Finding and Analyzing Evil Cities on the Internet
Identifieur interne : 002699 ( Main/Exploration ); précédent : 002698; suivant : 002700Finding and Analyzing Evil Cities on the Internet
Auteurs : Matthijs G. T. Van Polen [Pays-Bas, Burundi] ; Giovane C. M. Moura [Pays-Bas] ; Aiko Pras [Pays-Bas]Source :
- Lecture Notes in Computer Science [ 0302-9743 ]
Abstract
Abstract: IP Geolocation is used to determine the geographical location of Internet users based on their IP addresses. When it comes to security, most of the traditional geolocation analysis is performed at country level. Since countries usually have many cities/towns of different sizes, it is expected that they behave differently when performing malicious activities. Therefore, in this paper we refine geolocation analysis to the city level. The idea is to find the most dangerous cities on the Internet and observe how they behave. This information can then be used by security analysts to improve their methods and tools. To perform this analysis, we have obtained and evaluated data from a real-world honeypot network of 125 hosts and from production e-mail servers.
Url:
DOI: 10.1007/978-3-642-21484-4_4
Affiliations:
Links toward previous steps (curation, corpus...)
- to stream Istex, to step Corpus: 000288
- to stream Istex, to step Curation: 000287
- to stream Istex, to step Checkpoint: 000599
- to stream Main, to step Merge: 002741
- to stream Main, to step Curation: 002699
Le document en format XML
<record><TEI wicri:istexFullTextTei="biblStruct"><teiHeader><fileDesc><titleStmt><title xml:lang="en">Finding and Analyzing Evil Cities on the Internet</title>
<author><name sortKey="Van Polen, Matthijs G T" sort="Van Polen, Matthijs G T" uniqKey="Van Polen M" first="Matthijs G. T." last="Van Polen">Matthijs G. T. Van Polen</name>
</author>
<author><name sortKey="Moura, Giovane C M" sort="Moura, Giovane C M" uniqKey="Moura G" first="Giovane C. M." last="Moura">Giovane C. M. Moura</name>
</author>
<author><name sortKey="Pras, Aiko" sort="Pras, Aiko" uniqKey="Pras A" first="Aiko" last="Pras">Aiko Pras</name>
</author>
</titleStmt>
<publicationStmt><idno type="wicri:source">ISTEX</idno>
<idno type="RBID">ISTEX:0D441127EC9AC1305E57D63CB04226D3FB306385</idno>
<date when="2011" year="2011">2011</date>
<idno type="doi">10.1007/978-3-642-21484-4_4</idno>
<idno type="url">https://api.istex.fr/ark:/67375/HCB-0T3ZZS98-J/fulltext.pdf</idno>
<idno type="wicri:Area/Istex/Corpus">000288</idno>
<idno type="wicri:explorRef" wicri:stream="Istex" wicri:step="Corpus" wicri:corpus="ISTEX">000288</idno>
<idno type="wicri:Area/Istex/Curation">000287</idno>
<idno type="wicri:Area/Istex/Checkpoint">000599</idno>
<idno type="wicri:explorRef" wicri:stream="Istex" wicri:step="Checkpoint">000599</idno>
<idno type="wicri:doubleKey">0302-9743:2011:Van Polen M:finding:and:analyzing</idno>
<idno type="wicri:Area/Main/Merge">002741</idno>
<idno type="wicri:Area/Main/Curation">002699</idno>
<idno type="wicri:Area/Main/Exploration">002699</idno>
</publicationStmt>
<sourceDesc><biblStruct><analytic><title level="a" type="main" xml:lang="en">Finding and Analyzing Evil Cities on the Internet</title>
<author><name sortKey="Van Polen, Matthijs G T" sort="Van Polen, Matthijs G T" uniqKey="Van Polen M" first="Matthijs G. T." last="Van Polen">Matthijs G. T. Van Polen</name>
<affiliation wicri:level="1"><country xml:lang="fr">Pays-Bas</country>
<wicri:regionArea>Centre for Telematics and Information Technology (CTIT), Faculty of Electrical Engineering, Mathematics, and Computer Science (EEMCS), Design and Analysis of Communications Systems (DACS), Enschede</wicri:regionArea>
<wicri:noRegion>Enschede</wicri:noRegion>
</affiliation>
<affiliation wicri:level="1"><country wicri:rule="url">Burundi</country>
</affiliation>
</author>
<author><name sortKey="Moura, Giovane C M" sort="Moura, Giovane C M" uniqKey="Moura G" first="Giovane C. M." last="Moura">Giovane C. M. Moura</name>
<affiliation wicri:level="1"><country xml:lang="fr">Pays-Bas</country>
<wicri:regionArea>Centre for Telematics and Information Technology (CTIT), Faculty of Electrical Engineering, Mathematics, and Computer Science (EEMCS), Design and Analysis of Communications Systems (DACS), Enschede</wicri:regionArea>
<wicri:noRegion>Enschede</wicri:noRegion>
</affiliation>
<affiliation wicri:level="1"><country wicri:rule="url">Pays-Bas</country>
</affiliation>
</author>
<author><name sortKey="Pras, Aiko" sort="Pras, Aiko" uniqKey="Pras A" first="Aiko" last="Pras">Aiko Pras</name>
<affiliation wicri:level="1"><country xml:lang="fr">Pays-Bas</country>
<wicri:regionArea>Centre for Telematics and Information Technology (CTIT), Faculty of Electrical Engineering, Mathematics, and Computer Science (EEMCS), Design and Analysis of Communications Systems (DACS), Enschede</wicri:regionArea>
<wicri:noRegion>Enschede</wicri:noRegion>
</affiliation>
<affiliation wicri:level="1"><country wicri:rule="url">Pays-Bas</country>
</affiliation>
</author>
</analytic>
<monogr></monogr>
<series><title level="s" type="main" xml:lang="en">Lecture Notes in Computer Science</title>
<idno type="ISSN">0302-9743</idno>
<idno type="eISSN">1611-3349</idno>
<idno type="ISSN">0302-9743</idno>
</series>
</biblStruct>
</sourceDesc>
<seriesStmt><idno type="ISSN">0302-9743</idno>
</seriesStmt>
</fileDesc>
<profileDesc><textClass></textClass>
</profileDesc>
</teiHeader>
<front><div type="abstract" xml:lang="en">Abstract: IP Geolocation is used to determine the geographical location of Internet users based on their IP addresses. When it comes to security, most of the traditional geolocation analysis is performed at country level. Since countries usually have many cities/towns of different sizes, it is expected that they behave differently when performing malicious activities. Therefore, in this paper we refine geolocation analysis to the city level. The idea is to find the most dangerous cities on the Internet and observe how they behave. This information can then be used by security analysts to improve their methods and tools. To perform this analysis, we have obtained and evaluated data from a real-world honeypot network of 125 hosts and from production e-mail servers.</div>
</front>
</TEI>
<affiliations><list><country><li>Burundi</li>
<li>Pays-Bas</li>
</country>
</list>
<tree><country name="Pays-Bas"><noRegion><name sortKey="Van Polen, Matthijs G T" sort="Van Polen, Matthijs G T" uniqKey="Van Polen M" first="Matthijs G. T." last="Van Polen">Matthijs G. T. Van Polen</name>
</noRegion>
<name sortKey="Moura, Giovane C M" sort="Moura, Giovane C M" uniqKey="Moura G" first="Giovane C. M." last="Moura">Giovane C. M. Moura</name>
<name sortKey="Moura, Giovane C M" sort="Moura, Giovane C M" uniqKey="Moura G" first="Giovane C. M." last="Moura">Giovane C. M. Moura</name>
<name sortKey="Pras, Aiko" sort="Pras, Aiko" uniqKey="Pras A" first="Aiko" last="Pras">Aiko Pras</name>
<name sortKey="Pras, Aiko" sort="Pras, Aiko" uniqKey="Pras A" first="Aiko" last="Pras">Aiko Pras</name>
</country>
<country name="Burundi"><noRegion><name sortKey="Van Polen, Matthijs G T" sort="Van Polen, Matthijs G T" uniqKey="Van Polen M" first="Matthijs G. T." last="Van Polen">Matthijs G. T. Van Polen</name>
</noRegion>
</country>
</tree>
</affiliations>
</record>
Pour manipuler ce document sous Unix (Dilib)
EXPLOR_STEP=$WICRI_ROOT/Wicri/Lorraine/explor/InforLorV4/Data/Main/Exploration
HfdSelect -h $EXPLOR_STEP/biblio.hfd -nk 002699 | SxmlIndent | more
Ou
HfdSelect -h $EXPLOR_AREA/Data/Main/Exploration/biblio.hfd -nk 002699 | SxmlIndent | more
Pour mettre un lien sur cette page dans le réseau Wicri
{{Explor lien |wiki= Wicri/Lorraine |area= InforLorV4 |flux= Main |étape= Exploration |type= RBID |clé= ISTEX:0D441127EC9AC1305E57D63CB04226D3FB306385 |texte= Finding and Analyzing Evil Cities on the Internet }}
This area was generated with Dilib version V0.6.33. |