A Technique for Presenting a Deceptive Dynamic Network Topology
Abstract
Adversaries scan Department of Defense networks looking for vulnerabilities that allow surveillance or the embedding of destructive malware weapons. In cyberspace, adversaries either actively probe or passively observe defended computer networks in attempts to determine, among other attributes, the topology of the network. We develop a novel strategic deceptive methodology, based on principles of military deception, for deceiving a malicious traceroute probe in defense of a physical data communications network. We construct a proof-of-concept network to show that a remote adversary who uses traceroute to map the defended network's topology can be presented with a false route of the defender's choosing. Akin to military deception operations in the field and at sea, a network that employs a deception scheme implemented on an intelligent border router can present a deceptive topology to an adversary. Our experiments show that a defender using our technique can successfully deceive a traceroute probe, the first in a sequence of steps to mount a credible deception scheme against an adversary.
Document Details
- Document Type
- Technical Report
- Publication Date
- Mar 01, 2013
- Accession Number
- ADA579898
Entities
People
- Samuel T. Trassare
Organizations
- Naval Postgraduate School