Abstract
Language | Undefined |
---|---|
Title of host publication | Proceedings of the 5th International Conference on Autonomous Infrastructure, Management and Security (AIMS) |
Editors | Isabelle Chrisment, Alva Couch, Rémi Badonnel, Martin Waldburger |
Place of Publication | Nancy, France |
Publisher | Springer |
Pages | 38-48 |
Number of pages | 12 |
ISBN (Print) | 978-3-642-21483-7 |
DOIs | |
Publication status | Published - 2011 |
Event | 5th International Conference on Autonomous Infrastructure, Management and Security 2011 - Ecole Supérieure d'Informatique et Applications de Lorraine, Nancy, France Duration: 13 Jun 2011 → 17 Jun 2011 Conference number: 5 http://www.aims-conference.org/2011/AIMS2011/Welcome.html |
Publication series
Name | Lecture Notes in Computer Science |
---|---|
Publisher | Springer Verlag |
Volume | 6734 |
ISSN (Print) | 0302-9743 |
ISSN (Electronic) | 1611-3349 |
Conference
Conference | 5th International Conference on Autonomous Infrastructure, Management and Security 2011 |
---|---|
Abbreviated title | AIMS 2011 |
Country | France |
City | Nancy |
Period | 13/06/11 → 17/06/11 |
Internet address |
Keywords
- METIS-277609
- EWI-20081
- IR-76708
Cite this
}
Finding and Analyzing Evil Cities on the Internet. / van Polen, Matthijs G.T.; Moreira Moura, Giovane; Pras, Aiko.
Proceedings of the 5th International Conference on Autonomous Infrastructure, Management and Security (AIMS). ed. / Isabelle Chrisment; Alva Couch; Rémi Badonnel; Martin Waldburger. Nancy, France : Springer, 2011. p. 38-48 (Lecture Notes in Computer Science; Vol. 6734).Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review
TY - GEN
T1 - Finding and Analyzing Evil Cities on the Internet
AU - van Polen, Matthijs G.T.
AU - Moreira Moura, Giovane
AU - Pras, Aiko
N1 - 10.1007/978-3-642-21484-4_4
PY - 2011
Y1 - 2011
N2 - IP Geolocation is used to determine the geographical location of Internet users based on their IP addresses. When it comes to security, most of the traditional geolocation analysis is performed at country level. Since countries usually have many cities/towns of different sizes, it is expected that they behave differently when performing malicious activities. Therefore, in this paper we refine geolocation analysis to the city level. The idea is to find the most dangerous cities on the Internet and observe how they behave. This information can then be used by security analysts to improve their methods and tools. To perform this analysis, we have obtained and evaluated data from a real-world honeypot network of 125 hosts and from production e-mail servers.
AB - IP Geolocation is used to determine the geographical location of Internet users based on their IP addresses. When it comes to security, most of the traditional geolocation analysis is performed at country level. Since countries usually have many cities/towns of different sizes, it is expected that they behave differently when performing malicious activities. Therefore, in this paper we refine geolocation analysis to the city level. The idea is to find the most dangerous cities on the Internet and observe how they behave. This information can then be used by security analysts to improve their methods and tools. To perform this analysis, we have obtained and evaluated data from a real-world honeypot network of 125 hosts and from production e-mail servers.
KW - METIS-277609
KW - EWI-20081
KW - IR-76708
U2 - 10.1007/978-3-642-21484-4_4
DO - 10.1007/978-3-642-21484-4_4
M3 - Conference contribution
SN - 978-3-642-21483-7
T3 - Lecture Notes in Computer Science
SP - 38
EP - 48
BT - Proceedings of the 5th International Conference on Autonomous Infrastructure, Management and Security (AIMS)
A2 - Chrisment, Isabelle
A2 - Couch, Alva
A2 - Badonnel, Rémi
A2 - Waldburger, Martin
PB - Springer
CY - Nancy, France
ER -