Employing deceptive dynamic network topology through software-defined networking
Download
Author
Hughes, Jason J.
Date
2014-03Advisor
Beverly, Robert
Second Reader
Krautheim, Frank
Metadata
Show full item recordAbstract
Computer networks are constantly being actively probed in attempts to build topological maps of intermediate nodes and discover endpoints, either for academic research or nefarious schemes. While some networks employ recommended conventional countermea-sures to simply block such probing at the boundary or shunt such traffic to honey pot systems, other networks remain completely open either by design or neglect. Our research builds on previous work on the concept of presenting a deceptive network topology, which goes beyond conventional network security countermeasures of detecting and blocking network probe traffic. By employing the technologies from the emerging field of Software-Defined Networking and the OpenFlow protocol, we constructed a custom-built SDN controller to listen for network probes and craft customized deceptive replies to those probes. Through employment of various network probing utilities against our custom-built SDN controller in a test network environment, we are able to present a believable deceptive representation of the network topology to an adversary. Therefore, this work demonstrates that the primitives of the expand-ing OpenFlow protocol show strong potential for constructing an enterprise-grade dynamic deceptive network topology solution to protect computer networks.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.Collections
Related items
Showing items related by title, author, creator and subject.
-
THE ROLE OF DECEPTIVE DEFENSE IN CYBER STRATEGY
Couillard, Mathieu (Monterey, CA; Naval Postgraduate School, 2023-06);This thesis examines the role of deceptive defense in cyber strategy and contributes a new practical concept to aid in its implementation. In The Art of War, Sun Tzu stated, “All warfare is based on deception.” Cyber ... -
A Technique for Presenting a Deceptive Dynamic Network Topology
Trassare, Samuel T. (Monterey, California: Naval Postgraduate School, 2013-03);Adversaries scan Department of Defense networks looking for vulnerabilities that allow surveillance or the embedding of destructive malware weapons. In cyberspace, adversaries either actively probe or passively observe ... -
Deceptive tactics for protecting cities against Vehicle Borne Improvised Explosive Devices
Lugo, Manuel X. (Monterey California. Naval Postgraduate School, 2008-03);This thesis focuses on interdiction of Vehicle Borne Improvised Explosive Devices (VBIED) on a major city by using "transparent" and "deceptive" assets. Transparent assets (e.g., road blocks) are those for which we assume ...