Finding and Analyzing Evil Cities on the Internet

Matthijs G.T. van Polen; Giovane Moreira Moura; Aiko Pras

doi:10.1007/978-3-642-21484-4_4

Finding and Analyzing Evil Cities on the Internet

Matthijs G.T. van Polen, Giovane Moreira Moura, Aiko Pras

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

5 Citations

Abstract

IP Geolocation is used to determine the geographical location of Internet users based on their IP addresses. When it comes to security, most of the traditional geolocation analysis is performed at country level. Since countries usually have many cities/towns of different sizes, it is expected that they behave differently when performing malicious activities. Therefore, in this paper we refine geolocation analysis to the city level. The idea is to find the most dangerous cities on the Internet and observe how they behave. This information can then be used by security analysts to improve their methods and tools. To perform this analysis, we have obtained and evaluated data from a real-world honeypot network of 125 hosts and from production e-mail servers.

Language	Undefined
Title of host publication	Proceedings of the 5th International Conference on Autonomous Infrastructure, Management and Security (AIMS)
Editors	Isabelle Chrisment, Alva Couch, Rémi Badonnel, Martin Waldburger
Place of Publication	Nancy, France
Publisher	Springer Verlag
Pages	38-48
Number of pages	12
ISBN (Print)	978-3-642-21483-7
DOIs	10.1007/978-3-642-21484-4_4
State	Published - 2011
Event	5th International Conference on Autonomous Infrastructure, Management and Security 2011 - Ecole Supérieure d'Informatique et Applications de Lorraine, Nancy, France Duration: 13 Jun 2011 → 17 Jun 2011 Conference number: 5 http://www.aims-conference.org/2011/AIMS2011/Welcome.html

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer Verlag
Volume	6734
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	5th International Conference on Autonomous Infrastructure, Management and Security 2011
Abbreviated title	AIMS 2011
Country	France
City	Nancy
Period	13/06/11 → 17/06/11
Internet address	http://www.aims-conference.org/2011/AIMS2011/Welcome.html

Keywords

METIS-277609
EWI-20081
IR-76708

Cite this

van Polen, M. G. T., Moreira Moura, G., & Pras, A. (2011). Finding and Analyzing Evil Cities on the Internet. In I. Chrisment, A. Couch, R. Badonnel, & M. Waldburger (Eds.), Proceedings of the 5th International Conference on Autonomous Infrastructure, Management and Security (AIMS) (pp. 38-48). (Lecture Notes in Computer Science; Vol. 6734). Nancy, France: Springer Verlag. DOI: 10.1007/978-3-642-21484-4_4

van Polen, Matthijs G.T. ; Moreira Moura, Giovane ; Pras, Aiko. / Finding and Analyzing Evil Cities on the Internet. Proceedings of the 5th International Conference on Autonomous Infrastructure, Management and Security (AIMS). editor / Isabelle Chrisment ; Alva Couch ; Rémi Badonnel ; Martin Waldburger. Nancy, France : Springer Verlag, 2011. pp. 38-48 (Lecture Notes in Computer Science).

@inproceedings{e04ba134c86643c6a17f12bde3f01f28,

title = "Finding and Analyzing Evil Cities on the Internet",

abstract = "IP Geolocation is used to determine the geographical location of Internet users based on their IP addresses. When it comes to security, most of the traditional geolocation analysis is performed at country level. Since countries usually have many cities/towns of different sizes, it is expected that they behave differently when performing malicious activities. Therefore, in this paper we refine geolocation analysis to the city level. The idea is to find the most dangerous cities on the Internet and observe how they behave. This information can then be used by security analysts to improve their methods and tools. To perform this analysis, we have obtained and evaluated data from a real-world honeypot network of 125 hosts and from production e-mail servers.",

keywords = "METIS-277609, EWI-20081, IR-76708",

author = "{van Polen}, {Matthijs G.T.} and {Moreira Moura}, Giovane and Aiko Pras",

note = "10.1007/978-3-642-21484-4_4",

year = "2011",

doi = "10.1007/978-3-642-21484-4_4",

language = "Undefined",

isbn = "978-3-642-21483-7",

series = "Lecture Notes in Computer Science",

publisher = "Springer Verlag",

pages = "38--48",

editor = "Isabelle Chrisment and Alva Couch and R{\'e}mi Badonnel and Martin Waldburger",

booktitle = "Proceedings of the 5th International Conference on Autonomous Infrastructure, Management and Security (AIMS)",

address = "Germany",

}

van Polen, MGT, Moreira Moura, G & Pras, A 2011, Finding and Analyzing Evil Cities on the Internet. in I Chrisment, A Couch, R Badonnel & M Waldburger (eds), Proceedings of the 5th International Conference on Autonomous Infrastructure, Management and Security (AIMS). Lecture Notes in Computer Science, vol. 6734, Springer Verlag, Nancy, France, pp. 38-48, 5th International Conference on Autonomous Infrastructure, Management and Security 2011, Nancy, France, 13/06/11. DOI: 10.1007/978-3-642-21484-4_4

Finding and Analyzing Evil Cities on the Internet. / van Polen, Matthijs G.T.; Moreira Moura, Giovane; Pras, Aiko.

Proceedings of the 5th International Conference on Autonomous Infrastructure, Management and Security (AIMS). ed. / Isabelle Chrisment; Alva Couch; Rémi Badonnel; Martin Waldburger. Nancy, France : Springer Verlag, 2011. p. 38-48 (Lecture Notes in Computer Science; Vol. 6734).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Finding and Analyzing Evil Cities on the Internet

AU - van Polen,Matthijs G.T.

AU - Moreira Moura,Giovane

AU - Pras,Aiko

N1 - 10.1007/978-3-642-21484-4_4

PY - 2011

Y1 - 2011

N2 - IP Geolocation is used to determine the geographical location of Internet users based on their IP addresses. When it comes to security, most of the traditional geolocation analysis is performed at country level. Since countries usually have many cities/towns of different sizes, it is expected that they behave differently when performing malicious activities. Therefore, in this paper we refine geolocation analysis to the city level. The idea is to find the most dangerous cities on the Internet and observe how they behave. This information can then be used by security analysts to improve their methods and tools. To perform this analysis, we have obtained and evaluated data from a real-world honeypot network of 125 hosts and from production e-mail servers.

AB - IP Geolocation is used to determine the geographical location of Internet users based on their IP addresses. When it comes to security, most of the traditional geolocation analysis is performed at country level. Since countries usually have many cities/towns of different sizes, it is expected that they behave differently when performing malicious activities. Therefore, in this paper we refine geolocation analysis to the city level. The idea is to find the most dangerous cities on the Internet and observe how they behave. This information can then be used by security analysts to improve their methods and tools. To perform this analysis, we have obtained and evaluated data from a real-world honeypot network of 125 hosts and from production e-mail servers.

KW - METIS-277609

KW - EWI-20081

KW - IR-76708

U2 - 10.1007/978-3-642-21484-4_4

DO - 10.1007/978-3-642-21484-4_4

M3 - Conference contribution

SN - 978-3-642-21483-7

T3 - Lecture Notes in Computer Science

SP - 38

EP - 48

BT - Proceedings of the 5th International Conference on Autonomous Infrastructure, Management and Security (AIMS)

PB - Springer Verlag

CY - Nancy, France

ER -

van Polen MGT, Moreira Moura G, Pras A. Finding and Analyzing Evil Cities on the Internet. In Chrisment I, Couch A, Badonnel R, Waldburger M, editors, Proceedings of the 5th International Conference on Autonomous Infrastructure, Management and Security (AIMS). Nancy, France: Springer Verlag. 2011. p. 38-48. (Lecture Notes in Computer Science). Available from, DOI: 10.1007/978-3-642-21484-4_4

Access to Document

10.1007/978-3-642-21484-4_4

paper
open
paper
open