Employing deceptive dynamic network topology through software-defined networking
Hughes, Jason J.
MetadataShow full item record
Computer networks are constantly being actively probed in attempts to build topological maps of intermediate nodes and discover endpoints, either for academic research or nefarious schemes. While some networks employ recommended conventional countermea-sures to simply block such probing at the boundary or shunt such traffic to honey pot systems, other networks remain completely open either by design or neglect. Our research builds on previous work on the concept of presenting a deceptive network topology, which goes beyond conventional network security countermeasures of detecting and blocking network probe traffic. By employing the technologies from the emerging field of Software-Defined Networking and the OpenFlow protocol, we constructed a custom-built SDN controller to listen for network probes and craft customized deceptive replies to those probes. Through employment of various network probing utilities against our custom-built SDN controller in a test network environment, we are able to present a believable deceptive representation of the network topology to an adversary. Therefore, this work demonstrates that the primitives of the expand-ing OpenFlow protocol show strong potential for constructing an enterprise-grade dynamic deceptive network topology solution to protect computer networks.
Approved for public release; distribution is unlimited.
Showing items related by title, author, creator and subject.
Trassare, Samuel T. (Monterey, California: Naval Postgraduate School, 2013-03);Adversaries scan Department of Defense networks looking for vulnerabilities that allow surveillance or the embedding of destructive malware weapons. In cyberspace, adversaries either actively probe or passively observe ...
Lugo, Manuel X. (Monterey California. Naval Postgraduate School, 2008-03);This thesis focuses on interdiction of Vehicle Borne Improvised Explosive Devices (VBIED) on a major city by using "transparent" and "deceptive" assets. Transparent assets (e.g., road blocks) are those for which we assume ...
Trassare, Samuel; Beverly, Robert; Alderson, David (2013);Civilian and military networks are continually probed for vulnerabilities. Cyber criminals, and autonomous botnets under their control, regularly scan networks in search of vulnerable systems to co-opt. Military and more ...