Service interruption on Monday 11 July from 12:30 to 13:00: all the sites of the CCSD (HAL, EpiSciences, SciencesConf, AureHAL) will be inaccessible (network hardware connection).
Skip to Main content Skip to Navigation
Conference papers

Finding and Analyzing Evil Cities on the Internet

Abstract : IP Geolocation is used to determine the geographical location of Internet users based on their IP addresses. When it comes to security, most of the traditional geolocation analysis is performed at country level. Since countries usually have many cities/towns of different sizes, it is expected that they behave differently when performing malicious activities. Therefore, in this paper we refine geolocation analysis to the city level. The idea is to find the most dangerous cities on the Internet and observe how they behave. This information can then be used by security analysts to improve their methods and tools. To perform this analysis, we have obtained and evaluated data from a real-world honeypot network of 125 hosts and from production e-mail servers.
Complete list of metadata

Cited literature [10 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Tuesday, September 12, 2017 - 10:19:41 AM
Last modification on : Wednesday, September 13, 2017 - 1:07:35 AM
Long-term archiving on: : Wednesday, December 13, 2017 - 3:43:55 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Matthijs Polen, Giovane Moura, Aiko Pras. Finding and Analyzing Evil Cities on the Internet. 5th Autonomous Infrastructure, Management and Security (AIMS), Jun 2011, Nancy, France. pp.38-48, ⟨10.1007/978-3-642-21484-4_4⟩. ⟨hal-01585870⟩



Record views


Files downloads