Ali Safari Khatouni, Lan Zhang, K. Aziz, Ibrahim Zincir, Nur Zincir-Heywood
{"title":"利用机器学习探索NAT检测和主机识别","authors":"Ali Safari Khatouni, Lan Zhang, K. Aziz, Ibrahim Zincir, Nur Zincir-Heywood","doi":"10.23919/CNSM46954.2019.9012684","DOIUrl":null,"url":null,"abstract":"The usage of Network Address Translation (NAT) devices is common among end users, organizations, and Internet Service Providers. NAT provides anonymity for users within an organization by replacing their internal IP addresses with a single external wide area network address. While such anonymity provides an added measure of security for legitimate users, it can also be taken advantage of by malicious users hiding behind NAT devices. Thus, identifying NAT devices and hosts behind them is essential to detect malicious behaviors in traffic and application usage. In this paper, we propose a machine learning based solution to detect hosts behind NAT devices by using flow level statistics (excluding IP addresses, port numbers, and application layer information) from passive traffic measurements. We capture a large dataset and perform an extensive evaluation of our proposed approach with four existing approaches from the literature. Our results show that the proposed approach could identify NAT behaviors and hosts not only with higher accuracy but also demonstrates the impact of parameter sensitivity of the proposed approach.","PeriodicalId":273818,"journal":{"name":"2019 15th International Conference on Network and Service Management (CNSM)","volume":"54 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":"{\"title\":\"Exploring NAT Detection and Host Identification Using Machine Learning\",\"authors\":\"Ali Safari Khatouni, Lan Zhang, K. Aziz, Ibrahim Zincir, Nur Zincir-Heywood\",\"doi\":\"10.23919/CNSM46954.2019.9012684\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The usage of Network Address Translation (NAT) devices is common among end users, organizations, and Internet Service Providers. NAT provides anonymity for users within an organization by replacing their internal IP addresses with a single external wide area network address. While such anonymity provides an added measure of security for legitimate users, it can also be taken advantage of by malicious users hiding behind NAT devices. Thus, identifying NAT devices and hosts behind them is essential to detect malicious behaviors in traffic and application usage. In this paper, we propose a machine learning based solution to detect hosts behind NAT devices by using flow level statistics (excluding IP addresses, port numbers, and application layer information) from passive traffic measurements. We capture a large dataset and perform an extensive evaluation of our proposed approach with four existing approaches from the literature. Our results show that the proposed approach could identify NAT behaviors and hosts not only with higher accuracy but also demonstrates the impact of parameter sensitivity of the proposed approach.\",\"PeriodicalId\":273818,\"journal\":{\"name\":\"2019 15th International Conference on Network and Service Management (CNSM)\",\"volume\":\"54 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"9\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 15th International Conference on Network and Service Management (CNSM)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.23919/CNSM46954.2019.9012684\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 15th International Conference on Network and Service Management (CNSM)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.23919/CNSM46954.2019.9012684","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Exploring NAT Detection and Host Identification Using Machine Learning
The usage of Network Address Translation (NAT) devices is common among end users, organizations, and Internet Service Providers. NAT provides anonymity for users within an organization by replacing their internal IP addresses with a single external wide area network address. While such anonymity provides an added measure of security for legitimate users, it can also be taken advantage of by malicious users hiding behind NAT devices. Thus, identifying NAT devices and hosts behind them is essential to detect malicious behaviors in traffic and application usage. In this paper, we propose a machine learning based solution to detect hosts behind NAT devices by using flow level statistics (excluding IP addresses, port numbers, and application layer information) from passive traffic measurements. We capture a large dataset and perform an extensive evaluation of our proposed approach with four existing approaches from the literature. Our results show that the proposed approach could identify NAT behaviors and hosts not only with higher accuracy but also demonstrates the impact of parameter sensitivity of the proposed approach.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
