Abstract
Although network address translation (NAT) provides various advantages, it may cause potential threats to network operations. For network administrators to operate networks effectively and securely, it may be necessary to verify whether an assigned IP address is using NAT or not. In this paper, we propose a supervised learning-based active NAT device (NATD) identification using port response patterns. The proposed model utilizes the asymmetric port response patterns between NATD and non-NATD. In addition, to reduce the time and to solve the security issue that supervised learning approaches exhibit, we propose a fast and stealthy NATD identification method. The proposed method can perform the identification remotely, unlike conventional methods that should operate in the same network as the targets. The experimental results demonstrate that the proposed method is effective, exhibiting a F1 score of over 90%. With the efficient features of the proposed methods, we recommend some practical use cases that can contribute to managing networks securely and effectively.
Highlights
As the Internet grows dramatically, the allocation of a unique Internet Protocol version 4 (IPv4)address to each device connected to the Internet has become a problem
A NAT device (NATD) has an interface with a public IP address, which is connected to the public Internet
This section describes our evaluation of the feasibility of the proposed NATD classification by applying a few well-established supervised learning models
Summary
As the Internet grows dramatically, the allocation of a unique Internet Protocol version 4 (IPv4)address to each device connected to the Internet has become a problem. NAT enables multiple hosts in a private network to access the Internet with one public IP address. Apart from these advantages, NAT exhibits the following problems. NAT [1] enables multiple hosts with private addresses in private networks to access the Internet with one public IP address. A NATD has an interface with a public IP address, which is connected to the public Internet It has another interface(s) for hosts with private addresses in their private network(s). To support applications between the NATHs and hosts on the Internet, NATD utilizes the network address and port translation (NAPT) method It maps port numbers and IP addresses between them whenever they send or receive packets between themselves
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
