Asset Publisher
Darknet and DoD Networks: Obfuscation, Spoof Detection, and Elimination

The pervasiveness of network traffic lacking attribution inhibits the deterrence of malicious online actors. Without attribution, malicious actors can launch near-anonymous cyber attacks with relative impunity - and may even redirect reprisal. Shortcomings in attribution would be less of a concern if anonymous relay network traffic could be discerned from non-relay traffic and blocked due to its anonymity. This work is a preliminary exploration into statistically identifiable online anonymity characteristics of network traffic. Network traffic characteristics will be observed and analyzed to determine if anonymous relay traffic may be discerned from types of non-relay traffic. The method applies Bayesian logic (using the knowledge of prior events to predict future events) to determine if on line identities originate from anonymous relays by examining three characteristics of anonymous network traffic; 1) network traffic packet header offset 2) logical port continuity 3) network packet round-trip timing.
NPS Naval Research Program
NPS Naval Research Program
Navy
2017