How Polynomial Regression Improves DeNATing

Ari Adler; Lior Bass; Yuval Elovici; Rami Puzis

doi:10.1109/TNSM.2023.3266390

How Polynomial Regression Improves DeNATing

Ari Adler, Lior Bass, Yuval Elovici, Rami Puzis

Department of Software and Information Systems Engineering

Research output: Contribution to journal › Article › peer-review

2 Scopus citations

Abstract

The ubiquity of Network Address Translation (NAT) and mobile hotspots that aggregate source IP addresses of connected devices to a single IP address makes it difficult for an observer in the Internet to learn anything about the internal network. The IP Identification header field of Domain Name System requests and the TCP Timestamp (TCP TS) header field of TCP SYN packets are the main features for counting devices in the internal network and association of packets to these devices, also known as DeNATing. This paper introduces a new method that relies on polynomial least-squares curve fitting for DeNATing. Evaluation of our model is performed on multiple real-world datasets containing Windows and Unix devices behind a router using NAT and a mobile hotspot. The proposed method outperforms other state-of-the-art methods for all of the used datasets on all types of devices. Successful DeNATing may help in cybersecurity, anti-fraud, and other use cases.

Original language	English
Pages (from-to)	5000-5011
Number of pages	12
Journal	IEEE Transactions on Network and Service Management
Volume	20
Issue number	4
DOIs	https://doi.org/10.1109/TNSM.2023.3266390
State	Published - 11 Apr 2023

Keywords

DeNATing
IP network
polynomial regression
security management

ASJC Scopus subject areas

Computer Networks and Communications
Electrical and Electronic Engineering

Access to Document

10.1109/TNSM.2023.3266390

Cite this

@article{bc77ac8bca13451fba71086392ade6de,

title = "How Polynomial Regression Improves DeNATing",

abstract = "The ubiquity of Network Address Translation (NAT) and mobile hotspots that aggregate source IP addresses of connected devices to a single IP address makes it difficult for an observer in the Internet to learn anything about the internal network. The IP Identification header field of Domain Name System requests and the TCP Timestamp (TCP TS) header field of TCP SYN packets are the main features for counting devices in the internal network and association of packets to these devices, also known as DeNATing. This paper introduces a new method that relies on polynomial least-squares curve fitting for DeNATing. Evaluation of our model is performed on multiple real-world datasets containing Windows and Unix devices behind a router using NAT and a mobile hotspot. The proposed method outperforms other state-of-the-art methods for all of the used datasets on all types of devices. Successful DeNATing may help in cybersecurity, anti-fraud, and other use cases.",

keywords = "DeNATing, IP network, polynomial regression, security management",

author = "Ari Adler and Lior Bass and Yuval Elovici and Rami Puzis",

note = "Publisher Copyright: IEEE",

year = "2023",

month = apr,

day = "11",

doi = "10.1109/TNSM.2023.3266390",

language = "English",

volume = "20",

pages = "5000--5011",

journal = "IEEE Transactions on Network and Service Management",

issn = "1932-4537",

publisher = "Institute of Electrical and Electronics Engineers",

number = "4",

}

TY - JOUR

T1 - How Polynomial Regression Improves DeNATing

AU - Adler, Ari

AU - Bass, Lior

AU - Elovici, Yuval

AU - Puzis, Rami

N1 - Publisher Copyright: IEEE

PY - 2023/4/11

Y1 - 2023/4/11

N2 - The ubiquity of Network Address Translation (NAT) and mobile hotspots that aggregate source IP addresses of connected devices to a single IP address makes it difficult for an observer in the Internet to learn anything about the internal network. The IP Identification header field of Domain Name System requests and the TCP Timestamp (TCP TS) header field of TCP SYN packets are the main features for counting devices in the internal network and association of packets to these devices, also known as DeNATing. This paper introduces a new method that relies on polynomial least-squares curve fitting for DeNATing. Evaluation of our model is performed on multiple real-world datasets containing Windows and Unix devices behind a router using NAT and a mobile hotspot. The proposed method outperforms other state-of-the-art methods for all of the used datasets on all types of devices. Successful DeNATing may help in cybersecurity, anti-fraud, and other use cases.

AB - The ubiquity of Network Address Translation (NAT) and mobile hotspots that aggregate source IP addresses of connected devices to a single IP address makes it difficult for an observer in the Internet to learn anything about the internal network. The IP Identification header field of Domain Name System requests and the TCP Timestamp (TCP TS) header field of TCP SYN packets are the main features for counting devices in the internal network and association of packets to these devices, also known as DeNATing. This paper introduces a new method that relies on polynomial least-squares curve fitting for DeNATing. Evaluation of our model is performed on multiple real-world datasets containing Windows and Unix devices behind a router using NAT and a mobile hotspot. The proposed method outperforms other state-of-the-art methods for all of the used datasets on all types of devices. Successful DeNATing may help in cybersecurity, anti-fraud, and other use cases.

KW - DeNATing

KW - IP network

KW - polynomial regression

KW - security management

UR - https://www.scopus.com/pages/publications/85153398333

U2 - 10.1109/TNSM.2023.3266390

DO - 10.1109/TNSM.2023.3266390

M3 - Article

AN - SCOPUS:85153398333

SN - 1932-4537

VL - 20

SP - 5000

EP - 5011

JO - IEEE Transactions on Network and Service Management

JF - IEEE Transactions on Network and Service Management

IS - 4

ER -

How Polynomial Regression Improves DeNATing

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this