Deceiving network reconnaissance using SDN-based virtual topologies

Stefan Achleitner, Thomas F. La Porta, Patrick Mcdaniel, Shridatt Sugrim, Srikanth V. Krishnamurthy, Ritu Chadha

Research output: Contribution to journalArticlepeer-review

42 Scopus citations


Advanced targeted cyber attacks often rely on reconnaissance missions to gather information about potential targets, their characteristics and location to identify vulnerabilities in a networked environment. Advanced network scanning techniques are often used for this purpose and are automatically executed by malware infected hosts. In this paper, we formally define network deception to defend reconnaissance and develop a reconnaissance deception system, which is based on software defined networking, to achieve deception by simulating virtual topologies. Our system thwarts network reconnaissance by delaying the scanning techniques of adversaries and invalidating their collected information, while limiting the performance impact on benign network traffic. By simulating the topological as well as physical characteristics of networks, we introduce a system which deceives malicious network discovery and reconnaissance techniques with virtual information, while limiting the information an attacker is able to harvest from the true underlying system. This approach shows a novel defense technique against adversarial reconnaissance missions which are required for targeted cyber attacks such as advanced persistent threats in highly connected environments. The defense steps of our system aim to invalidate an attackers information, delay the process of finding vulnerable hosts and identify the source of adversarial reconnaissance within a network.

Original languageEnglish (US)
Pages (from-to)1098-1112
Number of pages15
JournalIEEE Transactions on Network and Service Management
Issue number4
StatePublished - Dec 2017

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Electrical and Electronic Engineering


Dive into the research topics of 'Deceiving network reconnaissance using SDN-based virtual topologies'. Together they form a unique fingerprint.

Cite this