A PRELIMINARY STUDY FOR IDENTIFYING NAT TRAFFIC USING MACHINE LEARNING

Abstract

It is shown in the literature that the NAT devices have become a convenient way to hide the identity of malicious behaviors. In this thesis, the aim is to identify the presence of the NAT devices in the network traffic and (if possible) to predict the number of users behind those NAT devices. To this end, I utilize different approaches and evaluate the performance of these approaches under different network environments represented by the availability of different data fields. To achieve this, I propose a machine learning (ML) based approach to detect NAT devices. I evaluate my approach against different passive fingerprinting techniques representing the state-of-the-art in the literature and show that the performance of the proposed ML based approach is very promising even without using any payload (application layer) information.