Camouflage of network traffic to resist attack (CONTRA)

The CONTRA system camouflages traffic among a set of collaborating hosts, and camouflages critical hosts by spreading the identity of each across multiple IP addresses. One realization of this system comprises a virtual network topology and supporting protocols that operate on top of the network transport layer. The protocol employs a synergistic combination of multipath relay transmissions, K-out-of N message encoding, packet encryption, heteromorphic packet relay and dynamically assignable IP addresses. The characteristics of the virtual network topology and protocols together impede the attacker´s ability to analyze traffic patterns, limit the visibility of real IP addresses to those cooperating hosts that are topologically adjacent to a host whose traffic is being monitored, and allow hosts to spread their IP identities and to modify the IPs associated with a host. These system characteristics will reduce the ability of a hostile entity to mount a successful denial-of-service attack against the operations among the set of hosts.