Entity IP Geolocation Technology Based On Delay And Path

The entity IP geolocation technology(short as IP geolocation)is a technique for inferring the geographic location of a network entity with an IP address by analyzing network delay,path,and other information obtained through network measurement.It has very broad application requirements and development prospects in the security and commercial fields.Existing research often rely on the network delay and network structure information obtained by network measurement to locate the entity IP.However,the network delay is only a concept of "distance" and does not have the usual "displacement" characteristics;geolocation based on the characteristics of the network structure depends on the accuracy and completeness of network structure acquisition and description.For this reason,the reliable geolocation of network entity IP is the difficulty and focus of current research,which is directly related to the effectiveness of the actual use of the geolocation method.1.Based on the characteristics of stable path between network nodes implied by routing rules,a city-level IP geolocation method based on Hop-Hot path coding is proposed.This method firstly initiates multiple path measurements from multiple probes to landmarks located in different cities,obtains a large amount of path information by alias merging and other methods,and obtains the stable paths from the probes to landmarks through statistics;secondly,constructs the path vector by using the routers on the stable path,and compiles the internal path of each city based on the Hop-Hot coding quantization path vector;thirdly,the stable path of the target entity IP is obtained based on the same detection method,and the path vector of the target entity IP is quantified by Hop-Hot coding;finally,based on the comparison of vector cosine similarity,the city of the landmark with the highest similarity is taken as the estimated location of the target entity IP.Taking the known location IP of the major cities in China and New York as the test target,the experimental results show that: compared with the existing typical city-level IP geolocation method,the proposed method has higher accuracy of city-level IP geolocation.2.Aiming at the reliability problem of deducing physical IP location only based on delay similarity,a street-level IP geolocation method based on delay and relative hops is proposed.Firstly,the delay vector of the landmarks is obtained by measuring the known landmarks with the probes,and the landmarks are clustered based on the delay vector;secondly,the landmarks are clustered based on the longitude and latitude of the landmarks,and intersect with the clustering results of the delay to form multiple training sets;thirdly,the delay vector of the landmarks in the training set is used as the input,and the longitude and latitude of the corresponding landmarks are used as the output to train neural networks,and the IP geolocation model is obtained;finally,according to the IP geolocation model,the delay vector from the probes to the target entity IP and the relative hops between the target IP and training sets are used to locate the target IP.Methods using delay clustering and longitude and latitude clustering of landmarks to construct multiple training sets,each training set is composed of landmarks with similar time delay and longitude and latitude,eliminating landmarks with similar time delay but different geographical location,and improving the reliability of geolocation.Based on the geolocation experiments in Hong Kong,Shanghai,Zhengzhou and New York State,it is shown that this method can achieve street-level geolocation,and compared with the existing typical street-level geolocation methods,this method can improve the reliability of geolocation within 10 km by 33.0%.3.Based on the fact that network paths can identify whether different network nodes belong to the same geographical area,and network delay can describe the distance between network nodes,a street-level IP geolocation method based on delay and path is proposed.In this method,a large number of landmarks are detected by the probes to obtain the delay and path information,and the path from the probes to the landmarks is quantified by the Hop-Hot coding to form the delay path vectors of the landmarks;secondly,the landmarks are clustered by the delay path vectors of the landmarks and the longitude and latitude of the landmarks respectively,and the two clustering results are intersected to form multiple training sets;then,the neural network trainer is constructed to take the delay path vectors of the landmarks in the corresponding training set as input,and the latitude and longitude of the corresponding landmarks as output Train to get the geolocation model;finally,based on the same detection method,obtain the stable path and delay of the target entity IP,construct a delay path vector from the probes to the target entity IP,and use the geolocation model to locate the target entity IP.The delay path vector clustering of landmarks used in the method eliminates the influence of landmarks with similar time delay but not similar geographical location on location;the longitude and latitude clustering of landmarks increases the consistency of sample training output,both of which ensure the reliability of location.The delay information used in the location method can better describe the proximity of nodes in the same area and improve the accuracy of street-level geolocation.Based on 53433 landmark experiments in Hongkong,Chinese mainland and New York State,a series of geolocation experiments were carried out.The results show that this method can achieve street-level IP geolocation.Compared with SLG and TTN,when the location threshold parameter is 0.9 and the training set scale parameter is 500,the reliability of location within 20 km is improved by 19.3% and 18.7%,and the median error is reduced by 6.65 km and 10.55 km,respectively.Finally,the work in this paper is summarized and the shortcomings and problems that need further study are pointed out.