{"title":"Advanced Geolocation of IP Addresses","authors":" Robert Koch, Mario Golling, Gabi Dreo Rodosek","volume":80,"journal":"International Journal of Electrical and Computer Engineering","pagesStart":1007,"pagesEnd":1017,"ISSN":"1307-6892","URL":"https:\/\/publications.waset.org\/pdf\/16111","abstract":"
Tracing and locating the geographical location of users (Geolocation) is used extensively in todays Internet. Whenever we, e.g., request a page from google we are - unless there was a specific configuration made - automatically forwarded to the page with the relevant language and amongst others, dependent on our location identified, specific commercials are presented. Especially within the area of Network Security, Geolocation has a significant impact. Because of the way the Internet works, attacks can be executed from almost everywhere. Therefore, for an attribution, knowledge of the origination of an attack - and thus Geolocation - is mandatory in order to be able to trace back an attacker. In addition, Geolocation can also be used very successfully to increase the security of a network during operation (i.e. before an intrusion actually has taken place). Similar to greylisting in emails, Geolocation allows to (i) correlate attacks detected with new connections and (ii) as a consequence to classify traffic a priori as more suspicious (thus particularly allowing to inspect this traffic in more detail). Although numerous techniques for Geolocation are existing, each strategy is subject to certain restrictions. Following the ideas of Endo et al., this publication tries to overcome these shortcomings with a combined solution of different methods to allow improved and optimized Geolocation. Thus, we present our architecture for improved Geolocation, by designing a new algorithm, which combines several Geolocation techniques to increase the accuracy.<\/p>\r\n","references":"
[1] T. Lewis, \u201cIndex,\u201d Critical Infrastructure Protection in Homeland Security: Defending a Networked Nation, pp. 463\u2013474, 2006. [2] Symantec, \u201cSymantec 2011 SMB Disaster Preparedness Survey - Global Results,\u201d 2011, http:\/\/www.symantec.com\/content\/en\/us\/about\/ media\/pdfs\/symc 2011 SMB DP Survey Report Global.pdf. [3] Mandiant, \u201cAPT1 - Exposing One of Chinas Cyber Espionage Units,\u201d 2013, http:\/\/intelreport.mandiant.com\/Mandiant APT1 Report.pdf. [4] Chen Jie, Ministry of National Defense, The People\u2019s Republic of China, \u201cChina has no cyber warfare troops: spokesman,\u201d 2013, http:\/\/eng.mod. gov.cn\/Press\/2013-03\/01\/content 4434894.htm. [5] Lana Lam, South China Morning Post, \u201cEdward Snowden: US government has been hacking Hong Kong and China for years,\u201d 2013, http:\/\/www.scmp.com\/news\/hong-kong\/article\/1259508\/ edward-snowden-us-government-has-been-hacking-hong-kong-and-china. [6] M. Roesch et al., \u201cSnort-lightweight intrusion detection for networks,\u201d in Proceedings of the 13th USENIX conference on System administration. Seattle, Washington, 1999, pp. 229\u2013238. [7] J. Quittek, T. Zseby, B. Claise, and S. Zander, \u201cRequirements for ip flow information export (ipfix),\u201d IETF RFC3917, Oct, 2004. [8] A. Sperotto, G. Schaffrath, R. Sadre, C. Morariu, A. Pras, and B. Stiller, \u201cAn overview of ip flow-based intrusion detection,\u201d Communications Surveys & Tutorials, IEEE, vol. 12, no. 3, pp. 343\u2013356, 2010. [9] P. Endo and D. Sadok, \u201cWhois based geolocation: A strategy to geolocate internet hosts,\u201d in Advanced Information Networking and Applications (AINA), 2010 24th IEEE International Conference on. IEEE, 2010, pp. 408\u2013413. [10] A. Dahnert, \u201cHawkeyes: an advanced ip geolocation approach: Ip geolocation using semantic and measurement based techniques,\u201d in Cybersecurity Summit (WCS), 2011 Second Worldwide. IEEE, 2011, pp. 1\u20133. [11] S. Laki, P. M\u00b4atray, P. H\u00b4aga, T. Sebok, I. Csabai, and G. Vattay, \u201cSpotter: A model based active geolocation service,\u201d in INFOCOM, 2011 Proceedings IEEE. IEEE, 2011, pp. 3173\u20133181. [12] V. Padmanabhan and L. Subramanian, \u201cAn investigation of geographic mapping techniques for internet hosts,\u201d in ACM SIGCOMM Computer Communication Review, vol. 31. ACM, 2001, pp. 173\u2013185. [13] A. Ziviani, S. Fdida, J. de Rezende, and O. Duarte, \u201cImproving the accuracy of measurement-based geographic location of internet hosts,\u201d Computer Networks, vol. 47, no. 4, pp. 503\u2013523, 2005. [14] M. Zhang, Y. Ruan, V. Pai, and J. Rexford, \u201cHow dns misnaming distorts internet topology mapping,\u201d in Proceedings of the annual conference on USENIX\u201906 Annual Technical Conference, 2006. [15] B. Gueye, A. Ziviani, M. Crovella, and S. Fdida, \u201cConstraint-based geolocation of internet hosts,\u201d in Proceedings of the 4th ACM SIGCOMM conference on Internet measurement. ACM, 2004, pp. 288\u2013293. [16] B. Gueye, S. Uhlig, A. Ziviani, and S. Fdida, \u201cLeveraging buffering delay estimation for geolocation of internet hosts,\u201d NETWORKING 2006. Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; Mobile and Wireless Communications Systems, pp. 319\u2013330, 2006. [17] B. Wong, I. Stoyanov, and E. Sirer, \u201cOctant: A comprehensive framework for the geolocalization of internet hosts,\u201d in Proceedings of the NSDI, vol. 7, 2007. [18] D. Moore, R. Periakaruppan, J. Donohoe, and K. Claffy, \u201cWhere in the world is netgeo. caida. org.\u201d INET, 2000. [19] \u201cCooperative Association for Internet Data Analysis. NetGeo.\u201d http:\/\/ www.caida.org\/tools\/utilities\/netgeo\/. [20] Jgsoft Associates, \u201cIP2Geo: Frequently Asked Questions, How accurate is IP-Country-Region-City-ISP database?\u201d 2013, http:\/\/www.ip2geo.net\/ ip2location\/ip-country-region-city-isp-faq.html. [21] B. Wong, I. Stoyanov, and E. G. Sirer, \u201cGeolocalization on the internet through constraint satisfaction,\u201d in Proceedings of the 3rd conference on USENIX Workshop on Real, Large Distributed Systems, 2006, pp. 1\u20131. [22] C. Guo, Y. Liu, W. Shen, H. J. Wang, Q. Yu, and Y. Zhang, \u201cMining the web and the internet for accurate ip address geolocations,\u201d in INFOCOM 2009, IEEE. IEEE, 2009, pp. 2841\u20132845. [23] I. Poese, M. A. Kaafar, B. Donnet, B. Gueye, and S. Uhlig, \u201cIp geolocation databases: Unreliable?\u201d Deutsche Telekom Lab.\/TU Berlin, Technical Report, March 2011. [24] S. Laki, P. M\u00b4atray, P. H\u00b4aga, I. Csabai, and G. Vattay, \u201cA model based approach for improving router geolocation,\u201d Computer Networks, vol. 54, no. 9, pp. 1490\u20131501, 2010. [25] B. Huffaker, M. Fomenkov, and K. Claffy, \u201cGeocompare: a comparison of public and commercial geolocation databases,\u201d Technical Report, May 2011, network, Mapping and Measurement Conference (NMMC). [26] S. S. Siwpersad, B. Gueye, and S. Uhlig, \u201cAssessing the geographic resolution of exhaustive tabulation for geolocating internet hosts,\u201d in Passive and Active Network Measurement Workshop (PAM). Springer- Verlag, 2008, pp. 11 \u2013 20. [27] Y. Shavitt and N. Zilberman, \u201cA study of geolocation databases,\u201d School of Electrical Engineering, Technical Report, July 2010. [28] M. Dischinger, A. Haeberlen, K. Gummadi, and S. Saroiu, \u201cCharacterizing residential broadband networks,\u201d IMC, Technical Report, 2007. [29] K. Gottschalk, \u201cNeedMoreCookies: The Funstuff Crawler,\u201d Website, http:\/\/needmorecookies.com\/. [30] K. G. Lars Stiemert, \u201cGeolocalization and Verification of IPAdresses; German: Geolokalisation und Verifikation von IPAdressen,\u201d Master\u2019s thesis, Institut f\u00a8ur Technische Informatik, Universitt der Bundeswehr Mnchen, Germany, 2012. (Online). Available: https:\/\/www.unibw.de\/inf3\/forschung\/dreo\/publikationen\/ ba-und-ma\/2012 Stiemert-Gottschalk Geolokalisation.pdf<\/p>\r\n","publisher":"World Academy of Science, Engineering and Technology","index":"Open Science Index 80, 2013"}