Toward a robust method of presenting a rich, interconnected deceptive network topology
MetadataShow full item record
Every day, adversaries bombard Department of Defense computer networks with scanning traffic in order to gather information about the target network. This reconnaissance is typically a precursor to attacks designed to access data, exfiltrate information, or plant malware in order to gain a military advantage. One specific reconnaissance tool, traceroute, is used to map the network topology of a target network. We implement an active network defense tool, dubbed DeTracer, that seeks to thwart network mapping attacks through the use of deception. We deploy DeTracer in several environments, including the Internet, to demonstrate that an attacker attempting to map a target network using traceroute probes can be presented with a false network topology of the defender’s choosing. Our experiments show that a defender can present an adversary with a credible false network topology. We are able to deceive all types of incoming traceroute probes, present a complex false network topology on a per source and destination basis, and deploy our deception scheme without disrupting service to the real production infrastructure on our network.
RightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Showing items related by title, author, creator and subject.
Bordetsky, Alex; Bourakov, Eugene (2006);The emerging tactical networks represent complex network-centric systems, in which multiple sensors, unmanned vehicles, and geographically distributed units of highly mobile decision makers, transfer and analyze data while ...
Bordetsky, Alex; Bourakov, Eugene (2006-06);The emerging tactical networks represent complex network-centric systems, in which multiple sensors, unmanned vehicles, and geographically distributed units of highly mobile decision makers, transfer and analyze data while ...
Chan, Baixian Alvin (Monterey, CA; Naval Postgraduate School, 2021-09);Computer networks are often the target of cyber attacks carried out by malevolent agents, to either disable critical system operations or to surreptitiously gain access to sensitive data. The asymmetric and covert nature ...