Abstract: Method for communicating in a computer network from a first node (101, 102, 103) in the network to a second node (136, 138), not in the network. A virtual identity is selected for the first node. The virtual identity is comprised of one or more session identity parameters used for representing the first node during a static communication session with the second node. The session identity parameters used during the static communication session are excluded from a coordinated variation of identity parameters for nodes within the network. In response to determining an occurrence of at least one communication security threat with respect to the static communication session, the method further involves adaptively modifying the virtual identity assigned to the first node by changing at least one of the session identity parameters.

Abstract: Method for communicating in a computer network from a first node (101, 102, 103) in the network to a second node (136, 138), not in the network. A virtual identity is manually selected for the first node. The virtual identity is comprised of one or more session identity parameters used for representing the first node during a static communication session with the second node. The session identity parameters used during the static communication session are excluded from a coordinated variation of identity parameters for nodes within the network. In response to determining an occurrence of at least one communication security threat with respect to the static communication session, the method further involves adaptively modifying the virtual identity assigned to the first node by changing at least one of the session identity parameters.

Abstract: Systems (1900) and methods (2300, 2400) for use in a network node (1901-1903). The methods involve: receiving a Data Communication (“DC”) from Data Link Layer Software (“DLLS”); identifying an IDentity Parameter (“IDP”) contained in DC which comprises a False Value (“FV”) specifying false information about the node or DC; obtaining a True Value (“TV”) specifying true information about the node or DC; replacing the FV with the TV to generate a modified DC; and forwarding the modified DC to Network Layer Software (“NLS”). The methods also involve: receiving a Data Unit (“DU”) from NLS comprising a Transport Layer Header (“TLH”) and a Network Layer Header (“NLH”) including TVs specifying true information about the node or FDU; obtaining a FV which specifies false information about the node or FDU; replacing a TV of DU with the FV so as to form a Modified Data Unit (“MDU”); and forwarding MDU to DLLS.

Abstract: Systems (100) and methods (2100) for identifying, deterring and/or delaying malicious attacks being waged on a Computer Network (“CN”). The methods involve implementing a Mission Plan (“MP”) at a first Network Node (“NN”). MP (1900, 1902) specifies that: a first IDentity Parameter (“IDP”) for a second NN has numerous possible values associated therewith; and at least two possible values are to be used in communications to and from the second NN in different timeslots of a time frame (2020-2026). At the first NN, a value for the first IDP, which is contained in a received packet, is compared with the possible values specified in MP to determine if the value is a “correct” value for a current timeslot. If it is determined that the value is not “correct” for the current timeslot, then the first NN performs actions to identify, deter or delay a possible malicious attack on CN.

Abstract: Method for communicating in a computer network from a first node (101, 102, 103) in the network to a second node (136, 138), not in the network. A virtual identity is selected for the first node. The virtual identity is comprised of one or more session identity parameters used for representing the first node during a static communication session with the second node. The session identity parameters used during the static communication session are excluded from a coordinated variation of identity parameters for nodes within the network. In response to determining an occurrence of at least one communication security threat with respect to the static communication session, the method further involves adaptively modifying the virtual identity assigned to the first node by changing at least one of the session identity parameters.

Abstract: Method for communicating in a computer network from a first node (101, 102, 103) in the network to a second node (136, 138), not in the network. A virtual identity is manually selected for the first node. The virtual identity is comprised of one or more session identity parameters used for representing the first node during a static communication session with the second node. The session identity parameters used during the static communication session are excluded from a coordinated variation of identity parameters for nodes within the network. In response to determining an occurrence of at least one communication security threat with respect to the static communication session, the method further involves adaptively modifying the virtual identity assigned to the first node by changing at least one of the session identity parameters.

Abstract: A method and apparatus for processing data messages in a dynamic computer network is disclosed. The method includes implementing a mission plan specifying a message type, a message generation location, and a message distance vector for false messages, receiving a data message that includes a plurality of identity parameters, and determining a message type and a message distance vector for the received message. The network device is configured to generate false messages and process received messages. If the message type is a false message and the distance vector of the false message has been exhausted, the data message is dropped. If the distance vector of the false message has not been exhausted, transmitting the false message in accordance with the mission plan.

Abstract: Systems (1900) and methods (2300, 2400) for use in a network node (1901-1903). The methods involve: receiving a Data Communication (“DC”) from Data Link Layer Software (“DLLS”); identifying an IDentity Parameter (“IDP”) contained in DC which comprises a False Value (“FV”) specifying false information about the node or DC; obtaining a True Value (“TV”) specifying true information about the node or DC; replacing the FV with the TV to generate a modified DC; and forwarding the modified DC to Network Layer Software (“NLS”). The methods also involve: receiving a Data Unit (“DU”) from NLS comprising a Transport Layer Header (“TLH”) and a Network Layer Header (“NLH”) including TVs specifying true information about the node or FDU; obtaining a FV which specifies false information about the node or FDU; replacing a TV of DU with the FV so as to form a Modified Data Unit (“MDU”); and forwarding MDU to DLLS.

Abstract: A method and apparatus for processing data messages in a dynamic computer network is disclosed. The method includes implementing a mission plan specifying a message type, a message generation location, and a message distance vector for false messages, receiving a data message that includes a plurality of identity parameters, and determining a message type and a message distance vector for the received message. The network device is configured to generate false messages and process received messages. If the message type is a false message and the distance vector of the false message has been exhausted, the data message is dropped. If the distance vector of the false message has not been exhausted, transmitting the false message in accordance with the mission plan.

Abstract: Systems (100) and methods (2100) for identifying, deterring and/or delaying malicious attacks being waged on a Computer Network (“CN”). The methods involve implementing a Mission Plan (“MP”) at a first Network Node (“NN”). MP (1900, 1902) specifies that: a first IDentity Parameter (“IDP”) for a second NN has numerous possible values associated therewith; and at least two possible values are to be used in communications to and from the second NN in different timeslots of a time frame (2020-2026). At the first NN, a value for the first IDP, which is contained in a received packet, is compared with the possible values specified in MP to determine if the value is a “correct” value for a current timeslot. If it is determined that the value is not “correct” for the current timeslot, then the first NN performs actions to identify, deter or delay a possible malicious attack on CN.