Abstract
Due to the lack of available labeled Network Address Translation (NAT) samples, it is still difficult to actively detect the large-scale NATs on the Internet. In this paper, we propose an novel method to identify NATs for online Internet of Things (IoT) devices based on Tri-net (a semi-supervised deep neural network). By learning the features on three layers (network, transport and application layer) in the small labeled data set (with thousands of instances), the Tri-net can automatically identify millions of online NATs. We evaluate this approach on the real-world dataset with more than 8 million online IoT devices, and the performance shows the precision and recall can be both up to \(92\%\). Moreover, we found 2, 511, 499 IoT devices connecting to the Internet via NAT, which account for one-third of the total. To our knowledge, this is the first successful attempt to automatically identify Internet-scale NATs.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Abt, S., Dietz, C., Baier, H., Petrović, S.: Passive remote source NAT detection using behavior statistics derived from NetFlow. In: Doyen, G., Waldburger, M., Čeleda, P., Sperotto, A., Stiller, B. (eds.) AIMS 2013. LNCS, vol. 7943, pp. 148–159. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38998-6_18
Bellovin, S.M.: A technique for counting Natted hosts. In: Proceedings of ACM SIGCOMM Workshop on Internet Measurment (2002)
Beverly, R.: A robust classifier for passive TCP/IP fingerprinting. In: Barakat, C., Pratt, I. (eds.) PAM 2004. LNCS, vol. 3015, pp. 158–167. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24668-8_16
Chen, D., Wang, W., Gao, W., Zhou, Z.: Tri-net for semi-supervised deep learning. In: Proceedings of International Joint Conference on Artificial Intelligence (2018)
Dittrich, D., Kenneally, E.: The Menlo Report: Ethical Principles Guiding Information and Communication Technology Research. Technical report, U.S. Department of Homeland Security (2012)
Durumeric, Z., Adrian, D., Mirian, A., Bailey, M., Halderman, J.A.: A search engine backed by Internet-wide scanning. In: Proceedings of 22nd Computer and Communications Security (2015)
Feng, X., Li, Q., Wang, H., Sun, L.: Acquisitional rule-based engine for discovering Internet-of-Thing devices. In: Proceedings of 27th USENIX Security Symposium (2018)
Gokcen, Y., Foroushani, V.A., Heywood, A.N.Z.: Can we identify NAT behavior by analyzing traffic flows. In: Proceedings of IEEE Symposium on Security and Privacy (2014)
Ishikawa, Y., Yamai, N., Okayama, K., Nakamura, M.: An identification method of PCs behind NAT router with proxy authentication on HTTP communication. In: Proceedings of Symposium on Applications and the Internet (2011)
Khatouni, A.S., Zhang, L., Aziz, K., Zincir, I., Zincirheywood, N.: Exploring NAT detection and host identification using machine learning. In: Proceedings of Conference on Network and Service Management (2019)
Kohno, T., Broido, A., Claffy, K.C.: Remote physical device fingerprinting. IEEE Trans. Dependable Secur. Comput. 2(2), 93–108 (2005)
Komarek, T., Grill, M., Pevny, T.: Passive NAT detection using HTTP access logs. In: Proceedings of International Workshop on Information Forensics and Security (2016)
Li, R., Zhu, H., Xin, Y., Yang, Y., Wang, C.: Remote NAT detect algorithm based on support vector machine. In: Proceedings of Information Engineering and Computer Science (2009)
Maier, G., Schneider, F., Feldmann, A.: NAT usage in residential Broadband networks. In: Spring, N., Riley, G.F. (eds.) PAM 2011. LNCS, vol. 6579, pp. 32–41. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19260-9_4
Rapid7: Open data. https://opendata.rapid7.com/
Rüth, J., Zimmermann, T., Hohlfeld, O.: Hidden treasures – recycling large-scale Internet measurements to study the Internet’s control plane. In: Choffnes, D., Barcellos, M. (eds.) PAM 2019. LNCS, vol. 11419, pp. 51–67. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-15986-3_4
Sun, W., Zhang, H., Cai, L., Yu, A., Shi, J., Jiang, J.: A novel device identification method based on passive measurement. Secur. Commun. Netw. 1–11 (2019)
Yan, Z., Lv, S., Zhang, Y., Zhu, H., Sun, L.: Remote fingerprinting on Internet-Wide printers based on neural network (2019)
Yang, K., Li, Q., Sun, L.: Towards automatic fingerprinting of IoT devices in the cyberspace. Comput. Netw. 148, 318–327 (2019)
Acknowledgments
This work was supported by National Key R&D Program of China (Grant 2017YFC0820701), National Natural Science Foundation of China (Grant U1766215, 61702504).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Yan, Z., Yu, N., Wen, H., Li, Z., Zhu, H., Sun, L. (2020). Detecting Internet-Scale NATs for IoT Devices Based on Tri-Net. In: Yu, D., Dressler, F., Yu, J. (eds) Wireless Algorithms, Systems, and Applications. WASA 2020. Lecture Notes in Computer Science(), vol 12384. Springer, Cham. https://doi.org/10.1007/978-3-030-59016-1_50
Download citation
DOI: https://doi.org/10.1007/978-3-030-59016-1_50
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-59015-4
Online ISBN: 978-3-030-59016-1
eBook Packages: Computer ScienceComputer Science (R0)