Passive Remote Source NAT Detection Using Behavior Statistics Derived from NetFlow

Abstract : Network Address Translation (NAT) is a technique commonly employed in today’s computer networks. NAT allows multiple devices to hide behind a single IP address. From a network management and security point of view, NAT may not be desirable or permitted as it allows rogue and unattended network access. In order to detect rogue NAT devices, we propose a novel passive remote source NAT detection approach based on behavior statistics derived from NetFlow. Our approach utilizes 9 distinct features that can directly be derived from NetFlow records. Furthermore, our approach does not require IP address information, but is capable of operating on anonymous identifiers. Hence, our approach is very privacy friendly. Our approach requires only a 120 seconds sample of NetFlow records to detect NAT traffic within the sample with a lower-bound accuracy of 89.35%. Furthermore, our approach is capable of operating in real-time.
Type de document :
Communication dans un congrès
Guillaume Doyen; Martin Waldburger; Pavel Čeleda; Anna Sperotto; Burkhard Stiller. 7th International Conference on Autonomous Infrastructure (AIMS), Jun 2013, Barcelona, Spain. Springer, Lecture Notes in Computer Science, LNCS-7943, pp.148-159, 2013, Emerging Management Mechanisms for the Future Internet. 〈10.1007/978-3-642-38998-6_18〉
Liste complète des métadonnées

Littérature citée [22 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01489964
Contributeur : Hal Ifip <>
Soumis le : mardi 14 mars 2017 - 17:06:16
Dernière modification le : mardi 14 mars 2017 - 17:12:29
Document(s) archivé(s) le : jeudi 15 juin 2017 - 15:13:59

Fichier

978-3-642-38998-6_18_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Sebastian Abt, Christian Dietz, Harald Baier, Slobodan Petrović. Passive Remote Source NAT Detection Using Behavior Statistics Derived from NetFlow. Guillaume Doyen; Martin Waldburger; Pavel Čeleda; Anna Sperotto; Burkhard Stiller. 7th International Conference on Autonomous Infrastructure (AIMS), Jun 2013, Barcelona, Spain. Springer, Lecture Notes in Computer Science, LNCS-7943, pp.148-159, 2013, Emerging Management Mechanisms for the Future Internet. 〈10.1007/978-3-642-38998-6_18〉. 〈hal-01489964〉

Partager

Métriques

Consultations de la notice

62

Téléchargements de fichiers

41