HTTP Cookies: Standards, privacy, and politics
ACM Transactions on Internet Technology (TOIT)
Measuring ISP topologies with rocketfuel
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
A technique for counting natted hosts
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
The session token protocol for forensics and traceback
ACM Transactions on Information and System Security (TISSEC)
Payload attribution via hierarchical bloom filters
Proceedings of the 11th ACM conference on Computer and communications security
Remote Physical Device Fingerprinting
IEEE Transactions on Dependable and Secure Computing
Inferring the source of encrypted HTTP connections
Proceedings of the 13th ACM conference on Computer and communications security
Journal of Computing Sciences in Colleges - Papers of the Fourteenth Annual CCSC Midwestern Conference and Papers of the Sixteenth Annual CCSC Rocky Mountain Conference
Identifying unique devices through wireless fingerprinting
WiSec '08 Proceedings of the first ACM conference on Wireless network security
Passive network forensics: behavioural classification of network hosts based on connection patterns
ACM SIGOPS Operating Systems Review
Introduction to Applied Optimization
Introduction to Applied Optimization
Network monitoring for security and forensics
ICISS'06 Proceedings of the Second international conference on Information Systems Security
Improving evidence acquisition from live network sources
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Tool review: Network traffic as a source of evidence: tool strengths, weaknesses, and future needs
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Hi-index | 0.00 |
Network Address Translation (NAT) is a technology allowing a number of machines to share a single IP address. This presents a problem for network forensics since it is difficult to attribute observed traffic to specific hosts. We present a model and algorithm for disentangling observed traffic into discrete sources. Our model relies on correlation of a number of artifacts left over by the NAT gateway which allows identification of sources. The model works well for a small number of sources, as commonly found behind a home or small office NAT gateway.