Passive Remote Source NAT Detection Using Behavior Statistics Derived from NetFlow
نویسندگان
چکیده
Network Address Translation (NAT) is a technique commonly employed in today’s computer networks. NAT allows multiple devices to hide behind a single IP address. From a network management and security point of view, NAT may not be desirable or permitted as it allows rogue and unattended network access. In order to detect rogue NAT devices, we propose a novel passive remote source NAT detection approach based on behavior statistics derived from NetFlow. Our approach utilizes 9 distinct features that can directly be derived from NetFlow records. Furthermore, our approach does not require IP address information, but is capable of operating on anonymous identifiers. Hence, our approach is very privacy friendly. Our approach requires only a 120 seconds sample of NetFlow records to detect NAT traffic within the sample with a lower-bound accuracy of 89.35%. Furthermore, our approach is capable of operating in real-time.
منابع مشابه
Polarization-based index of refraction and reflection angle estimation for remote sensing applications.
A passive-polarization-based imaging system records the polarization state of light reflected by objects that are illuminated with an unpolarized and generally uncontrolled source. Such systems can be useful in many remote sensing applications including target detection, object segmentation, and material classification. We present a method to jointly estimate the complex index of refraction and...
متن کاملTowards Efficient and Privacy-Preserving Network-Based Botnet Detection Using Netflow Data
Botnets pose a severe threat to the security of Internet-connected hosts and the availability of the Internet's infrastructure. In recent years, botnets have attracted many researchers. As a result, many achievements in studying different botnets' anatomies have been made and approaches to botnet detection have been developed. However, most of these approaches target at botnet detection using r...
متن کاملEfficiency of Spectral Indices Derived from Landsat-8 Images of Maharloo Lake and Its Surrounding Rangelands
Maharloo Lake is one of the salty lakes located in the southeast of Fars province, Iran. Presence of salt domes has a significant role in its salinity. Magnesium-sodium chloride and sodium sulfate are dominant salts of the lake. Due to the drying up of lake, widespread lands surrounding the area are exposed to secondary salinity. It seems necessary to investigate the changes to find salinity le...
متن کاملPeer-to-Peer Botnet Detection Using NetFlow Master Thesis
. Abstract . . Traditional botnets use a centralized communications architecture where all the bots connect to Command and Control (C&C) servers. These servers are the weak point of the botnet, as they are easy targets for take down and monitoring. Peer-to-peer (p2p) botnets have a distributed architecture, which make them more resilient. This research aims at the detection of individual p2p bo...
متن کاملOpenFlow-based Link Dimensioning
In this demo we will demonstrate the possibility of using OpenFlow traffic measurements for link dimensioning purposes. Our solution runs on top of the Ryu OpenFlow controller and retrieves per-flow statistics metered at the OpenFlow switch. The statistics are obtained by using messages defined by the OpenFlow protocol. These statistics are then applied to a flowbased link dimensioning approach...
متن کامل