A Technique for Presenting a Deceptive Dynamic Network Topology

Abstract

Adversaries scan Department of Defense networks looking for vulnerabilities that allow surveillance or the embedding of destructive malware weapons. In cyberspace, adversaries either actively probe or passively observe defended computer networks in attempts to determine, among other attributes, the topology of the network. We develop a novel strategic deceptive methodology, based on principles of military deception, for deceiving a malicious traceroute probe in defense of a physical data communications network. We construct a proof-of-concept network to show that a remote adversary who uses traceroute to map the defended network_s topology can be presented with a false route of the defender_s choosing. Akin to military deception operations in the field and at sea, a network that employs a deception scheme implemented on an intelligent border router can present a deceptive topology to an adversary. Our experiments show that a defender using our technique can successfully deceive a traceroute probe, the first in a sequence of steps to mount a credible deception scheme against an adversary.