计算机科学 ›› 2018, Vol. 45 ›› Issue (6A): 323-327.

• 网络与通信 • 上一篇    下一篇

基于C5.0决策树的NAT设备检测方法

石志凯1,朱国胜1,2,雷龙飞1,陈胜1,镇佳1,吴善超1,吴梦宇1   

  1. 湖北大学计算机与信息工程学院 武汉4300621
    湖北省教育信息化工程技术研究中心 武汉4300622
  • 出版日期:2018-06-20 发布日期:2018-08-03
  • 作者简介:石志凯(1992-),男,硕士生,主要研究方向为网络流量分析;朱国胜(1972-),男,博士,教授,主要研究方向为下一代互联网、软件定义网络,E-mail:zhuguosheng@hubu.edu.cn(通信作者);雷龙飞(1993-),男,硕士生,主要研究方向为网络流量分析;陈 胜(1994-),男,硕士生,主要研究方向为大数据分析;镇 佳(1992-),女,硕士生,主要研究方向为文本分析;吴善超(1994-),男,硕士生,主要研究方向为数据挖掘;吴梦宇(1994-),硕士生,主要研究方向为网络大数据分析、数据挖掘。
  • 基金资助:
    赛尔网络下一代互联网技术创新项目(NGII20150101)资助

NAT Device Detection Method Based on C5.0 Decision Tree

SHI Zhi-kai1,ZHU Guo-sheng1,2,LEI Long-fei1,CHEN Sheng1,ZHEN Jia1,WU Shan-chao1,WU Meng-yu1   

  1. School of Computer and Information Engineering,Hubei University,Wuhan 430062,China1
    Hubei Province Engineering Technology Research Center for Education Informationization,Wuhan 430062,China2
  • Online:2018-06-20 Published:2018-08-03

摘要: 网络地址转换NAT对外网隐藏了内网的结构,这一方面给非法终端隐匿接入提供了便利,对网络造成潜在威胁;另一方面,用户也可通过NAT私自共享网络,直接损害网络运营者的利益。有效检测NAT设备,对网络安全管控、运营管理具有重要作用。文中对现有NAT检测技术进行了分析与比较,阐述了各自的优缺点和适用条件;提出了一种利用上层应用的特征和训练数据构建C5.0决策树的NAT设备检测方法。真实网络环境下的实验表明,所提方法能有效识别NAT设备。

关键词: C5.0决策树, NAT, NAT检测

Abstract: NAT hides the internal network structure to the external network.On the one hand,it offers access to the illicit terminal facilitates,causing potential threats to the network.On the other hand,users can also privately share networks through NAT,which directly harm the interests of network operators.Effective detecting NAT devices plays an important role in network security and controlling,network operation and management.This article analyzed and compared the current NAT detection technologies.The advantages,disadvantages and the applicable conditions of each technologies were described.A C5.0 decision tree based NAT device detection method using features of the upper-level applications and training data was proposed in this paper.The experiments with real network traffic data show that the model can identify NAT device effectively.

Key words: C5.0 decision tree, NAT, NAT detection

中图分类号: 

  • TP181
[1]STATISTA.Internet of Things (IoT) connected devices in- stalled base worldwide from 2015 to 2025 (in billions)[OL].
[2017-05-14].https://www.statista.com/statistics/471264/iot-numberof-connected-devices-worldwide.
[2]Internet Live Stats.Internet Users[OL].
[2017-0514].http://www.internetlivestats.com/ internet-users/#trend.
[3]NESSETT D M,GRABELSKY D,BORELLA M S,et al.Me- thod and system for locating network services with distributed network address translation:U.S. Patent 6,055,236.2000-4-25.
[4]BELLOVIN S M.A technique for counting NATted hosts[C]∥Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment.ACM,2002:267-272.
[5]STRAKA K,MANES G. Passive detection of nat routers and client counting∥Advances in Digital Forensics II.Springer,Boston,MA,2006:239-246.
[6]MAIER G,SCHNEIDER F,FELDMANN A.NAT usage in residential broadband networks[C]∥International Conference on Passive and Active Network Measurement.Springer,Berlin,Heidelberg,2011:32-41.
[7]MONGKOLLUKSAMEE S,FUKUDA K,PONGPAIBOOL P.Counting NATted hosts by observing TCP/IP field behaviors[C]∥2012 IEEE International Conference on Communications (ICC).IEEE,2012:1265-1270.
[8]ZHANG B,GUAN Y,NIU W,et al.A hybrid packet clustering approach for NAT host analysis[C]∥2015 IEEE International Conference on Communication Software and Networks(ICCSN).IEEE,2015:432-438.
[9]RUI L,HONGLIANG Z,YANG X,et al.Remote NAT detect algorithm based on support vector machine[C]∥2009 International Conference on Information Engineering and Computer Science.2009.
[10]ABT S,DLETZ C,BAIER H,et al.Passive remote source nat detection using behavior statistics derived from netflow[C]∥IFIP International Conference on Autonomous Infrastructure,Management and Security.Springer,Berlin,Heidelberg,2013:148-159.
[11]GOKCEN Y,FOROUSHANI V A,HEYWOOD A N Z.Can we identify NAT behavior by analyzing Traffic Flows?[C]∥Security and Privacy Workshops (SPW),2014 IEEE.IEEE,2014:132-139.
[12]KOMREK T,GRILL M,PEVNY T.Passive NAT detection using HTTP access logs[C]∥2016 IEEE International Workshop on Information Forensics and Security (WIFS).IEEE,2016:1-6.
[13]BI J,ZHAO L,ZHANG M.Application presence fingerprinting for NAT-aware router[C]∥Knowledge-Based Intelligent Information and Engineering Systems.Springer Berlin/Heidelberg,2006:678-685.
[14]The Bro Network Security Monitor[OL].http://www.bro. org.
[15]HOLMES G,DONKIN A,WITTEN I H.Weka:A machine learning workbench∥Proceedings of the 1994 Second Australian and New Zealand Conference on Intelligent Information Systems.IEEE,1994:357-361.
[1] 王卓薇,程良伦,肖红.
一种基于GPU的高精度体系结构级功耗模型
High-precision Architecture-level Power Model Based on GPU
计算机科学, 2016, 43(11): 30-35. https://doi.org/10.11896/j.issn.1002-137X.2016.11.006
[2] 徐伟,朱帅,叶春豪.
面向中小企业的低成本Web服务负载均衡器的设计
Design for SMEs of Low Cost Web Server Load Balancer
计算机科学, 2013, 40(Z11): 57-59.
[3] 赵 培,李国徽.
Multi-bank闪存文件系统的一种I/O调度机制
Efficient I/O Scheduler over Multi-bank Flash Memory File Systems
计算机科学, 2012, 39(4): 287-292.
[4] 李杰.
基于ORM的轻量级数据持久化技术研究及应用
Research and Application of Lightweight Data Persistence Technology Based on ORM
计算机科学, 2010, 37(9): 190-193.
[5] .
基于UDP交换路由的NAT互联技术研究

计算机科学, 2008, 35(9): 119-122.
[6] .
一种基于图的异常入侵检测新算法

计算机科学, 2008, 35(11): 78-82.
[7] .
网络层析成像研究综述

计算机科学, 2006, 33(9): 12-17.
[8] 陈晓铭 吴中福 陈蕾.
基于ICE方式H.323信令穿越Symmetric NAT技术研究

计算机科学, 2006, 33(8): 82-85.
[9] 白伟华 李吉桂.
NAT技术及其穿越方案研究

计算机科学, 2005, 32(8): 44-45.
[10] 无.
第十一届联合国际计算机会议(JICC2005)征文通知

计算机科学, 2005, 32(4): 231-231.
[11] 逯鹏 吕良双 高庆一.
Native XML数据库技术综述

计算机科学, 2004, 31(4): 84-88.
[12] 时曦 苏思妮 等.
多点UDP互连的透明代理

计算机科学, 2001, 28(12): 122-123.
[13] 郭立峰 郭耀.
NATO软件复用标准导论

计算机科学, 1999, 26(5): 5-16.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!