Passive NAT detection using HTTP access logs
作者: Tomas Komarek , Martin Grill , Tomas Pevny
DOI: 10.1109/WIFS.2016.7823896
关键词:
摘要: Network devices performing Address Translation (NAT) overcome the problem of deficit IPv4 addresses as well introduce a vulnerability to network with possibly insecure configurations. Therefore detection unauthorized NAT is an important task in security domain. In this paper, novel passive algorithm proposed that identifies using statistical behavior analysis. We model hosts eight features extracted from HTTP access logs. These are collected within consecutive non-overlapping time windows covering last 24 hours. To classify whether host device or end (non-NAT device) pre-trained linear classifier used. Since labeled data for training purposes hard obtain, we also propose way how generate unlabeled traffic On basis our experimental evaluation, outperforms state-of-the-art solution represented by [3].
sci-hub.se 参考文章(12)
Benoit Claise, Cisco Systems NetFlow Services Export Version 9 RFC. ,vol. 3954, pp. 1- 33 ,(2004)
Sebastian Abt, Christian Dietz, Harald Baier, Slobodan Petrović, Passive remote source NAT detection using behavior statistics derived from netflow autonomous infrastructure management and security. pp. 148- 159 ,(2013) , 10.1007/978-3-642-38998-6_18
Gregor Maier, Fabian Schneider, Anja Feldmann, NAT usage in residential broadband networks passive and active network measurement. ,vol. 6579, pp. 32- 41 ,(2011) , 10.1007/978-3-642-19260-9_4
Robert Beverly, A Robust Classifier for Passive TCP/IP Fingerprinting passive and active network measurement. pp. 158- 167 ,(2004) , 10.1007/978-3-540-24668-8_16
P. Srisuresh, K. Egevang, Traditional IP Network Address Translator (Traditional NAT) RFC3022. ,vol. 3022, pp. 1- 16 ,(2001)
Sophon Mongkolluksamee, Kensuke Fukuda, Panita Pongpaibool, Counting NATted hosts by observing TCP/IP field behaviors international conference on communications. pp. 1265- 1270 ,(2012) , 10.1109/ICC.2012.6364596
Jan Jusko, Martin Rehak, Tomas Pevny, A memory efficient privacy preserving representation of connection graphs Proceedings of the 1st International Workshop on Agents and CyberSecurity. pp. 4- ,(2014) , 10.1145/2602945.2602947
Steven M. Bellovin, A technique for counting natted hosts acm special interest group on data communication. pp. 267- 272 ,(2002) , 10.1145/637201.637243
Gilles Blanchard, Clayton Scott, Gyemin Lee, Semi-Supervised Novelty Detection Journal of Machine Learning Research. ,vol. 11, pp. 2973- 3009 ,(2010)
Rui Li, Hongliang Zhu, Yang Xin, Yixian Yang, Cong Wang, Remote NAT Detect Algorithm Based on Support Vector Machine international conference on information engineering and computer science. pp. 1- 4 ,(2009) , 10.1109/ICIECS.2009.5365286