Detection of active topology probing deception
Phua, Weiyou Nicholas
Rohrer, Justin P.
MetadataShow full item record
For all purposes and intents, being able to infer the topology of a network is crucial to both operators and adversaries alike. Tracer-oute is a common active probing technique but it may be subverted by deceptive responses. We identify possible inconsistencies in traceroute deception systems, and endeavor to find potential deception in the historic IPv4 Routed /24 Topology Dataset from the Center for Applied Internet Data Analysis (CAIDA). Our results show three major patterns in 2013 and 2014 that exhibited instances of inconsistencies matching the techniques in our methodology. In addition to analyzing the historic dataset, we evaluate three cases of traceroute manipulation in the wild. These case studies include The Pirate Bay (TPB) server supposedly residing in North Korea, the Star Wars- and Christmas Carol-themed gags involving customized Domain Name System (DNS) names, and the experimental DeTracer at the Naval Postgraduate School (NPS). In the TPB case, we discovered extensive and long-running deception in the /24 subnet. We find intriguing patterns in the gag traceroutes and fake topologies from the DeTracer for which we may use to improve our filtering process. In all, the findings will aid future operations in verifying inferred network topologies from traceroutes.
Approved for public release; distribution is unlimited
Showing items related by title, author, creator and subject.
West, Austin (Monterey, California: Naval Postgraduate School, 2015-03);Every day, adversaries bombard Department of Defense computer networks with scanning traffic in order to gather information about the target network. This reconnaissance is typically a precursor to attacks designed to ...
Monroe, James D. (Monterey, California. Naval Postgraduate School, 2012-06);This thesis explores the history of U.S. Army deception and doctrine, and combines the insights gained with the various works on deception, cognitive psychology, communications, and decision-making in order to distill a ...
Higginbotham, Benjamin I. (2001-12);This thesis addresses the use of deception as one means available to states for dealing with terrorists. It begins by exploring the body of theoretical literature to establish the foundation necessary for a thorough ...