Netflow Based System for NAT Detection
Authors | |
---|---|
Year of publication | 2009 |
Type | Article in Proceedings |
Conference | Co-Next Student Workshop '09: Proceedings of the 5th international student workshop on Emerging networking experiments and technologies |
MU Faculty or unit | |
Citation | |
Field | Informatics |
Keywords | Netflow; NAT detection; network security |
Description | Revealing the misuse of network resources is one of the im- portant fields in the network security, especially for the network administrators. One of them is the use of unauthorized NAT (Network Address Translation) devices (e.g. small office routers or wireless access points) inside the network which introduces serious security issues. There are several techniques proposed on how to detect NAT devices in the computer networks, but all these methods suffer from high false positive rate. Also there is no study how to perform NAT detection using NetFlow data, often used for monitoring and forensics analysis in large networks. The contribution of our work consists of the following: i) we have transformed existing NAT detection techniques to work with NetFlow data, ii) we propose three new NAT detection approaches, iii) we have designed a prototype of NAT detection system, which aggregates the results from various NAT detection techniques in order to minimize false positive and false negative rates. |
Related projects: |