It is generally recognized that the network traffic generated by an individual acts as his biometric signature. Several tools exploit this fact to fingerprint and monitor users. Often, though, these tools access the entire traffic, including IP addresses and payloads. In general, this is not feasible on the grounds that both performance and privacy would be negatively affected. In reality, most ISPs convert user traffic into Net Flow records for a concise representation that does not include the payload. More importantly, a single IP address belonging to a large and distributed network is usually masked using Network Address Translation techniques, thus a few IP addresses may be associated to thousands of individuals (NAT'd IPs). We devised a new fingerprinting framework that overcomes these hurdles. Our system is able to analyze a huge amount of network traffic represented as Net Flows, with the intent to track people. It does so by accurately inferring when users are connected to the network and which IP addresses they are using, even though thousands of users are hidden behind NAT. Our prototype implementation was deployed and tested within an existing large metropolitan WiFi network serving about 200,000 users, with an average load of more than 1,000 users simultaneously connected behind 2 NAT'd IP addresses only. Our solution turned out to be very effective, with an accuracy greater than 90%. We also devised new tools and refined existing ones that may be applied to other contexts related to Net Flow analysis.

No NAT'd User Left Behind: Fingerprinting Users behind NAT from NetFlow Records Alone / Verde, N. V.; Ateniese, Giuseppe; Gabrielli, Emanuele; Mancini, Luigi Vincenzo; Spognardi, Angelo. - STAMPA. - (2014), pp. 218-227. (Intervento presentato al convegno IEEE 34th International Conference on Distributed Computing Systems tenutosi a Madrid, Spain nel June 30 - July 3, 2014) [10.1109/ICDCS.2014.30].

No NAT'd User Left Behind: Fingerprinting Users behind NAT from NetFlow Records Alone

ATENIESE, GIUSEPPE;GABRIELLI, Emanuele;MANCINI, Luigi Vincenzo;SPOGNARDI, Angelo
2014

Abstract

It is generally recognized that the network traffic generated by an individual acts as his biometric signature. Several tools exploit this fact to fingerprint and monitor users. Often, though, these tools access the entire traffic, including IP addresses and payloads. In general, this is not feasible on the grounds that both performance and privacy would be negatively affected. In reality, most ISPs convert user traffic into Net Flow records for a concise representation that does not include the payload. More importantly, a single IP address belonging to a large and distributed network is usually masked using Network Address Translation techniques, thus a few IP addresses may be associated to thousands of individuals (NAT'd IPs). We devised a new fingerprinting framework that overcomes these hurdles. Our system is able to analyze a huge amount of network traffic represented as Net Flows, with the intent to track people. It does so by accurately inferring when users are connected to the network and which IP addresses they are using, even though thousands of users are hidden behind NAT. Our prototype implementation was deployed and tested within an existing large metropolitan WiFi network serving about 200,000 users, with an average load of more than 1,000 users simultaneously connected behind 2 NAT'd IP addresses only. Our solution turned out to be very effective, with an accuracy greater than 90%. We also devised new tools and refined existing ones that may be applied to other contexts related to Net Flow analysis.
2014
IEEE 34th International Conference on Distributed Computing Systems
Privacy, IP networks, Machine learnig, Hidden Markov models, Internet Protocols, Net Flow analysis, user fingerprinting framework, masked IP addresses, user privacy, network address translation techniques, metropolitan WiFi network
04 Pubblicazione in atti di convegno::04b Atto di convegno in volume
No NAT'd User Left Behind: Fingerprinting Users behind NAT from NetFlow Records Alone / Verde, N. V.; Ateniese, Giuseppe; Gabrielli, Emanuele; Mancini, Luigi Vincenzo; Spognardi, Angelo. - STAMPA. - (2014), pp. 218-227. (Intervento presentato al convegno IEEE 34th International Conference on Distributed Computing Systems tenutosi a Madrid, Spain nel June 30 - July 3, 2014) [10.1109/ICDCS.2014.30].
File allegati a questo prodotto
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11573/643025
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 32
  • ???jsp.display-item.citation.isi??? 22
social impact