TY - JOUR
T1 - Deceiving network reconnaissance using SDN-based virtual topologies
AU - Achleitner, Stefan
AU - La Porta, Thomas F.
AU - Mcdaniel, Patrick
AU - Sugrim, Shridatt
AU - Krishnamurthy, Srikanth V.
AU - Chadha, Ritu
N1 - Publisher Copyright:
© 2017 IEEE.
PY - 2017/12
Y1 - 2017/12
N2 - Advanced targeted cyber attacks often rely on reconnaissance missions to gather information about potential targets, their characteristics and location to identify vulnerabilities in a networked environment. Advanced network scanning techniques are often used for this purpose and are automatically executed by malware infected hosts. In this paper, we formally define network deception to defend reconnaissance and develop a reconnaissance deception system, which is based on software defined networking, to achieve deception by simulating virtual topologies. Our system thwarts network reconnaissance by delaying the scanning techniques of adversaries and invalidating their collected information, while limiting the performance impact on benign network traffic. By simulating the topological as well as physical characteristics of networks, we introduce a system which deceives malicious network discovery and reconnaissance techniques with virtual information, while limiting the information an attacker is able to harvest from the true underlying system. This approach shows a novel defense technique against adversarial reconnaissance missions which are required for targeted cyber attacks such as advanced persistent threats in highly connected environments. The defense steps of our system aim to invalidate an attackers information, delay the process of finding vulnerable hosts and identify the source of adversarial reconnaissance within a network.
AB - Advanced targeted cyber attacks often rely on reconnaissance missions to gather information about potential targets, their characteristics and location to identify vulnerabilities in a networked environment. Advanced network scanning techniques are often used for this purpose and are automatically executed by malware infected hosts. In this paper, we formally define network deception to defend reconnaissance and develop a reconnaissance deception system, which is based on software defined networking, to achieve deception by simulating virtual topologies. Our system thwarts network reconnaissance by delaying the scanning techniques of adversaries and invalidating their collected information, while limiting the performance impact on benign network traffic. By simulating the topological as well as physical characteristics of networks, we introduce a system which deceives malicious network discovery and reconnaissance techniques with virtual information, while limiting the information an attacker is able to harvest from the true underlying system. This approach shows a novel defense technique against adversarial reconnaissance missions which are required for targeted cyber attacks such as advanced persistent threats in highly connected environments. The defense steps of our system aim to invalidate an attackers information, delay the process of finding vulnerable hosts and identify the source of adversarial reconnaissance within a network.
UR - http://www.scopus.com/inward/record.url?scp=85023190637&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85023190637&partnerID=8YFLogxK
U2 - 10.1109/TNSM.2017.2724239
DO - 10.1109/TNSM.2017.2724239
M3 - Article
AN - SCOPUS:85023190637
SN - 1932-4537
VL - 14
SP - 1098
EP - 1112
JO - IEEE Transactions on Network and Service Management
JF - IEEE Transactions on Network and Service Management
IS - 4
ER -