Existing topology obfuscation methods rely on two unrealistic assumptions—perfect identification of perturbations via probe packets and prior knowledge of a fixed attack algorithm—leading to poor robustness. To address this, we propose a distributionally robust end-to-end defense framework. Methodologically: (1) we model attacker observation uncertainty using delay distributions; (2) we formulate the defense objective as minimizing the worst-case expected topology distortion over an ambiguity set of plausible delay distributions; and (3) we employ graph neural networks to implicitly simulate unknown adversarial behaviors, integrating adversarial training with distributionally robust optimization for model-free generalization. Experiments demonstrate that our approach improves structural similarity by 34% on average and reduces link distance error by 42.6% compared to baseline methods. Moreover, it maintains strong stealth and robustness under probe misclassification and adaptive attacks.

Tomography inference attacks aim to reconstruct network topology by analyzing end-to-end probe delays. Existing defenses mitigate these attacks by manipulating probe delays to mislead inference, but rely on two strong assumptions: (i) probe packets can be perfectly detected and altered, and (ii) attackers use known, fixed inference algorithms. These assumptions often break in practice, leading to degraded defense performance under detection errors or adaptive adversaries. We present RoTO, a robust topology obfuscation scheme that eliminates both assumptions by modeling uncertainty in attacker-observed delays through a distributional formulation. RoTO casts the defense objective as a min-max optimization problem that maximizes expected topological distortion across this uncertainty set, without relying on perfect probe control or specific attacker models. To approximate attacker behavior, RoTO leverages graph neural networks for inference simulation and adversarial training. We also derive an upper bound on attacker success probability, and demonstrate that our approach enhances topology obfuscation performance through the optimization of this upper bound. Experimental results show that RoTO outperforms existing defense methods, achieving average improvements of 34% in structural similarity and 42.6% in link distance while maintaining strong robustness and concealment capabilities.