Identifying computers hidden behind a NAT using machine learning techniques

Ori Zakin, Metal Levi, Yuval Elovici, Lior Rockach, Nir Shafrir, Guy Sinter, Ofer Pen

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

3 Scopus citations

Abstract

Attackers may use computers hidden behind a Network Address Translator (NAT) in order to conduct malicious activities such as denial of service (DoS). In such cases law enforcement agencies are unable in many cases to single out an attacker from all the users hidden behind the NAT. In this paper we present an innovative approach for clustering the sessions emanating from the NAT in order to identify the attacker. Each cluster should ideally include only the sessions emanating from a specific computer. A system that implements the new approach was developed. It was used to evaluate the new approach performance in a real environment that included 24 computers hidden behind the NAT. The preliminary evaluation results have demonstrated the superiority of the new approach over existing solutions and its ability to assist in locating potential attackers hidden behind a NAT.

Original languageEnglish
Title of host publication6th European Conference on Information Warfare and Security 2007, ECIW 2007
Pages335-340
Number of pages6
StatePublished - 1 Dec 2007
Event6th European Conference on Information Warfare and Security 2007, ECIW 2007 - Shrivenham, United Kingdom
Duration: 2 Jul 20073 Jul 2007

Publication series

Name6th European Conference on Information Warfare and Security 2007, ECIW 2007

Conference

Conference6th European Conference on Information Warfare and Security 2007, ECIW 2007
Country/TerritoryUnited Kingdom
CityShrivenham
Period2/07/073/07/07

Keywords

  • Network address translator
  • Security

Fingerprint

Dive into the research topics of 'Identifying computers hidden behind a NAT using machine learning techniques'. Together they form a unique fingerprint.

Cite this