DocumentCode
154251
Title
Can We Identify NAT Behavior by Analyzing Traffic Flows?
Author
Gokcen, Yasemin ; Foroushani, Vahid Aghaei ; Heywood, A. Nur Zincir
Author_Institution
Fac. of Comput. Sci., Dalhousie Univ., Halifax, NS, Canada
fYear
2014
fDate
17-18 May 2014
Firstpage
132
Lastpage
139
Abstract
It is shown in the literature that network address translation devices have become a convenient way to hide the source of malicious behaviors. In this research, we explore how far we can push a machine learning (ML) approach to identify such behaviors using only network flows. We evaluate our proposed approach on different traffic data sets against passive fingerprinting approaches and show that the performance of a machine learning approach is very promising even without using any payload (application layer) information.
Keywords
Internet; learning (artificial intelligence); telecommunication traffic; NAT behavior; machine learning; malicious behaviors; network address translation devices; passive fingerprinting approach; payload information; traffic flows; Browsers; Classification algorithms; Computers; Fingerprint recognition; IP networks; Internet; Payloads; Network address translation classification; machine learning; traffic analysis; traffic flows;
fLanguage
English
Publisher
ieee
Conference_Titel
Security and Privacy Workshops (SPW), 2014 IEEE
Conference_Location
San Jose, CA
Type
conf
DOI
10.1109/SPW.2014.28
Filename
6957296
Link To Document