Exploring NAT Detection and Host Identification Using Machine Learning

Simple item page
dc.contributor.author Ali Safari Khatouni
dc.contributor.author Lan Zhang
dc.contributor.author Khurram Aziz
dc.contributor.author Ibrahim Zincir
dc.contributor.author Zhang, Lan
dc.contributor.author Zincir, Ibrahim
dc.contributor.author Khatouni, Ali Safari
dc.contributor.author Aziz, Khurram
dc.contributor.author Zincir-Heywood, Nur
dc.contributor.editor H. Lutfiyya , Y. Diao , N. Zincir-Heywood , R. Badonnel , E. Madeira
dc.date.accessioned 2025-10-06T17:51:20Z
dc.date.issued 2019
dc.description.abstract The usage of Network Address Translation (NAT) devices is common among end users organizations and Internet Service Providers. NAT provides anonymity for users within an organization by replacing their internal IP addresses with a single external wide area network address. While such anonymity provides an added measure of security for legitimate users it can also be taken advantage of by malicious users hiding behind NAT devices. Thus identifying NAT devices and hosts behind them is essential to detect malicious behaviors in traffic and application usage. In this paper we propose a machine learning based solution to detect hosts behind NAT devices by using flow level statistics (excluding IP addresses port numbers and application layer information) from passive traffic measurements. We capture a large dataset and perform an extensive evaluation of our proposed approach with four existing approaches from the literature. Our results show that the proposed approach could identify NAT behaviors and hosts not only with higher accuracy but also demonstrates the impact of parameter sensitivity of the proposed approach. © 2020 Elsevier B.V. All rights reserved.
dc.description.sponsorship 2Keys, Cisco, GoSecure, Juniper, Moogosoft
dc.description.sponsorship This research is supported by Natural Science and Engineering Research Council of Canada (NSERC) and 2Keys Corp. The research is conducted as part of the Dalhousie NIMS Lab at: https://projects.cs.dal.ca/projectx/.
dc.description.sponsorship Natural Science and Engineering Research Council of Canada (NSERC)
dc.description.sponsorship Dalhousie NIMS; Natural Science and Engineering Research Council of Canada
dc.identifier.doi 10.23919/CNSM46954.2019.9012684
dc.identifier.isbn 9783903176249
dc.identifier.issn 2165-9605
dc.identifier.scopus 2-s2.0-85078840366
dc.identifier.uri https://www.scopus.com/inward/record.uri?eid=2-s2.0-85078840366&doi=10.23919%2FCNSM46954.2019.9012684&partnerID=40&md5=7df5fe82bae58c88b4512f4565dc2937
dc.identifier.uri https://gcris.yasar.edu.tr/handle/123456789/9359
dc.identifier.uri https://doi.org/10.23919/cnsm46954.2019.9012684
dc.identifier.uri https://doi.org/10.23919/CNSM46954.2019.9012684
dc.language.iso English
dc.publisher Institute of Electrical and Electronics Engineers Inc.
dc.relation.ispartof 15th International Conference on Network and Service Management CNSM 2019
dc.relation.ispartofseries International Conference on Network and Service Management
dc.rights info:eu-repo/semantics/closedAccess
dc.subject Internet Protocols, Large Dataset, Machine Learning, Flow Level, Ip Addresss, Legitimate Users, Malicious Behavior, Network Address Translations, Parameter Sensitivities, Port Numbers, Traffic Measurements, Wide Area Networks
dc.subject Internet protocols, Large dataset, Machine learning, Flow level, IP addresss, Legitimate users, Malicious behavior, Network address translations, Parameter sensitivities, Port numbers, Traffic measurements, Wide area networks
dc.title Exploring NAT Detection and Host Identification Using Machine Learning
dc.type Conference Object
dspace.entity.type Publication
gdc.author.id safari khatouni, ali/0000-0002-6435-6933
gdc.author.scopusid 57105333100
gdc.author.scopusid 56997368500
gdc.author.scopusid 57215824087
gdc.author.scopusid 55575855800
gdc.author.scopusid 7102304042
gdc.author.wosid safari khatouni, ali/AAK-4218-2020
gdc.bip.impulseclass C4
gdc.bip.influenceclass C5
gdc.bip.popularityclass C4
gdc.coar.type text::conference output
gdc.collaboration.industrial false
gdc.description.department
gdc.description.departmenttemp [Khatouni, Ali Safari; Zhang, Lan; Aziz, Khurram; Zincir-Heywood, Nur] Dalhousie Univ, Halifax, NS, Canada; [Zincir, Ibrahim] Yasar Univ, Bornova, Turkey
gdc.description.endpage 8
gdc.description.publicationcategory Konferans Öğesi - Uluslararası - Kurum Öğretim Elemanı
gdc.description.startpage 1
gdc.description.woscitationindex Conference Proceedings Citation Index - Science
gdc.identifier.openalex W3010585105
gdc.identifier.wos WOS:000552229800026
gdc.index.type Scopus
gdc.index.type WoS
gdc.oaire.diamondjournal false
gdc.oaire.impulse 6.0
gdc.oaire.influence 2.9587266E-9
gdc.oaire.isgreen false
gdc.oaire.popularity 5.6582055E-9
gdc.oaire.publicfunded false
gdc.oaire.sciencefields 0202 electrical engineering, electronic engineering, information engineering
gdc.oaire.sciencefields 02 engineering and technology
gdc.openalex.collaboration International
gdc.openalex.fwci 1.1201
gdc.openalex.normalizedpercentile 0.84
gdc.opencitations.count 13
gdc.plumx.crossrefcites 1
gdc.plumx.mendeley 14
gdc.plumx.scopuscites 18
gdc.scopus.citedcount 18
gdc.wos.citedcount 5
person.identifier.scopus-author-id Khatouni- Ali Safari (56997368500), Zhang- Lan (57215824087), Aziz- Khurram (7102304042), Zincir- Ibrahim (55575855800)
project.funder.name This research is supported by Natural Science and Engineering Research Council of Canada (NSERC) and 2Keys Corp. The research is conducted as part of the Dalhousie NIMS Lab at: https://projects.cs.dal.ca/projectx/.
relation.isOrgUnitOfPublication ac5ddece-c76d-476d-ab30-e4d3029dee37
relation.isOrgUnitOfPublication.latestForDiscovery ac5ddece-c76d-476d-ab30-e4d3029dee37

Files

Collections

Scopus İndeksli Yayınlar Koleksiyonu
WoS İndeksli Yayınlar Koleksiyonu