Research Summaries

Back Fossilhunt Phase III: Software Development for Network Deception Technologies

Fiscal Year 2017
Division Graduate School of Operational & Information Sciences
Department Computer Science
Investigator(s) Beverly, Robert E.
Sponsor Laboratory for Telecommunications Sciences (DoD)
Summary Based on NPS’s previous research into robust network measurement, we have identified two of our state-of-the-art techniques that represent a significant opportunity to provide new network reconnaissance abilities. With additional software research and development, our techniques can enhance operational network security while giving new insights into the behavior of real-world networks. As in past years, the high-level goals of this project are to advance the state of the art in both network deception, and detection of network deception. This statement of work seeks to extend, enhance, and test two specific tools of recognized value to the sponsor. As such, we propose two primary development thrusts:
1) Enhancing the capabilities of our novel high-speed active mapping tool, Yarrp
2) Deployment and testing of our novel scalable network tarpit tool, Greasy
In this continuing effort, we will add new probing capabilities to Yarrp (IPv6, UDP IPv4), utilize new block ciphers to increase its scanning speed, decouple probe transmission from collection, and collaborate with CAIDA to deploy Yarrp in continuous production on a distributed collection of dedicated vantage points. In parallel, we will validate our recent work on the Greasy network tarpit by deploying it in both IPv4 and IPv6 production environments and performing extensive testing to ensure a production-ready tool. We anticipate the successful completion of these two efforts to yield significant new defensive capabilities for the sponsor.
Keywords Deception Measurement Network Security
Publications Publications, theses (not shown) and data repositories will be added to the portal record when information is available in FAIRS and brought back to the portal
Data Publications, theses (not shown) and data repositories will be added to the portal record when information is available in FAIRS and brought back to the portal