Title :
A Technique for Network Topology Deception
Author :
Trassare, Samuel T. ; Beverly, Robert ; Alderson, David
Abstract :
Civilian and military networks are continually probed for vulnerabilities. Cyber criminals, and autonomous botnets under their control, regularly scan networks in search of vulnerable systems to co-opt. Military and more sophisticated adversaries may also scan and map networks as part of reconnaissance and intelligence gathering. This paper focuses on adversaries attempting to map a network´s infrastructure, i.e., the critical routers and links supporting a network. We develop a novel methodology, rooted in principles of military deception, for deceiving a malicious traceroute probe and influencing the structure of the network as inferred by a mapping adversary. Our Linux-based implementation runs as a kernel module at a border router to present a deceptive external topology. We construct a proof-of-concept test network to show that a remote adversary using traceroute to map a defended network can be presented with a false topology of the defender´s choice.
Keywords :
Linux; military communication; telecommunication links; telecommunication network routing; telecommunication network topology; telecommunication security; Linux; civilian networks; cyber criminals; military networks; network topology deception; proof-of-concept test network; IP networks; Kernel; Network topology; Ports (Computers); Probes; Topology; Web servers; Topological deception; military deception; network defense; traceroute;
Conference_Titel :
Military Communications Conference, MILCOM 2013 - 2013 IEEE
Conference_Location :
San Diego, CA
DOI :
10.1109/MILCOM.2013.303
