Finding and Analyzing Evil Cities on the Internet

Matthijs G.T. van Polen, Giovane Moreira Moura, Aiko Pras

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    5 Citations (Scopus)
    80 Downloads (Pure)

    Abstract

    IP Geolocation is used to determine the geographical location of Internet users based on their IP addresses. When it comes to security, most of the traditional geolocation analysis is performed at country level. Since countries usually have many cities/towns of different sizes, it is expected that they behave differently when performing malicious activities. Therefore, in this paper we refine geolocation analysis to the city level. The idea is to find the most dangerous cities on the Internet and observe how they behave. This information can then be used by security analysts to improve their methods and tools. To perform this analysis, we have obtained and evaluated data from a real-world honeypot network of 125 hosts and from production e-mail servers.
    Original languageUndefined
    Title of host publicationProceedings of the 5th International Conference on Autonomous Infrastructure, Management and Security (AIMS)
    EditorsIsabelle Chrisment, Alva Couch, Rémi Badonnel, Martin Waldburger
    Place of PublicationNancy, France
    PublisherSpringer
    Pages38-48
    Number of pages12
    ISBN (Print)978-3-642-21483-7
    DOIs
    Publication statusPublished - 2011
    Event5th International Conference on Autonomous Infrastructure, Management and Security 2011 - Ecole Supérieure d'Informatique et Applications de Lorraine, Nancy, France
    Duration: 13 Jun 201117 Jun 2011
    Conference number: 5
    http://www.aims-conference.org/2011/AIMS2011/Welcome.html

    Publication series

    NameLecture Notes in Computer Science
    PublisherSpringer Verlag
    Volume6734
    ISSN (Print)0302-9743
    ISSN (Electronic)1611-3349

    Conference

    Conference5th International Conference on Autonomous Infrastructure, Management and Security 2011
    Abbreviated titleAIMS 2011
    CountryFrance
    CityNancy
    Period13/06/1117/06/11
    Internet address

    Keywords

    • METIS-277609
    • EWI-20081
    • IR-76708

    Cite this

    van Polen, M. G. T., Moreira Moura, G., & Pras, A. (2011). Finding and Analyzing Evil Cities on the Internet. In I. Chrisment, A. Couch, R. Badonnel, & M. Waldburger (Eds.), Proceedings of the 5th International Conference on Autonomous Infrastructure, Management and Security (AIMS) (pp. 38-48). (Lecture Notes in Computer Science; Vol. 6734). Nancy, France: Springer. https://doi.org/10.1007/978-3-642-21484-4_4