A novel approach for detecting vulnerable IoT devices connected behind a home NAT

Yair Meidan, Vinay Sachidananda, Hongyi Peng, Racheli Sagron, Yuval Elovici, Asaf Shabtai

Research output: Contribution to journalArticlepeer-review

21 Scopus citations


Telecommunication service providers (telcos) are exposed to cyber-attacks executed by compromised IoT devices connected to their customers’ networks. Such attacks might have severe effects on the attack target, as well as the telcos themselves. To mitigate those risks, we propose a machine learning-based method that can detect specific vulnerable IoT device models connected behind a domestic NAT, thereby identifying home networks that pose a risk to the telcos infrastructure and service availability. To evaluate our method, we collected a large quantity of network traffic data from various commercial IoT devices in our lab and compared several classification algorithms. We found that (a) the LGBM algorithm produces excellent detection results, and (b) our flow-based method is robust and can handle situations for which existing methods used to identify devices behind a NAT are unable to fully address, e.g., encrypted, non-TCP or non-DNS traffic. To promote future research in this domain we share our novel labeled benchmark dataset.

Original languageEnglish
Article number101968
JournalComputers and Security
StatePublished - 1 Oct 2020


  • DeNAT
  • Device identification
  • Internet of things (IoT)
  • Machine learning
  • Network address translation (NAT)

ASJC Scopus subject areas

  • Computer Science (all)
  • Law


Dive into the research topics of 'A novel approach for detecting vulnerable IoT devices connected behind a home NAT'. Together they form a unique fingerprint.

Cite this