A training algorithm for optimal margin classifiers
COLT '92 Proceedings of the fifth annual workshop on Computational learning theory
C4.5: programs for machine learning
C4.5: programs for machine learning
On the design and performance of prefix-preserving IP traffic trace anonymization
IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
A technique for counting natted hosts
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Remote Physical Device Fingerprinting
IEEE Transactions on Dependable and Secure Computing
Netflow based system for NAT detection
Proceedings of the 5th international student workshop on Emerging networking experiments and technologies
Passive NATted Hosts Detect Algorithm Based on Directed Acyclic Graph Support Vector Machine
MINES '09 Proceedings of the 2009 International Conference on Multimedia Information Networking and Security - Volume 02
Fast-flux bot detection in real time
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Security enhancement by detecting network address translation based on instant messaging
EUC'06 Proceedings of the 2006 international conference on Emerging Directions in Embedded and Ubiquitous Computing
Tetherway: a framework for tethering camouflage
Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks
Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail
SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
A Framework for P2P Botnet Detection Using SVM
CYBERC '12 Proceedings of the 2012 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery
Hi-index | 0.00 |
Network Address Translation (NAT) is a technique commonly employed in today's computer networks. NAT allows multiple devices to hide behind a single IP address. From a network management and security point of view, NAT may not be desirable or permitted as it allows rogue and unattended network access. In order to detect rogue NAT devices, we propose a novel passive remote source NAT detection approach based on behavior statistics derived from NetFlow. Our approach utilizes 9 distinct features that can directly be derived from NetFlow records. Furthermore, our approach does not require IP address information, but is capable of operating on anonymous identifiers. Hence, our approach is very privacy friendly. Our approach requires only a 120 seconds sample of NetFlow records to detect NAT traffic within the sample with a lower-bound accuracy of 89.35%. Furthermore, our approach is capable of operating in real-time.