Skip to main content
Conference Proceedings

Finding and analyzing evil cities on the internet

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2011) 6734 LNCS 38-48
DOI: 10.1007/978-3-642-21484-4_4
5Citations
Citations of this article
12Readers
Mendeley users who have this article in their library.
Get full text

Abstract

IP Geolocation is used to determine the geographical location of Internet users based on their IP addresses. When it comes to security, most of the traditional geolocation analysis is performed at country level. Since countries usually have many cities/towns of different sizes, it is expected that they behave differently when performing malicious activities. Therefore, in this paper we refine geolocation analysis to the city level. The idea is to find the most dangerous cities on the Internet and observe how they behave. This information can then be used by security analysts to improve their methods and tools. To perform this analysis, we have obtained and evaluated data from a real-world honeypot network of 125 hosts and from production e-mail servers. © 2011 Springer-Verlag.

Author supplied keywords

Cite

CITATION STYLE

APA

Van Polen, M. G. T., Moura, G. C. M., & Pras, A. (2011). Finding and analyzing evil cities on the internet. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 6734 LNCS, pp. 38–48). https://doi.org/10.1007/978-3-642-21484-4_4

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free