TY - JOUR
T1 - Probe Delay Based Adaptive Port Scanning for IoT Devices with Private IP Address behind NAT
AU - Tang, Fengxiao
AU - Kawamoto, Yuichi
AU - Kato, Nei
AU - Yano, Kazuto
AU - Suzuki, Yoshinori
N1 - Funding Information:
Acknowledgment A portion of this work was conducted under a national project, Research and Development of High Efficiency Wide Area Network Scan for Efficient Use of Frequency in Wireless IoT, which was supported by the Ministry of Internal Affairs and Communications (MIC), Japan.
Publisher Copyright:
© 1986-2012 IEEE.
PY - 2020/3/1
Y1 - 2020/3/1
N2 - Recently, the explosive increase in the number of IoT devices makes the IoT becomes extremely large-scaled, and the security of such a large scale IoT emerges as a big challenge. As a classic security technique, the port scan is widely used around the world. However, as IP resources are limited, a large number of devices are located in the LAN or WLAN behind the NAT which cannot be directly accessed by the port scanner. Furthermore, port scanning generated a tremendous number of probe and response packets which may cause heavy traffic load and frequent congestion. To conquer those problems, in this article, we first propose a reverse proxy based NAT penetration system for scanning ports behind NAT. Based on the NAT penetration system, we proposed a probe delay based adaptive scanning algorithm referred to as ProDASA, which adaptively changes port scanning frequency and scanning methods to balance the network performance and security requirements of the IoT. The experiment in a real environment demonstrates the feasibility of the proposed NAT penetration system and the computational simulation with multiple virtual devices shows the advantage of our proposed ProDASA in terms of both network performance and security by comparing with a conventional method.
AB - Recently, the explosive increase in the number of IoT devices makes the IoT becomes extremely large-scaled, and the security of such a large scale IoT emerges as a big challenge. As a classic security technique, the port scan is widely used around the world. However, as IP resources are limited, a large number of devices are located in the LAN or WLAN behind the NAT which cannot be directly accessed by the port scanner. Furthermore, port scanning generated a tremendous number of probe and response packets which may cause heavy traffic load and frequent congestion. To conquer those problems, in this article, we first propose a reverse proxy based NAT penetration system for scanning ports behind NAT. Based on the NAT penetration system, we proposed a probe delay based adaptive scanning algorithm referred to as ProDASA, which adaptively changes port scanning frequency and scanning methods to balance the network performance and security requirements of the IoT. The experiment in a real environment demonstrates the feasibility of the proposed NAT penetration system and the computational simulation with multiple virtual devices shows the advantage of our proposed ProDASA in terms of both network performance and security by comparing with a conventional method.
UR - http://www.scopus.com/inward/record.url?scp=85073720484&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85073720484&partnerID=8YFLogxK
U2 - 10.1109/MNET.001.1900264
DO - 10.1109/MNET.001.1900264
M3 - Article
AN - SCOPUS:85073720484
SN - 0890-8044
VL - 34
SP - 195
EP - 201
JO - IEEE Network
JF - IEEE Network
IS - 2
M1 - 8869708
ER -