Darknet and DoD Networks: Obfuscation, Spoof Detection, and Elimination
Gallup, Shelley P.
Garza, Victor (Bob)
Wood, Brian (Woodie)
MetadataShow full item record
There is no process or system capable of detecting obfuscated network traffic on DOD networks, and the quantity of obfuscated traffic on DOD networks is unknown. The presence of obfuscated traffic on a DOD network creates significant risk from both insider-threat and network-defense perspectives. This study used quantitative correlation and simple network-traffic analysis to identify common characteristics, relationships, and sources of obfuscated traffic. A set of concepts were identified and proposed as a set of testable Key Cyber Concepts (KCCs) for obfuscation behavior. Each characteristic was evaluated individually for its ability to detect obfuscated traffic and in combination in a set of Naive Bayes multi-attribute prediction models. The best performing evaluations used multi-attribute analysis and proved capable of detecting approximately 80 percent of obfuscated traffic in a mixed dataset. By applying the methods and observations of this study, the threat to DOD networks from obfuscation technologies can be greatly reduced (Abstract from LT Kevin Dougherty NPS 2017 thesis “Identification of low latency obfuscated traffic using multi-attribute analysis”.)
RightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
NPS Report NumberNPS-N16-N201-C
Showing items related by title, author, creator and subject.
Dougherty, Kevin R. (Monterey, California: Naval Postgraduate School, 2017-03);There is no process or system capable of detecting obfuscated network traffic on Department of Defense (DOD) networks, and the quantity of obfuscated traffic on DOD networks is unknown. The presence of this traffic on a ...
Wang, Beng Wei (Monterey, California. Naval Postgraduate School, 2007-03);Wireless sensor networks have been widely researched for use in both military and commercial applications. They are especially of interest to the military planners as they can be deployed in hostile environments to collect ...
Shing, Leslie (Monterey, California: Naval Postgraduate School, 2016-03);Networks are constantly bombarded with malicious or suspicious network traffic by attackers attempting to execute their attack operations. One of the most prevalent types of traffic observed on the network is scanning ...