adversary.
RightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. As such, it is in the public domain, and under the provisions of Title 17, United States Code, Section 105, is not copyrighted in the U.S.
Showing items related by title, author, creator and subject.
West, Austin (Monterey, California: Naval Postgraduate School, 2015-03);Every day, adversaries bombard Department of Defense computer networks with scanning traffic in order to gather information about the target network. This reconnaissance is typically a precursor to attacks designed to ...
Phua, Weiyou Nicholas (Monterey, California: Naval Postgraduate School, 2015-09);For all purposes and intents, being able to infer the topology of a network is crucial to both operators and adversaries alike. Tracer-oute is a common active probing technique but it may be subverted by deceptive responses. ...
Trassare, Samuel; Beverly, Robert; Alderson, David (2013);Civilian and military networks are continually probed for vulnerabilities. Cyber criminals, and autonomous botnets under their control, regularly scan networks in search of vulnerable systems to co-opt. Military and more ...