Passive NATted Hosts Detect Algorithm Based on Directed Acyclic Graph Support Vector Machine
Unauthorized network address translation (NAT) devices may be a significant security problem. They provide unrestricted access to any number of hosts connecting to them. Some attackers may use computers hidden behind NAT devices to conduct malicious activities such as denial of service. An algorithm is proposed in this work to detect hosts hidden behind NAT. Different from previous researches, the algorithm does not depend on any special field in any packet header. It is based on analyzing traffic features with directed acyclic graph support vector machine (DAGSVM). Firstly traffic models of hosts are selected from training samples with DAGSVM. Then the models and classifier are used for predicting host number of unknown traces. What revealed by the experiment includes that the proposed algorithm is effective, even when there are more hosts in the test set than it is in the training set, and the accuracy will fall when there are more unknown hosts in the test traces.
network address translation network security directed acyclic graph support vector machine host detect
Li Rui Zhu Hongliang Xin Yang Luo Shoushan Yang Yixian Wang Cong
Information Security Center, State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications Key Laboratory of network and information attack & defence technology of MOE, Beijing University of Posts and Tele
国际会议
武汉
英文
1156-1159
2009-11-18(万方平台首次上网日期,不代表论文的发表时间)