Network infrastructure obfuscation
First Claim
1. A method of obfuscating physical computers on a computer network from hackers, the method comprising:
- capturing packets on a computer network of physical computers;
monitoring the captured packets to ascertain a schedule of a plurality of connection activations and deactivations of the physical computers on the network;
surveying a logical topology of the computer network;
instantiating and initializing a plurality of software-based host emulators, each host emulator configured to respond to an Internet control message protocol (ICMP) echo request packet;
obtaining an Internet protocol (IP) address for each host emulator based on the surveyed topology; and
connecting the host emulators to the base computer network over time based on the ascertained schedule and a random number generator, the connecting substantially interleaving the connecting of the host emulators with the plurality of connection activations of the physical computers.
4 Assignments
0 Petitions
Accused Products
Abstract
A shadow network, which can be a virtual reproduction of a real, physical, base computer network, is described. Shadow networks duplicate the topology, services, host, and network traffic of the base network using shadow hosts, which are low interaction, minimal-resource-using host emulators. The shadow networks are connected to the base network through virtual switches, etc. in order to form a large obfuscated network. When a hacker probes into a host emulator, a more resource-intensive virtual machine can be swapped in to take its place. When a connection is attempted from a host emulator to a physical computer, the a host emulator can step in to take the place of the physical computer, and software defined networking (SDN) can prevent collisions between the duplicated IP addresses. Replicating the shadow networks within the network introduces problems for hackers and allows a system administrator easier ways to identify intrusions.
-
Citations
20 Claims
-
1. A method of obfuscating physical computers on a computer network from hackers, the method comprising:
-
capturing packets on a computer network of physical computers; monitoring the captured packets to ascertain a schedule of a plurality of connection activations and deactivations of the physical computers on the network; surveying a logical topology of the computer network; instantiating and initializing a plurality of software-based host emulators, each host emulator configured to respond to an Internet control message protocol (ICMP) echo request packet; obtaining an Internet protocol (IP) address for each host emulator based on the surveyed topology; and connecting the host emulators to the base computer network over time based on the ascertained schedule and a random number generator, the connecting substantially interleaving the connecting of the host emulators with the plurality of connection activations of the physical computers. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method of containing a hacker within a shadow portion of a computer network, the method comprising:
-
instantiating and initializing a plurality of software-based host emulators, each host emulator configured to respond to an Internet control message protocol (ICMP) echo request packet; obtaining an Internet protocol (IP) address for each host emulator; connecting the host emulators to a computer network having physical computers; intercepting a request to establish a connection between a first host emulator of the host emulators and a first physical computer of the physical computers; determining an IP address of the first physical computer; assigning the IP address of the first physical computer to a second host emulator, the first physical computer keeping its IP address; routing, using software defined networking (SDN), the intercepted request to the second host emulator; and establishing a connection between the first and second host emulators using the routing. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
20. A method of setting up a computer network to obfuscate hackers, the method comprising:
-
mapping physical hosts on a base computer network, including identifying a type and Internet protocol (IP) address of each physical host on the base network; determining a topology of the base network from the mapping; determining one or more services available on the base network from the mapping; capturing packets on the base network; identifying, from the captured packets, a network traffic pattern, the network traffic pattern including a frequency of communication, communication protocol, connection time, or source and destination IP address for a communication on the network; generating instructions for creating a shadow network from the topology, available services, and network traffic pattern, the shadow network having substantially the same topology, available services, and network traffic pattern as the base network; creating at least one shadow network using the generated instructions; and connecting the at least one shadow network to the base network.
-
Specification