{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,28]],"date-time":"2025-03-28T04:08:07Z","timestamp":1743134887952,"version":"3.40.3"},"reference-count":50,"publisher":"Wiley","issue":"2","license":[{"start":{"date-parts":[[2012,5,10]],"date-time":"2012-05-10T00:00:00Z","timestamp":1336608000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/2.zoppoz.workers.dev:443\/http\/onlinelibrary.wiley.com\/termsAndConditions#vor"}],"funder":[{"name":"National Science, Technology, and Innovation Plan","award":["08-INF97-4"],"award-info":[{"award-number":["08-INF97-4"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Security Comm Networks"],"published-print":{"date-parts":[[2013,2]]},"abstract":"<jats:title>ABSTRACT<\/jats:title><jats:p>The Internet is an interconnection of autonomous systems (ASes) that are mostly controlled by Internet service providers (ISPs). ASes use Border Gateway Protocol (BGP) to communicate routing information in the form of reachability paths. However, BGP does not guarantee that the advertised reachability paths will be exactly followed. As a result, traffic belonging to a specific network can be intentionally dropped as it is routed by BGP through a malicious ISP; a behavior we define as<jats:italic>Internet access denial<\/jats:italic>. The impact of Internet access denial, especially when performed by higher\u2010tier ISPs, is significant. In this work, network address translation (NAT) is used as a solution to overcome the Internet access denial problem by hiding the traffic identity. The proposed solution is scalable to fit large networks, by using pools of IP addresses across several NAT routers. Moreover, the proposed solution addresses the server reachability problem that is associated with NAT routers by introducing a novel approach. The performance degradation of introducing NAT is significantly small as shown by our experiments' results. Copyright \u00a9 2012 John Wiley &amp; Sons, Ltd.<\/jats:p>","DOI":"10.1002\/sec.557","type":"journal-article","created":{"date-parts":[[2012,5,10]],"date-time":"2012-05-10T07:45:12Z","timestamp":1336635912000},"page":"194-209","source":"Crossref","is-referenced-by-count":1,"title":["A scalable NAT\u2010based solution to Internet access denial by higher\u2010tier ISPs"],"prefix":"10.1002","volume":"6","author":[{"given":"Marwan","family":"Abu\u2010Amara","sequence":"first","affiliation":[{"name":"Computer Engineering Department King Fahd University of Petroleum and Minerals Dhahran Saudi Arabia"}]},{"given":"Abdulaziz","family":"Al\u2010Baiz","sequence":"additional","affiliation":[{"name":"Computer Engineering Department King Fahd University of Petroleum and Minerals Dhahran Saudi Arabia"}]},{"given":"Ashraf S.","family":"Mahmoud","sequence":"additional","affiliation":[{"name":"Computer Engineering Department King Fahd University of Petroleum and Minerals Dhahran Saudi Arabia"}]},{"given":"Mohammed H.","family":"Sqalli","sequence":"additional","affiliation":[{"name":"Computer Engineering Department King Fahd University of Petroleum and Minerals Dhahran Saudi Arabia"}]},{"given":"Farag","family":"Azzedin","sequence":"additional","affiliation":[{"name":"Information and Computer Science Department King Fahd University of Petroleum and Minerals Dhahran Saudi Arabia"}]}],"member":"311","published-online":{"date-parts":[[2012,5,10]]},"reference":[{"key":"e_1_2_9_2_1","first-page":"100","article-title":"A survey of BGP security issues and solutions","volume":"98","author":"Butler K","year":"2010","journal-title":"IEEE\/ACM Transactions on Networking"},{"key":"e_1_2_9_3_1","doi-asserted-by":"crossref","unstructured":"MaoZ RexfordJ WangJ KatzR.Towards an accurate AS\u2010level traceroute tool.Proceedings of the 2003 conference on Applications technologies architectures and protocols for computer communications Germany pp.365\u2013378 August2003.","DOI":"10.1145\/863955.863996"},{"key":"e_1_2_9_4_1","unstructured":"DrummondD.A new approach to china.The Official Google Blog https:\/\/2.zoppoz.workers.dev:443\/http\/googleblog.blogspot.com\/2010\/01\/new\u2010approach\u2010to\u2010china.html January2010."},{"key":"e_1_2_9_5_1","unstructured":"FinkleJ BartzD.Twitter hacked attacker claims Iran link.Reuters https:\/\/2.zoppoz.workers.dev:443\/http\/www.reuters.com\/article\/idUSTRE5BH2A620091218 December 2009."},{"key":"e_1_2_9_6_1","unstructured":"WikiLeaks.Wikipedia https:\/\/2.zoppoz.workers.dev:443\/http\/en.wikipedia.org\/wiki\/WikiLeaks#cite_note\u2010197 2011."},{"key":"e_1_2_9_7_1","unstructured":"Chinese ISP hijacks the Internet.BGP Mon https:\/\/2.zoppoz.workers.dev:443\/http\/bgpmon.net\/blog\/?p=282 April2010."},{"key":"e_1_2_9_8_1","doi-asserted-by":"crossref","unstructured":"LabovitzC MalanR JahanianF.Origins of Internet routing instability.Proceedings of the Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM 1999) New York USA pp.218\u2013226 March1999.","DOI":"10.1109\/INFCOM.1999.749286"},{"key":"e_1_2_9_9_1","unstructured":"LeeS YuY NelakuditiS ZhangZ\u2010L ChuahC\u2010N.Proactive vs. reactive approaches to failure resilient routing.Proceedings of the IEEE INFOCOM 2004 Hong Kong pp.176\u2013186 March2004"},{"key":"e_1_2_9_10_1","doi-asserted-by":"crossref","unstructured":"PoolsappasitN RayI.Enhancing Internet domain name system availability by building rings of cooperation among cache resolvers.IEEE SMC Information Assurance and Security Workshop West Point New York pp.317\u2013324 June2007","DOI":"10.1109\/IAW.2007.381949"},{"key":"e_1_2_9_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2007.893878"},{"key":"e_1_2_9_12_1","doi-asserted-by":"crossref","unstructured":"FordR BushM BoulatovA.Internet instability and disturbance: goal or menace?Proceedings of the 2005 Workshop on New Security Paradigms Lake Arrowhead USA pp.3\u20138 September2005.","DOI":"10.1145\/1146269.1146271"},{"key":"e_1_2_9_13_1","unstructured":"ZhengJ HuM ZhaoL.Enhancing Internet robustness against malicious flows using active queue management.Proceedings of the Second International Conference on Embedded Software and Systems Xi'an China pp.501\u2013506 December2005."},{"key":"e_1_2_9_14_1","unstructured":"GuoF ChenJ ChiuehT\u2010C.Spoof detection for preventing DoS attacks against DNS servers.Proceedings of the 26th IEEE International Conference on Distributed Computing Systems Washington DC USA p.37 IEEE Computer Society 2006."},{"key":"e_1_2_9_15_1","doi-asserted-by":"crossref","unstructured":"LadM OliveiraR ZhangB ZhangL.Understanding resiliency of Internet topology against prefix hijack attacks.Proceedings of the 37th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks Edinburgh UK pp.368\u2013377 June2007.","DOI":"10.1109\/DSN.2007.95"},{"key":"e_1_2_9_16_1","doi-asserted-by":"crossref","unstructured":"HaungsM PandeyR BarrE.Handling catastrophic failures in scalable Internet applications.Proceedings of 2004 International Symposium on Applications and the Internet Tokyo Japan pp.188\u2013194 January2004.","DOI":"10.1109\/SAINT.2004.1266115"},{"key":"e_1_2_9_17_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2005.11.010"},{"key":"e_1_2_9_18_1","unstructured":"PostelJ.\u201cInternet protocol \u201d RFC 791 Internet Engineering Task Force September1981."},{"key":"e_1_2_9_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/MCOM.2003.1200112"},{"key":"e_1_2_9_20_1","doi-asserted-by":"crossref","unstructured":"QuoitinB BonaventureO.A cooperative approach to interdomain traffic engineering.Proceedings of Next Generation Internet Networks Rome Italy pp.450\u2013457 18\u201320 April2005.","DOI":"10.1109\/NGI.2005.1431700"},{"key":"e_1_2_9_21_1","doi-asserted-by":"publisher","DOI":"10.1007\/s13369-012-0307-1"},{"key":"e_1_2_9_22_1","doi-asserted-by":"crossref","unstructured":"PerkinsC.\u201cIP encapsulation within IP \u201d RFC 2003 Internet Engineering Task Force October1996.","DOI":"10.17487\/rfc2003"},{"key":"e_1_2_9_23_1","unstructured":"AtkinsonR.\u201cSecurity architecture for the Internet protocol \u201d RFC 1825 Internet Engineering Task Force August1995."},{"key":"e_1_2_9_24_1","unstructured":"FarinacciD LiT HanksS MeyerD TrainaP.\u201cGeneric routing encapsulation (GRE) \u201d RFC 2784 Internet Engineering Task Force March2000."},{"key":"e_1_2_9_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/49.668972"},{"key":"e_1_2_9_26_1","unstructured":"ZhuangL ZhouF ZhaoBY RowstronA.Cashmere: resilient anonymous routing.Proceedings of the 2nd Conference on Symposium on Networked Systems Design and Implementation\u2014Volume 2 Boston USA pp.301\u2013314 May2005."},{"key":"e_1_2_9_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/293411.293778"},{"key":"e_1_2_9_28_1","doi-asserted-by":"crossref","unstructured":"ShieldsC LevineBN.A protocol for anonymous communication over the Internet.Proceedings of the 7th ACM Conference on Computer and Communications Security Athens Greece pp.33\u201342 November2000.","DOI":"10.1145\/352600.352607"},{"key":"e_1_2_9_29_1","doi-asserted-by":"crossref","unstructured":"Abu\u2010AmaraM AsifM SqalliM MahmoudA AzzedinF.Resilient Internet access using tunnel\u2010based solution for malicious ISP blocking.Proceedings of the 3\u2009rd IEEE International Conference on Communication Software and Networks Xi'an China May 27\u201329 2011.","DOI":"10.1109\/ICCSN.2011.6013550"},{"key":"e_1_2_9_30_1","doi-asserted-by":"crossref","unstructured":"LiuJ KongJ HongX GerlaM.Performance evaluation of anonymous routing protocols in MANETs.Proceedings of the 2006 IEEE Wireless Communications and Networking Conference Las Vegas USA pp.646\u2013651 April2006.","DOI":"10.1109\/WCNC.2006.1683545"},{"key":"e_1_2_9_31_1","unstructured":"RekhterY MoskowitzB KarrenbergD GrootG LearE.\u201cAddress allocation for private Internets \u201d RFC 1918 Internet Engineering Task Force February1996."},{"key":"e_1_2_9_32_1","doi-asserted-by":"crossref","unstructured":"EgevangK FrancisP.\u201cThe IP network address translator (NAT) \u201d RFC 1631 Internet Engineering Task Force May1994.","DOI":"10.17487\/rfc1631"},{"key":"e_1_2_9_33_1","doi-asserted-by":"crossref","unstructured":"SrisureshP FordB.\u201cUnintended consequences of NAT deployments with overlapping address space \u201d RFC 5684 Internet Engineering Task Force February2010.","DOI":"10.17487\/rfc5684"},{"volume-title":"Routing TCP\/IP, Volume II","year":"2005","author":"Doyle J","key":"e_1_2_9_34_1"},{"key":"e_1_2_9_35_1","unstructured":"CISCO IOS Network Address Translation (NAT) Q&A https:\/\/2.zoppoz.workers.dev:443\/http\/www.cisco.com\/en\/US\/prod\/collateral\/iosswrel\/ps6537\/ps6586\/ps6640\/prod_qas0900aecd801ba55a.html."},{"key":"e_1_2_9_36_1","unstructured":"System architecture overview for the Juniper networks SSG500 line. Juniper Networks https:\/\/2.zoppoz.workers.dev:443\/http\/www.juniper.net\/us\/en\/local\/pdf\/whitepapers\/2000177\u2010en.pdf February2009."},{"key":"e_1_2_9_37_1","unstructured":"OPNET Modeler.https:\/\/2.zoppoz.workers.dev:443\/http\/www.opnet.com\/."},{"key":"e_1_2_9_38_1","unstructured":"The Network Simulator\u2014ns\u20102.https:\/\/2.zoppoz.workers.dev:443\/http\/www.isi.edu\/nsnam\/ns\/."},{"key":"e_1_2_9_39_1","first-page":"1629","article-title":"Characterizing network processing delay","volume":"3","author":"Ramaswamy R","year":"2004","journal-title":"Proceedings of IEEE GLOBECOM"},{"key":"e_1_2_9_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/35.29545"},{"key":"e_1_2_9_41_1","doi-asserted-by":"crossref","unstructured":"SrisureshP HoldregeM.\u201cIP network address translator (NAT) terminology and considerations \u201d RFC 2663 Internet Engineering Task Force August1999.","DOI":"10.17487\/rfc2663"},{"key":"e_1_2_9_42_1","unstructured":"U. Forum. Internet gateway device (IGD) standardized device control protocol.https:\/\/2.zoppoz.workers.dev:443\/http\/www.upnp.org\/standardizeddcps\/igd.asp November2001."},{"key":"e_1_2_9_43_1","unstructured":"SrisureshP KuthanJ RosenbergJ MolitorA RayhanA.\u201cMiddlebox communication architecture and framework \u201d RFC 3303 Internet Engineering Task Force August2002."},{"key":"e_1_2_9_44_1","doi-asserted-by":"crossref","unstructured":"MahyR MatthewsP RosenbergJ.\u201cTraversal using relays around NAT (TURN): Relay extensions to session traversal utilities for NAT (STUN) \u201d RFC 5766 Internet Engineering Task Force April2010.","DOI":"10.17487\/rfc5766"},{"key":"e_1_2_9_45_1","doi-asserted-by":"crossref","unstructured":"RosenbergJ.\u201cInteractive connectivity establishment (ICE): a protocol for network address translator (NAT) traversal for offer\/answer protocols \u201d RFC 5245 Internet Engineering Task Force April2010.","DOI":"10.17487\/rfc5245"},{"key":"e_1_2_9_46_1","unstructured":"Apache virtual host documentation.https:\/\/2.zoppoz.workers.dev:443\/http\/httpd.apache.org\/docs\/2.2\/vhosts\/."},{"key":"e_1_2_9_47_1","unstructured":"Use host header names to configure multiple web sites in IIS 6.0 https:\/\/2.zoppoz.workers.dev:443\/http\/go.microsoft.com\/fwlink\/?LinkId=36045 December2007."},{"key":"e_1_2_9_48_1","unstructured":"FieldingR GettysJ MogulJ et al.\u201cHypertext Transfer Protocol\u2014HTTP\/1.1 \u201d RFC 2616 Internet Engineering Task Force June1999."},{"issue":"34","key":"e_1_2_9_49_1","first-page":"263","article-title":"The state of the art in locally distributed web\u2010server systems","volume":"34","author":"Cardellini V","year":"2001","journal-title":"ACM Computing Surveys"},{"key":"e_1_2_9_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/65.844499"},{"key":"e_1_2_9_51_1","doi-asserted-by":"crossref","unstructured":"MouradA LiuH.Scalable web server architectures.Proceedings of the IEEE Symposium on Computers and Communications p.12 1997.","DOI":"10.1109\/ISCC.1997.615963"}],"container-title":["Security and Communication Networks"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/2.zoppoz.workers.dev:443\/https\/api.wiley.com\/onlinelibrary\/tdm\/v1\/articles\/10.1002%2Fsec.557","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/2.zoppoz.workers.dev:443\/https\/api.wiley.com\/onlinelibrary\/tdm\/v1\/articles\/10.1002%2Fsec.557","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/2.zoppoz.workers.dev:443\/https\/onlinelibrary.wiley.com\/doi\/pdf\/10.1002\/sec.557","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T18:32:51Z","timestamp":1743100371000},"score":1,"resource":{"primary":{"URL":"https:\/\/2.zoppoz.workers.dev:443\/https\/onlinelibrary.wiley.com\/doi\/10.1002\/sec.557"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012,5,10]]},"references-count":50,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2013,2]]}},"alternative-id":["10.1002\/sec.557"],"URL":"https:\/\/2.zoppoz.workers.dev:443\/https\/doi.org\/10.1002\/sec.557","archive":["Portico"],"relation":{},"ISSN":["1939-0114","1939-0122"],"issn-type":[{"type":"print","value":"1939-0114"},{"type":"electronic","value":"1939-0122"}],"subject":[],"published":{"date-parts":[[2012,5,10]]}}}