poster

Netflow based system for NAT detection

Authors:

Co-Next Student Workshop '09: Proceedings of the 5th international student workshop on Emerging networking experiments and technologies

Pages 23 - 24

https://doi.org/10.1145/1658997.1659010

Published: 01 December 2009 Publication History

Get Access

Abstract

Revealing the misuse of network resources is one of the important fields in the network security, especially for the network administrators. One of them is the use of unauthorized NAT (Network Address Translation) devices (e.g. small office routers or wireless access points) inside the network which introduces serious security issues. There are several techniques proposed on how to detect NAT devices in the computer networks, but all these methods suffer from high false positive rate. Also there is no study how to perform NAT detection using NetFlow data, often used for monitoring and forensics analysis in large networks. The contribution of our work consists of the following: i) we have transformed existing NAT detection techniques to work with NetFlow data, ii) we propose three new NAT detection approaches, iii) we have designed a prototype of NAT detection system, which aggregates the results from various NAT detection techniques in order to minimize false positive and false negative rates.

References

[1]

S. M. Bellovin. A technique for counting natted hosts. In IMW '02: Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment, pages 267--272, New York, NY, USA, 2002. ACM.

Digital Library

Google Scholar

[2]

Cisco Systems. Cisco IOS NetFlow. http://www.cisco.com/go/netFlow, 2009.

Google Scholar

[3]

INVEA-TECH. Standard FlowMon Probe. http://www.invea-tech.com/, 2009.

Google Scholar

[4]

Peter Phaal. Detecting NAT Devices using sFlow, http://www.sflow.org/detectNAT/, 2003.

Google Scholar

[5]

J. Zhang and A. W. Moore. Traffic trace artifacts due to monitoring via port mirroring. In Proceedings of the Fifth IEEE/IFIP E2EMON, pages 1--8, 2007.

Crossref

Google Scholar

Cited By

View all

Mateless RZlatokrilov HOrevi LSegal MMoskovitch R(2021)IPvest: Clustering the IP Traffic of Network Entities Hidden Behind a Single IP Address Using Machine LearningIEEE Transactions on Network and Service Management10.1109/TNSM.2021.306248818:3(3647-3661)Online publication date: Sep-2021
https://doi.org/10.1109/TNSM.2021.3062488
Nassar RElhajj IKayssi ASalam S(2021)Identifying NAT Devices to Detect Shadow IT: A Machine Learning Approach2021 IEEE/ACS 18th International Conference on Computer Systems and Applications (AICCSA)10.1109/AICCSA53542.2021.9686910(1-7)Online publication date: Nov-2021
https://doi.org/10.1109/AICCSA53542.2021.9686910
Khatouni ATrevisan MGiordano D(2019)Data-Driven Emulation of Mobile Access Networks2019 15th International Conference on Network and Service Management (CNSM)10.23919/CNSM46954.2019.9012691(1-6)Online publication date: Oct-2019
https://doi.org/10.23919/CNSM46954.2019.9012691
Show More Cited By

Netflow based system for NAT detection
1. Networks
  1. Network services

Recommendations

SSH Compromise Detection using NetFlow/IPFIX

Flow-based approaches for SSH intrusion detection have been developed to overcome the scalability issues of host-based alternatives. Although the detection of many SSH attacks in a flow-based fashion is fairly straightforward, no insight is typically ...
NetFlow Based Intrusion Detection System
MMIT '08: Proceedings of the 2008 International Conference on MultiMedia and Information Technology

As a opening global network, Internet now is facing more and more attacks and complex methods of attack, which causes the network security problem becoming the focal point that people pay attention to.The single firewall strategy can not satisfy the ...
Passive remote source NAT detection using behavior statistics derived from netflow
AIMS'13: Proceedings of the 7th IFIP WG 6.6 international conference on Autonomous Infrastructure, Management, and Security: emerging management mechanisms for the future internet - Volume 7943

Network Address Translation (NAT) is a technique commonly employed in today's computer networks. NAT allows multiple devices to hide behind a single IP address. From a network management and security point of view, NAT may not be desirable or permitted ...

Comments

Information & Contributors

Information

Published In

Co-Next Student Workshop '09: Proceedings of the 5th international student workshop on Emerging networking experiments and technologies

December 2009

68 pages

ISBN:9781605587516

DOI:10.1145/1658997

Program Chairs:
Matthew Caesar
University of Illinois at Urbana-Champaign, USA
,
Polly Huang
National Taiwan University, Taiwan
,
Luigi Iannone
Deutsche Telekom Laboratories AG - TUB, Germany

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 December 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Poster

Conference

Co-NEXT '09

Sponsor:

SIGCOMM

Co-NEXT '09: Conference on emerging Networking EXperiments and Technologies

December 1, 2009

Rome, Italy

Acceptance Rates

Overall Acceptance Rate 198 of 789 submissions, 25%

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

18
Total Citations
View Citations
454
Total Downloads

Downloads (Last 12 months)13
Downloads (Last 6 weeks)2

Reflects downloads up to 03 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Mateless RZlatokrilov HOrevi LSegal MMoskovitch R(2021)IPvest: Clustering the IP Traffic of Network Entities Hidden Behind a Single IP Address Using Machine LearningIEEE Transactions on Network and Service Management10.1109/TNSM.2021.306248818:3(3647-3661)Online publication date: Sep-2021
https://doi.org/10.1109/TNSM.2021.3062488
Nassar RElhajj IKayssi ASalam S(2021)Identifying NAT Devices to Detect Shadow IT: A Machine Learning Approach2021 IEEE/ACS 18th International Conference on Computer Systems and Applications (AICCSA)10.1109/AICCSA53542.2021.9686910(1-7)Online publication date: Nov-2021
https://doi.org/10.1109/AICCSA53542.2021.9686910
Khatouni ATrevisan MGiordano D(2019)Data-Driven Emulation of Mobile Access Networks2019 15th International Conference on Network and Service Management (CNSM)10.23919/CNSM46954.2019.9012691(1-6)Online publication date: Oct-2019
https://doi.org/10.23919/CNSM46954.2019.9012691
Khatouni AZhang LAziz KZincir IZincir-Heywood N(2019)Exploring NAT Detection and Host Identification Using Machine Learning2019 15th International Conference on Network and Service Management (CNSM)10.23919/CNSM46954.2019.9012684(1-8)Online publication date: Oct-2019
https://doi.org/10.23919/CNSM46954.2019.9012684
Le FValdez ECheng P(2019)Counting Devices: Revisiting Existing Approaches in Today’s Settings2019 IEEE International Conference on Big Data (Big Data)10.1109/BigData47090.2019.9006482(4032-4037)Online publication date: Dec-2019
https://doi.org/10.1109/BigData47090.2019.9006482
ZHAI XWANG MHU HHU G(2017)Internet Data Center IP Identification and Connection Relationship Analysis Based on Traffic Connection Behavior AnalysisIEICE Transactions on Communications10.1587/transcom.2016EBP3273E100.B:4(510-517)Online publication date: 2017
https://doi.org/10.1587/transcom.2016EBP3273
Cox JClark ROwen H(2017)Leveraging SDN and WebRTC for Rogue Access Point SecurityIEEE Transactions on Network and Service Management10.1109/TNSM.2017.271062314:3(756-770)Online publication date: Sep-2017
https://doi.org/10.1109/TNSM.2017.2710623
Husák MČermák MJirsík TČeleda P(2016)HTTPS traffic analysis and client identification using passive SSL/TLS fingerprintingEURASIP Journal on Information Security10.1186/s13635-016-0030-72016:1(1-14)Online publication date: 1-Dec-2016
https://dl.acm.org/doi/10.1186/s13635-016-0030-7
Richter PWohlfart FVallina-Rodriguez NAllman MBush RFeldmann AKreibich CWeaver NPaxson VGill PHeidemann JByers JGovindan R(2016)A Multi-perspective Analysis of Carrier-Grade NAT DeploymentProceedings of the 2016 Internet Measurement Conference10.1145/2987443.2987474(215-229)Online publication date: 14-Nov-2016
https://dl.acm.org/doi/10.1145/2987443.2987474
Yan BHuang LGou GGuo YBao Y(2016)A Fine-Grained Large-Scale NAT Detection MethodAdvanced Multimedia and Ubiquitous Engineering10.1007/978-981-10-1536-6_64(493-499)Online publication date: 30-Aug-2016
https://doi.org/10.1007/978-981-10-1536-6_64
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Recommendations

SSH Compromise Detection using NetFlow/IPFIX

NetFlow Based Intrusion Detection System

Passive remote source NAT detection using behavior statistics derived from netflow