| Summary: | 碩士 === 玄奘大學 === 資訊科學學系碩士班 === 95 === Monitoring the user's behavior in network environment, the rule of IP address allocation is that the user assigned to a single public IP address. The network address translation technology enables multiple users to access concurrently the internet on a private network that using a single public IP address in order to reduce the consumption of public IP address. However, users may use a device with network address translation function at their convenience, but do not have a good control of identity authentication which may enable others can access the internet by the same IP address. These behaviors not only discomfit the rules of network management, but also open a hiding loophole for the malicious user that may increase the complexity and the security crisis of network management.
Currently, the method for detecting the device with network address translation function is to search and analysis arduously the available information in the network packet data, then determine the device existence or not. In the past, analyzing the identification number in the IP packet for inferring the amount of user under the same public IP address had been proposed. However, due to the network delay, or lose the packet accounted for packet retransmission, this kind of method was often unable to classify the packet effectively, and might cause the mistake of detecting. Therefore, we will provide a method to advance the timestamps factor of the network TCP layer. It will support the network administrator to observe the unusual using behavior in the single public IP address at the same time, and detect the network address translation device hided in the network.
|
|---|
