Camouflage of network traffic to resist attack (CONTRA)

The CONTRA system camouflages traffic among a set of collaborating hosts, and camouflages critical hosts by spreading the identity of each across multiple IP addresses. One realization of this system comprises a virtual network topology and supporting protocols that operate on top of the network transport layer. The protocol employs a synergistic combination of multipath relay transmissions, K-out-of N message encoding, packet encryption, heteromorphic packet relay and dynamically assignable IP addresses. The characteristics of the virtual network topology and protocols together impede the attacker's ability to analyze traffic patterns, limit the visibility of real IP addresses to those cooperating hosts that are topologically adjacent to a host whose traffic is being monitored, and allow hosts to spread their IP identities and to modify the IPs associated with a host. These system characteristics will reduce the ability of a hostile entity to mount a successful denial-of-service attack against the operations among the set of hosts.