An improved tarpit for network deception

Download
Author
Shing, Leslie
Date
2016-03Advisor
Beverly, Robert
Rohrer, Justin P.
Second Reader
Gondree, Mark
Metadata
Show full item recordAbstract
Networks are constantly bombarded with malicious or suspicious network traffic by attackers attempting to execute their attack operations. One of the most prevalent types of traffic observed on the network is scanning traffic from reconnaissance efforts. This thesis investigates the use of network tarpits to slow automated scanning or confuse human adversaries. We identify distinguishing tarpit signatures and shortcomings of existing tarpit applications as uncovered by Degreaser (a tarpit scanner), and implement improved features into a new tarpit application called Greasy. We conduct several experiments using a select set of metrics to measure the impact of implementing new tarpitting capabilities and other improvements in Greasy, particularly Greasy0s ability to deceive Degreaser, degree of stickiness compared to LaBrea, and potential processing overhead as observed by packet latency. Our experimental results show that we effectively mitigate the two tarpit signatures used by Degreaser0s tarpit identification heuristics. And although Greasy may not hold the stickiest connections, compared to LaBrea in persist mode, it successfully improves its tarpitting capabilities, while still evading detection. More importantly, the above results are obtained by deploying Greasy on an Internet-facing /24 subnet; this allows us to measure Greasy0s ability to interact with real-world network traffic. Furthermore, Greasy offers a modularized extensible tarpit platform for future tarpit development.Networks are constantly bombarded with malicious or suspicious network traffic by attackers attempting to execute their attack operations. One of the most prevalent types of traffic observed on the network is scanning traffic from reconnaissance efforts. This thesis investigates the use of network tarpits to slow automated scanning or confuse human adversaries. We identify distinguishing tarpit signatures and shortcomings of existing tarpit applications as uncovered by Degreaser (a tarpit scanner), and implement improved features into a new tarpit application called Greasy. We conduct several experiments using a select set of metrics to measure the impact of implementing new tarpitting capabilities and other improvements in Greasy, particularly Greasy0s ability to deceive Degreaser, degree of stickiness compared to LaBrea, and potential processing overhead as observed by packet latency. Our experimental results show that we effectively mitigate the two tarpit signatures used by Degreaser0s tarpit identification heuristics. And although Greasy may not hold the stickiest connections, compared to LaBrea in persist mode, it successfully improves its tarpitting capabilities, while still evading detection. More importantly, the above results are obtained by deploying Greasy on an Internet-facing /24 subnet; this allows us to measure Greasy0s ability to interact with real-world network traffic. Furthermore, Greasy offers a modularized extensible tarpit platform for future tarpit development.
Rights
Copyright is reserved by the copyright owner.Collections
Related items
Showing items related by title, author, creator and subject.
-
AN ANALYSIS OF METRICS TRENDS IDENTIFIED BY THE ARMY'S OPERATIONAL SUSTAINMENT REVIEWS
Meickle, David W. (Monterey, CA; Naval Postgraduate School, 2019-09);This research provides an analysis of sustainment metrics and their application by product support managers (PSMs) within the context of the Army's operational sustainment review (OSR) process. The research explored the ... -
A SEQUENCE-AWARE INTRUSION DETECTION SYSTEM FOR ETHERNET/IP INDUSTRIAL CONTROL NETWORKS
Wetzel, Jonathan L. (Monterey, CA; Naval Postgraduate School, 2020-09);Industrial control systems (ICS) regulate and monitor critical cyber-physical systems such as the power grid and manufacturing plants. ICS networks are also vulnerable to cyber attacks, and existing defenses against these ... -
LEVERAGING MACHINE-LEARNING TO ENHANCE NETWORK SECURITY
Salazar, Daniel (Monterey, CA; Naval Postgraduate School, 2018-06);This research examines the use of machine-learning techniques to identify malicious traffic in an emulated tactical computer network. The intent is to identify low-cost solutions based on open-source software capable of ...