Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Visual-Interactive Identification of Anomalous IP-Block Behavior Using Geo-IP Data

 
: Ulmer, Alex; Schufrin, Marija; Sessler, David; Kohlhammer, Jörn

:

Staheli, Diane (Ed.) ; Institute of Electrical and Electronics Engineers -IEEE-:
IEEE Symposium on Visualization for Cyber Security, VizSec 2018 : 22 October 2018, Berlin, Germany
Piscataway, NJ: IEEE, 2018
ISBN: 978-1-5386-8194-7
ISBN: 978-1-5386-8195-4
8 S.
Symposium on Visualization for Cyber Security (VizSec) <15, 2018, Berlin>
Englisch
Konferenzbeitrag
Fraunhofer IGD ()
Guiding Theme: Digitized Work; Research Area: Computer graphics (CG); Research Area: Modeling (MOD); cyber security; visual analytic; information visualization; data analysis; CRISP

Abstract
Routing of network packets from one computer to another is the backbone of the internet and impacts the everyday life of many people. Although, this is a fully automated process it has many security issues. IP hijacks and misconfigurations occur very often and are difficult to detect. In the past visual analytics approaches aimed at detecting these phenomenons but only a few of these integrated geographical references. Geo-IP data is being used mostly as a lookup table which is an undervaluation of its capabilities. In this paper we present a visual-interactive system which only relies on Geo-IP data to create more awareness for this data source. We show that looking at Geo-IP data over time in combination with owner and location information of IP blocks already reveals suspicious cases. Together with our design study we also contribute a pre-processing algorithm for the Maxmind GeoIP2 City and ISP databases, to motivate the community to integrate this data source in future approaches.

: http://publica.fraunhofer.de/dokumente/N-546319.html