Passive Remote Source NAT Detection Using Behavior Statistics Derived from NetFlow

Abt, Sebastian; Dietz, Christian; Baier, Harald; Petrović, Slobodan

doi:10.1007/978-3-642-38998-6_18

Cited by 8 publications

(3 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Their algorithm exhibited an accuracy of 75%. Abt et al [10] proposed a C4.5 DT algorithm based on flow information such as the IP addresses and port numbers of sender and receiver, protocol, and number of bytes and packets exchanged on an IP address. The method resulted in an accuracy of 89%.…”

Section: Related Workmentioning

confidence: 99%

“…In [8], a method to detect NATDs and the NATHs behind them by using IP TTLs and HTTP user-agent strings is proposed. Methods to identify NATDs and NATHs using machine learning techniques based on packet sequences are proposed in [9][10][11][12]. Most of these passive methods presented their NATD identification methods as parts of techniques for counting the NATHs behind an NATD.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Supervised Learning-Based Fast, Stealthy, and Active NAT Device Identification Using Port Response Patterns

et al. 2020

View full text Add to dashboard Cite

Although network address translation (NAT) provides various advantages, it may cause potential threats to network operations. For network administrators to operate networks effectively and securely, it may be necessary to verify whether an assigned IP address is using NAT or not. In this paper, we propose a supervised learning-based active NAT device (NATD) identification using port response patterns. The proposed model utilizes the asymmetric port response patterns between NATD and non-NATD. In addition, to reduce the time and to solve the security issue that supervised learning approaches exhibit, we propose a fast and stealthy NATD identification method. The proposed method can perform the identification remotely, unlike conventional methods that should operate in the same network as the targets. The experimental results demonstrate that the proposed method is effective, exhibiting a F1 score of over 90%. With the efficient features of the proposed methods, we recommend some practical use cases that can contribute to managing networks securely and effectively.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Supervised Learning-Based Fast, Stealthy, and Active NAT Device Identification Using Port Response Patterns

et al. 2020

View full text Add to dashboard Cite

show abstract

“…To the best of our knowledge, there is a lack of literature on flow-based host identification. There is literature on user identification [13] and on means for passive OS fingerprinting or NAT detection [11,1], though. Further, we consider to implement some results of host classification research, such as detecting type of the host [9].…”

Section: Research Questions and Proposed Approachmentioning

confidence: 99%

Enhancing Network Security: Host Trustworthiness Estimation

Jirsík

Čeleda

2014

Monitoring and Securing Virtualized Networks and Services

View full text Add to dashboard Cite

Abstract. Network connected devices has become inherent part of our lives. These devices have come to be more and more mobile and are target of various malware attacks. An inability to guarantee or check proper security settings of such devices poses a serious risk to network security. In this paper we propose a novel concept of flow based host trustworthiness estimation. The estimated trustworthiness determines a level of the risk to the network security the host posses. This concept enables network operators to identify a potential dangerous host in their network and take an appropriate precautions. Models used for trustworthiness estimation are based on scoring either single events or host characteristics. In order to be able to estimate trustworthiness of a host even in large scale networks, the data used for estimation are reduced only to extended network flows. The research is in its initial phase and will conclude with Ph.D. thesis in three years.

show abstract

Detecting Internet-Scale NATs for IoT Devices Based on Tri-Net

Yan

Wen

et al. 2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Passive Remote Source NAT Detection Using Behavior Statistics Derived from NetFlow

Cited by 8 publications

References 18 publications

Supervised Learning-Based Fast, Stealthy, and Active NAT Device Identification Using Port Response Patterns

Supervised Learning-Based Fast, Stealthy, and Active NAT Device Identification Using Port Response Patterns

Enhancing Network Security: Host Trustworthiness Estimation

Detecting Internet-Scale NATs for IoT Devices Based on Tri-Net

Contact Info

Product

Resources

About