Probe Delay Based Adaptive Port Scanning for IoT Devices with Private IP Address behind NAT

Fengxiao Tang, Yuichi Kawamoto, Nei Kato, Kazuto Yano, Yoshinori Suzuki

Research output: Contribution to journalArticle

Abstract

Recently, the explosive increase in the number of IoT devices makes the IoT becomes extremely large-scaled, and the security of such a large scale IoT emerges as a big challenge. As a classic security technique, the port scan is widely used around the world. However, as IP resources are limited, a large number of devices are located in the LAN or WLAN behind the NAT which cannot be directly accessed by the port scanner. Furthermore, port scanning generated a tremendous number of probe and response packets which may cause heavy traffic load and frequent congestion. To conquer those problems, in this article, we first propose a reverse proxy based NAT penetration system for scanning ports behind NAT. Based on the NAT penetration system, we proposed a probe delay based adaptive scanning algorithm referred to as ProDASA, which adaptively changes port scanning frequency and scanning methods to balance the network performance and security requirements of the IoT. The experiment in a real environment demonstrates the feasibility of the proposed NAT penetration system and the computational simulation with multiple virtual devices shows the advantage of our proposed ProDASA in terms of both network performance and security by comparing with a conventional method.

Original languageEnglish
Article number8869708
Pages (from-to)195-201
Number of pages7
JournalIEEE Network
Volume34
Issue number2
DOIs
Publication statusPublished - 2020 Mar 1

ASJC Scopus subject areas

  • Software
  • Information Systems
  • Hardware and Architecture
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Probe Delay Based Adaptive Port Scanning for IoT Devices with Private IP Address behind NAT'. Together they form a unique fingerprint.

  • Cite this