Recently, the explosive increase in the number of IoT devices makes the IoT becomes extremely large-scaled, and the security of such a large scale IoT emerges as a big challenge. As a classic security technique, the port scan is widely used around the world. However, as IP resources are limited, a large number of devices are located in the LAN or WLAN behind the NAT which cannot be directly accessed by the port scanner. Furthermore, port scanning generated a tremendous number of probe and response packets which may cause heavy traffic load and frequent congestion. To conquer those problems, in this article, we first propose a reverse proxy based NAT penetration system for scanning ports behind NAT. Based on the NAT penetration system, we proposed a probe delay based adaptive scanning algorithm referred to as ProDASA, which adaptively changes port scanning frequency and scanning methods to balance the network performance and security requirements of the IoT. The experiment in a real environment demonstrates the feasibility of the proposed NAT penetration system and the computational simulation with multiple virtual devices shows the advantage of our proposed ProDASA in terms of both network performance and security by comparing with a conventional method.
ASJC Scopus subject areas
- Information Systems
- Hardware and Architecture
- Computer Networks and Communications