AntiMNT:一种对抗多源网络层析成像的拓扑混淆机制

AntiMNT:topology obfuscation mechanism against multi-source network tomography

作为一种典型的网络拓扑推断方法,网络层析成像技术可以被攻击者用来准确推断目标网络的拓扑结构,进而向关键节点或链路发起有针对性的攻击行为。为了有效隐藏真实的网络拓扑结构等信息,提出了一种基于主动欺骗方式对抗多源网络层析成像探测的拓扑混淆机制AntiMNT。AntiMNT针对多源网络层析成像的探测过程,策略性地构建虚假拓扑结构,并据此混淆攻击者对目标网络的端到端测量数据,使其形成错误的拓扑推断结果。为了高效生成具有高欺骗特征的混淆网络拓扑,AntiMNT随机生成候选混淆拓扑集,并在此基础上用多目标优化算法搜索具有高安全性和可信度的最优混淆拓扑。基于几种真实网络拓扑的实验分析表明,AntiMNT可以生成高欺骗性和安全性的混淆网络拓扑,从而能够有效防御基于网络层析成像的网络侦察。

As a typical network topology inference method,network tomography can be used by attackers to accurately infer the topology of the target network,and then launch targeted attacks on key nodes or links.In order to effectively hide the real network topology and other information,this paper proposed a topology obfuscation mechanism AntiMNT based on active deception against multi-source network tomography detection.According to the detection process of multi-source network tomography,AntiMNT strategically built a fake topology,and obfuscated the attacker’s end-to-end measurement data of the target network,making it form a wrong topology inference result.In order to efficiently generate an obfuscated network topology with high deception characteristics,AntiMNT randomly generated a set of candidate obfuscated topologies,and on this basis,used a greedy algorithm to search for the optimal obfuscated topology with high security and credibility.Experimental analysis based on several real network topologies shows that AntiMNT can generate highly deceptive and secure obfuscated network topologies,which can effectively defend against network tomography-based network reconnaissance.