AntiTomo: Network topology obfuscation against adversarial tomography-based topology inference

By using tomography-based topology inference method, attackers can infer the topology of a network without the collaboration of the internal nodes in that network, which can greatly improve the efficiency of their subsequent link flood attack (LFA) behaviors. In order to defend against adversarial tomography-based topology inference, we propose a network topology obfuscation mechanism named AntiTomo, which is a proactive deception based network anti-reconnaissance method. By providing the attackers with well-designed obfuscated path measurement metrics, AntiTomo can lead the attackers to form a fake network topology view, which hides the key elements (i.e., the key links and the key nodes) of the physical network. To generate an obfuscated network topology with high deceptive features efficiently, AntiTomo uses the multi-objective optimization model to construct the obfuscated topology with security and low-cost features. Our experimental analysis based on several typical real network topologies shows that AntiTomo can generate an effective obfuscated network topology with high deceptive, low cost, and high efficiency, which can defend against tomography-based network topology reconnaissance effectively. (C) 2021 Elsevier Ltd. All rights reserved.

Automated summary

This article presents a proactive deception-based network anti-reconnaissance method called AntiTomo to defend against adversarial tomography-based topology inference. By providing attackers with obfuscated path measurement metrics, AntiTomo guides them to form a fake network topology view, thus hiding the key elements of the physical network.