{"id":"https://openalex.org/W4210248409","doi":"https://doi.org/10.1109/aiccsa53542.2021.9686910","title":"Identifying NAT Devices to Detect Shadow IT: A Machine Learning Approach","display_name":"Identifying NAT Devices to Detect Shadow IT: A Machine Learning Approach","publication_year":2021,"publication_date":"2021-11-01","ids":{"openalex":"https://openalex.org/W4210248409","doi":"https://doi.org/10.1109/aiccsa53542.2021.9686910"},"language":"en","primary_location":{"id":"doi:10.1109/aiccsa53542.2021.9686910","is_oa":false,"landing_page_url":"https://doi.org/10.1109/aiccsa53542.2021.9686910","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 IEEE/ACS 18th International Conference on Computer Systems and Applications (AICCSA)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5033491506","display_name":"Reem Nassar","orcid":null},"institutions":[{"id":"https://openalex.org/I98635879","display_name":"American University of Beirut","ror":"https://ror.org/04pznsd21","country_code":"LB","type":"education","lineage":["https://openalex.org/I98635879"]}],"countries":["LB"],"is_corresponding":true,"raw_author_name":"Reem Nassar","raw_affiliation_strings":["Dept. of Electrical and Computer Engineering, American University of Beirut, Beirut, Lebanon"],"affiliations":[{"raw_affiliation_string":"Dept. of Electrical and Computer Engineering, American University of Beirut, Beirut, Lebanon","institution_ids":["https://openalex.org/I98635879"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5061146388","display_name":"Imad H. Elhajj","orcid":"https://orcid.org/0000-0002-6461-4699"},"institutions":[{"id":"https://openalex.org/I98635879","display_name":"American University of Beirut","ror":"https://ror.org/04pznsd21","country_code":"LB","type":"education","lineage":["https://openalex.org/I98635879"]}],"countries":["LB"],"is_corresponding":false,"raw_author_name":"Imad Elhajj","raw_affiliation_strings":["Dept. of Electrical and Computer Engineering, American University of Beirut, Beirut, Lebanon"],"affiliations":[{"raw_affiliation_string":"Dept. of Electrical and Computer Engineering, American University of Beirut, Beirut, Lebanon","institution_ids":["https://openalex.org/I98635879"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5074578100","display_name":"Ayman Kayssi","orcid":"https://orcid.org/0000-0002-0569-1395"},"institutions":[{"id":"https://openalex.org/I98635879","display_name":"American University of Beirut","ror":"https://ror.org/04pznsd21","country_code":"LB","type":"education","lineage":["https://openalex.org/I98635879"]}],"countries":["LB"],"is_corresponding":false,"raw_author_name":"Ayman Kayssi","raw_affiliation_strings":["Dept. of Electrical and Computer Engineering, American University of Beirut, Beirut, Lebanon"],"affiliations":[{"raw_affiliation_string":"Dept. of Electrical and Computer Engineering, American University of Beirut, Beirut, Lebanon","institution_ids":["https://openalex.org/I98635879"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5109570520","display_name":"Samer Salam","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Samer Salam","raw_affiliation_strings":["Cisco Systems, Beirut, Lebanon"],"affiliations":[{"raw_affiliation_string":"Cisco Systems, Beirut, Lebanon","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5033491506"],"corresponding_institution_ids":["https://openalex.org/I98635879"],"apc_list":null,"apc_paid":null,"fwci":0.2719,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.65369188,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"7"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/network-address-translation","display_name":"Network address translation","score":0.8548271656036377},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8089112043380737},{"id":"https://openalex.org/keywords/nat","display_name":"Nat","score":0.763444185256958},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.6199702024459839},{"id":"https://openalex.org/keywords/nat-traversal","display_name":"NAT traversal","score":0.5525792837142944},{"id":"https://openalex.org/keywords/intranet","display_name":"Intranet","score":0.5071582794189453},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.5054600238800049},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.3446267247200012},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.24685660004615784},{"id":"https://openalex.org/keywords/internet-protocol","display_name":"Internet Protocol","score":0.1484098732471466}],"concepts":[{"id":"https://openalex.org/C147873670","wikidata":"https://www.wikidata.org/wiki/Q11182","display_name":"Network address translation","level":4,"score":0.8548271656036377},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8089112043380737},{"id":"https://openalex.org/C182516595","wikidata":"https://www.wikidata.org/wiki/Q376660","display_name":"Nat","level":2,"score":0.763444185256958},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.6199702024459839},{"id":"https://openalex.org/C113707754","wikidata":"https://www.wikidata.org/wiki/Q581558","display_name":"NAT traversal","level":5,"score":0.5525792837142944},{"id":"https://openalex.org/C2778059363","wikidata":"https://www.wikidata.org/wiki/Q483426","display_name":"Intranet","level":3,"score":0.5071582794189453},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.5054600238800049},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3446267247200012},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.24685660004615784},{"id":"https://openalex.org/C35341882","wikidata":"https://www.wikidata.org/wiki/Q8795","display_name":"Internet Protocol","level":3,"score":0.1484098732471466}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/aiccsa53542.2021.9686910","is_oa":false,"landing_page_url":"https://doi.org/10.1109/aiccsa53542.2021.9686910","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 IEEE/ACS 18th International Conference on Computer Systems and Applications (AICCSA)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.4099999964237213,"id":"https://metadata.un.org/sdg/9","display_name":"Industry, innovation and infrastructure"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320306192","display_name":"Silicon Valley Community Foundation","ror":"https://ror.org/001ader08"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":18,"referenced_works":["https://openalex.org/W125674153","https://openalex.org/W1560515891","https://openalex.org/W1976087243","https://openalex.org/W2034382230","https://openalex.org/W2087321129","https://openalex.org/W2139086914","https://openalex.org/W2163075236","https://openalex.org/W2470647078","https://openalex.org/W2512308979","https://openalex.org/W2547456248","https://openalex.org/W2560631726","https://openalex.org/W2577666727","https://openalex.org/W2911964244","https://openalex.org/W3010585105","https://openalex.org/W3023211159","https://openalex.org/W3037011635","https://openalex.org/W3084721625","https://openalex.org/W6888498505"],"related_works":["https://openalex.org/W2371365544","https://openalex.org/W1555739159","https://openalex.org/W2069788412","https://openalex.org/W2368619280","https://openalex.org/W2104434117","https://openalex.org/W2159269118","https://openalex.org/W2993382487","https://openalex.org/W2010198837","https://openalex.org/W2113661795","https://openalex.org/W1940132419"],"abstract_inverted_index":{"Network":[0],"Address":[1,30],"Translation":[2,31],"(NAT)":[3],"is":[4,17,115],"an":[5,63,83,122,221],"address":[6],"remapping":[7],"technique":[8],"placed":[9],"at":[10],"the":[11,35,54,58,68,98,207],"borders":[12],"of":[13,37,70,209,223],"stub":[14],"domains.":[15],"It":[16],"present":[18],"in":[19,121,131,171],"almost":[20],"all":[21,226],"routers":[22],"and":[23,66,73,175,178,197,219],"CPEs.":[24],"Most":[25],"NAT":[26,75,77,119,133,154,212],"devices":[27,92,120,155],"implement":[28],"Port":[29],"(PAT),":[32],"which":[33],"allows":[34],"mapping":[36],"multiple":[38,168,194],"private":[39],"IP":[40,45],"addresses":[41],"to":[42,57,97,117,124,152,173,200,205],"one":[43],"public":[44],"address.":[46],"Based":[47],"on":[48,137,211],"port":[49,179],"number":[50],"information,":[51],"PAT":[52],"matches":[53],"incoming":[55],"traffic":[56,141,185],"corresponding":[59],"\"hidden\"":[60],"client.":[61],"In":[62,145],"enterprise":[64,99],"context,":[65],"with":[67],"proliferation":[69],"unauthorized":[71],"wired":[72],"wireless":[74],"routers,":[76],"can":[78],"be":[79],"used":[80],"for":[81,89],"re-distributing":[82],"Intranet":[84],"or":[85,88,101],"Internet":[86],"connection":[87],"deploying":[90],"hidden":[91],"that":[93],"are":[94,228],"not":[95],"visible":[96],"IT":[100],"under":[102],"its":[103],"oversight,":[104],"thus":[105],"causing":[106],"a":[107,150,157,201],"problem":[108],"known":[109],"as":[110],"shadow":[111],"IT.":[112],"Thus,":[113],"it":[114],"important":[116],"detect":[118],"intranet":[123],"prevent":[125],"this":[126,146],"particular":[127],"problem.":[128],"Previous":[129],"methods":[130],"identifying":[132],"behavior":[134],"were":[135],"based":[136],"features":[138,170,191,227],"extracted":[139,181,192],"from":[140,161,182],"traces":[142],"per":[143],"flow.":[144],"paper,":[147],"we":[148],"propose":[149],"method":[151],"identify":[153],"using":[156],"machine":[158,202],"learning":[159,203],"approach":[160,166,215],"aggregated":[162,190],"flow":[163],"features.":[164],"The":[165],"uses":[167],"statistical":[169],"addition":[172],"source":[174],"destination":[176],"IPs":[177],"numbers,":[180],"passively":[183,218],"collected":[184],"data.":[186],"We":[187],"also":[188],"use":[189],"within":[193],"window":[195],"sizes":[196],"feed":[198],"them":[199],"classifier":[204],"study":[206],"effect":[208],"timing":[210],"detection.":[213],"Our":[214],"works":[216],"completely":[217],"achieves":[220],"accuracy":[222],"96.9%":[224],"when":[225],"utilized.":[229]},"counts_by_year":[{"year":2023,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}