Naval Postgraduate School
Dudley Knox Library
NPS Dudley Knox Library
View Item 
  •   Calhoun Home
  • Theses and Dissertations
  • 1. Thesis and Dissertation Collection, all items
  • View Item
  •   Calhoun Home
  • Theses and Dissertations
  • 1. Thesis and Dissertation Collection, all items
  • View Item
  • How to search in Calhoun
  • My Accounts
  • Ask a Librarian
JavaScript is disabled for your browser. Some features of this site may not work without it.

Browse

All of CalhounCollectionsThis Collection

My Account

LoginRegister

Statistics

Most Popular ItemsStatistics by CountryMost Popular Authors

An improved tarpit for network deception

Thumbnail
Download
Icon16Mar_Shing_Leslie.pdf (4.179Mb)
Download Record
Download to EndNote/RefMan (RIS)
Download to BibTex
Author
Shing, Leslie
Date
2016-03
Advisor
Beverly, Robert
Rohrer, Justin P.
Second Reader
Gondree, Mark
Metadata
Show full item record
Abstract
Networks are constantly bombarded with malicious or suspicious network traffic by attackers attempting to execute their attack operations. One of the most prevalent types of traffic observed on the network is scanning traffic from reconnaissance efforts. This thesis investigates the use of network tarpits to slow automated scanning or confuse human adversaries. We identify distinguishing tarpit signatures and shortcomings of existing tarpit applications as uncovered by Degreaser (a tarpit scanner), and implement improved features into a new tarpit application called Greasy. We conduct several experiments using a select set of metrics to measure the impact of implementing new tarpitting capabilities and other improvements in Greasy, particularly Greasy0s ability to deceive Degreaser, degree of stickiness compared to LaBrea, and potential processing overhead as observed by packet latency. Our experimental results show that we effectively mitigate the two tarpit signatures used by Degreaser0s tarpit identification heuristics. And although Greasy may not hold the stickiest connections, compared to LaBrea in persist mode, it successfully improves its tarpitting capabilities, while still evading detection. More importantly, the above results are obtained by deploying Greasy on an Internet-facing /24 subnet; this allows us to measure Greasy0s ability to interact with real-world network traffic. Furthermore, Greasy offers a modularized extensible tarpit platform for future tarpit development.Networks are constantly bombarded with malicious or suspicious network traffic by attackers attempting to execute their attack operations. One of the most prevalent types of traffic observed on the network is scanning traffic from reconnaissance efforts. This thesis investigates the use of network tarpits to slow automated scanning or confuse human adversaries. We identify distinguishing tarpit signatures and shortcomings of existing tarpit applications as uncovered by Degreaser (a tarpit scanner), and implement improved features into a new tarpit application called Greasy. We conduct several experiments using a select set of metrics to measure the impact of implementing new tarpitting capabilities and other improvements in Greasy, particularly Greasy0s ability to deceive Degreaser, degree of stickiness compared to LaBrea, and potential processing overhead as observed by packet latency. Our experimental results show that we effectively mitigate the two tarpit signatures used by Degreaser0s tarpit identification heuristics. And although Greasy may not hold the stickiest connections, compared to LaBrea in persist mode, it successfully improves its tarpitting capabilities, while still evading detection. More importantly, the above results are obtained by deploying Greasy on an Internet-facing /24 subnet; this allows us to measure Greasy0s ability to interact with real-world network traffic. Furthermore, Greasy offers a modularized extensible tarpit platform for future tarpit development.
Rights
Copyright is reserved by the copyright owner.
URI
http://hdl.handle.net/10945/48595
Collections
  • 1. Thesis and Dissertation Collection, all items

Related items

Showing items related by title, author, creator and subject.

  • Thumbnail

    AN ANALYSIS OF METRICS TRENDS IDENTIFIED BY THE ARMY'S OPERATIONAL SUSTAINMENT REVIEWS 

    Meickle, David W. (Monterey, CA; Naval Postgraduate School, 2019-09);
    This research provides an analysis of sustainment metrics and their application by product support managers (PSMs) within the context of the Army's operational sustainment review (OSR) process. The research explored the ...
  • Thumbnail

    A SEQUENCE-AWARE INTRUSION DETECTION SYSTEM FOR ETHERNET/IP INDUSTRIAL CONTROL NETWORKS 

    Wetzel, Jonathan L. (Monterey, CA; Naval Postgraduate School, 2020-09);
    Industrial control systems (ICS) regulate and monitor critical cyber-physical systems such as the power grid and manufacturing plants. ICS networks are also vulnerable to cyber attacks, and existing defenses against these ...
  • Thumbnail

    LEVERAGING MACHINE-LEARNING TO ENHANCE NETWORK SECURITY 

    Salazar, Daniel (Monterey, CA; Naval Postgraduate School, 2018-06);
    This research examines the use of machine-learning techniques to identify malicious traffic in an emulated tactical computer network. The intent is to identify low-cost solutions based on open-source software capable of ...
NPS Dudley Knox LibraryDUDLEY KNOX LIBRARY
Feedback

411 Dyer Rd. Bldg. 339
Monterey, CA 93943
circdesk@nps.edu
(831) 656-2947
DSN 756-2947

    Federal Depository Library      


Start Your Research

Research Guides
Academic Writing
Ask a Librarian
Copyright at NPS
Graduate Writing Center
How to Cite
Library Liaisons
Research Tools
Thesis Processing Office

Find & Download

Databases List
Articles, Books & More
NPS Theses
NPS Faculty Publications: Calhoun
Journal Titles
Course Reserves

Use the Library

My Accounts
Request Article or Book
Borrow, Renew, Return
Tech Help
Remote Access
Workshops & Tours

For Faculty & Researchers
For International Students
For Alumni

Print, Copy, Scan, Fax
Rooms & Study Spaces
Floor Map
Computers & Software
Adapters, Lockers & More

Collections

NPS Archive: Calhoun
Restricted Resources
Special Collections & Archives
Federal Depository
Homeland Security Digital Library

About

Hours
Library Staff
About Us
Special Exhibits
Policies
Our Affiliates
Visit Us

NPS-Licensed Resources—Terms & Conditions
Copyright Notice

Naval Postgraduate School

Naval Postgraduate School
1 University Circle, Monterey, CA 93943
Driving Directions | Campus Map

This is an official U.S. Navy Website |  Please read our Privacy Policy Notice  |  FOIA |  Section 508 |  No FEAR Act |  Whistleblower Protection |  Copyright and Accessibility |  Contact Webmaster

Export search results

The export option will allow you to export the current search results of the entered query to a file. Different formats are available for download. To export the items, click on the button corresponding with the preferred download format.

A logged-in user can export up to 15000 items. If you're not logged in, you can export no more than 500 items.

To select a subset of the search results, click "Selective Export" button and make a selection of the items you want to export. The amount of items that can be exported at once is similarly restricted as the full export.

After making a selection, click one of the export format buttons. The amount of items that will be exported is indicated in the bubble next to export format.