How to build socio-organizational information from remote IP addresses to enrich security analysis?

2022 IEEE 47th Conference on Local Computer Networks (LCN) Pub Date : 2022-09-26 DOI:10.1109/LCN53696.2022.9843570
Camille Moriot, François Lesueur, N. Stouls, F. Valois
{"title":"How to build socio-organizational information from remote IP addresses to enrich security analysis?","authors":"Camille Moriot, François Lesueur, N. Stouls, F. Valois","doi":"10.1109/LCN53696.2022.9843570","DOIUrl":null,"url":null,"abstract":"There is a constant threat of having our computing systems under attack. Information regarding the origins of the traffic we receive can be valuable. Currently, the AS-number and the localization are the most commonly used IP-related information to characterize an attack.In this paper, we propose expanding knowledge about a remote IP’s owner to improve defensive reaction effectiveness and obtain in-depth analyzes of attacker profiles. We introduce the enrichment with socio-organizational information (such as organization type, activity field, etc.) about the entities owning the IP in addition to infrastructural information. This integration is driven by combining RDAP and Wikidata. We demonstrate that this proposal is promising.","PeriodicalId":303965,"journal":{"name":"2022 IEEE 47th Conference on Local Computer Networks (LCN)","volume":"16 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE 47th Conference on Local Computer Networks (LCN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/LCN53696.2022.9843570","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1

Abstract

There is a constant threat of having our computing systems under attack. Information regarding the origins of the traffic we receive can be valuable. Currently, the AS-number and the localization are the most commonly used IP-related information to characterize an attack.In this paper, we propose expanding knowledge about a remote IP’s owner to improve defensive reaction effectiveness and obtain in-depth analyzes of attacker profiles. We introduce the enrichment with socio-organizational information (such as organization type, activity field, etc.) about the entities owning the IP in addition to infrastructural information. This integration is driven by combining RDAP and Wikidata. We demonstrate that this proposal is promising.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
如何从远程IP地址构建社会组织信息以丰富安全分析?
我们的计算机系统经常受到攻击的威胁。关于我们收到的流量来源的信息可能是有价值的。目前,最常用的攻击特征信息是as号和定位信息。在本文中,我们建议扩展关于远程IP所有者的知识,以提高防御反应的有效性,并获得对攻击者配置文件的深入分析。除了基础设施信息外,我们还引入了关于拥有IP的实体的社会组织信息(如组织类型,活动领域等)的丰富。这种集成是由RDAP和Wikidata的结合驱动的。我们证明这个建议是有希望的。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
2022 IEEE 47th Conference on Local Computer Networks (LCN)
2022 IEEE 47th Conference on Local Computer Networks (LCN)
自引率
0.00%
发文量
0
期刊最新文献
MicroTL: Transfer Learning on Low-Power IoT Devices Service-Based Identification of Highly Coupled Mobile Applications Raising the AWAREness of BFT Protocols for Soaring Network Delays How to build socio-organizational information from remote IP addresses to enrich security analysis? ReCEIF: Reinforcement Learning-Controlled Effective Ingress Filtering
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1