SecureNT: Smart Topology Obfuscation for Privacy-Aware Network Monitoring

TL;DR

The paper tackles the risk of topology leakage in network tomography by introducing SecureNT, a real-time privacy-preserving framework that obfuscates topology through path relationship-based noise injection and a fake routing topology while preserving measurement utility for trusted users. It formalizes the network model, attacker objectives, and a formal similarity metric to quantify topology inference, then designs a gradient-based protection module that blends fake and real measurements with controlled fidelity. The approach balances fidelity, topology distance, and inference accuracy via defined objectives and path-length-aware smoothing, and it is evaluated on real Topology Zoo networks against MPL, AntiTomo, and Proto, showing competitive or superior protection with maintained monitoring utility. The results indicate SecureNT can practically protect sensitive topology information in large-scale networks without compromising legitimate monitoring capabilities, providing a robust defense against current and potential future inference techniques.

Abstract

Network tomography plays a crucial role in network monitoring and management, where network topology serves as the fundamental basis for various tomography tasks including traffic matrix estimation and link performance inference. The topology information, however, can be inferred through end-to-end measurements using various inference algorithms, posing significant security risks to network infrastructure. While existing protection methods attempt to secure topology information by modifying end-to-end measurements, they often require complex computation and sophisticated modification strategies, making real-time protection challenging. Moreover, these modifications typically render the measurements unusable for network monitoring, even by trusted users. This paper presents a novel privacy-preserving framework that addresses these limitations. Our approach provides efficient topology protection while maintaining the utility of measurements for authorized network monitoring. Through extensive evaluation on both simulated and real-world networks, we demonstrate that our framework achieves superior privacy protection compared to existing methods while enabling trusted users to effectively monitor network performance. Our solution offers a practical approach for organizations to protect sensitive topology information without sacrificing their network monitoring capabilities.

Figures (5)

• Figure 1: Overview of our framework: (a) Network Measurement component collecting end-to-end measurements across network paths. (b) Protection Computing Module that processes measurement data. (c) Fake Topology presented to malicious actors, causing their attacks to fail. (d) Network Tomography allowing trusted users to successfully monitor network status, identifying congested and idle links.
• Figure 2: Noise between AntiTomo (left) and SecureNT (right). SecureNT implements path length-aware noise smoothing to achieve balanced noise distribution while preserving overall noise scale. Blue solid lines show the probability density of noise distribution, and yellow dashed lines represent cumulative distribution functions. The red shaded regions in the right subplot highlight the additional noise compensation introduced by SecureNT compared to AntiTomo.
• Figure 3: Comparison of topology protection effectiveness on four network topologies under varying numbers of probe packets. Lower similarity scores indicate better protection performance.
• Figure 4: F1-scores of link congestion detection under low and high congestion levels across four network topologies, comparing Normal Tomography with three protection methods.
• Figure 5: Impact of protection methods on link performance inference accuracy across four network topologies.