Employing Deceptive Dynamic Network Topology Through Software-Defined Networking
Abstract
Computer networks are constantly being actively probed in attempts to build topological maps of intermediate nodes and discover endpoints, either for academic research or nefarious schemes. While some networks employ recommended conventional countermeasures to simply block such probing at the boundary or shunt such traffic to honey pot systems, other networks remain completely open either by design or neglect. Our research builds on previous work on the concept of presenting a deceptive network topology, which goes beyond conventional network security countermeasures of detecting and blocking network probe traffic. By employing the technologies from the emerging field of Software-Defined Networking and the OpenFlow protocol, we constructed a custom-built SDN controller to listen for network probes and craft customized deceptive replies to those probes. Through employment of various network probing utilities against our custom-built SDN controller in a test network environment, we are able to present a believable deceptive representation of the network topology to an adversary. Therefore, this work demonstrates that the primitives of the expanding OpenFlow protocol show strong potential for constructing an enterprise-grade dynamic deceptive network topology solution to protect computer networks.
Document Details
- Document Type
- Technical Report
- Publication Date
- Mar 01, 2014
- Accession Number
- ADA607859
Entities
People
- Jason J. Hughes
Organizations
- Naval Postgraduate School