Date of Award
3-2023
Document Type
Thesis
Degree Name
Master of Science
Department
Department of Electrical and Computer Engineering
First Advisor
Barry E. Mullins, PhD
Abstract
This research outlines the design and implementation of a DRDS, which is a RDS distributed across multiple controllers that is capable of deploying reconnaissance deception across multiple switches to mitigate network enumeration by a compromised host. This research outlines the design and development of the DRDS as well as tests its functional abilities and routing performance when compared to a two other network routing solutions: a legacy network solution and centralized ONOS controller scheme deploying layer 2 forwarding. The functional tests proved the system can properly route traffic across 100% of the tested scenarios carrying traffic that includes IP, ARP, and ICMP messages. Furthermore, the system mitigates network enumeration across every tested case. When compared to the legacy network solution, the DRDS performed as well or better in 89.6% of tested network communication scenarios. Similarly, when tested against the centralized ONOS controller scheme, the system performed as well or better in 90% of tested network communication scenarios.
AFIT Designator
AFIT-ENG-MS-23-M-024
Recommended Citation
Feustel, Richard Hunter, "Distributed Reconnaissance Deception using Software-Defined Networking in a Dynamic Network Environment" (2023). Theses and Dissertations. 6925.
https://scholar.afit.edu/etd/6925
Comments
A 12-month embargo was observed.
Approved for public release. Case number on file.