CN110300368A - A kind of IP geo-positioning system overall process method - Google Patents

A kind of IP geo-positioning system overall process method Download PDF

Info

Publication number
CN110300368A
CN110300368A CN201910436919.8A CN201910436919A CN110300368A CN 110300368 A CN110300368 A CN 110300368A CN 201910436919 A CN201910436919 A CN 201910436919A CN 110300368 A CN110300368 A CN 110300368A
Authority
CN
China
Prior art keywords
node
geo
network
location
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910436919.8A
Other languages
Chinese (zh)
Other versions
CN110300368B (en
Inventor
鲁智勇
冯超
米士超
陶业荣
杨迪
张祥虎
王学宇
庞训龙
晋伊灿
鲁龙威
王鹏
王金锁
胡凯平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
63880 Troops Of Pla
Original Assignee
63880 Troops Of Pla
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 63880 Troops Of Pla filed Critical 63880 Troops Of Pla
Priority to CN201910436919.8A priority Critical patent/CN110300368B/en
Publication of CN110300368A publication Critical patent/CN110300368A/en
Application granted granted Critical
Publication of CN110300368B publication Critical patent/CN110300368B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/63Location-dependent; Proximity-dependent
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/023Services making use of location information using mutual or relative location information between multiple location based services [LBS] targets or of distance thresholds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W64/00Locating users or terminals or network equipment for network management purposes, e.g. mobility management
    • H04W64/003Locating users or terminals or network equipment for network management purposes, e.g. mobility management locating network equipment

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention belongs to technical field of network security, a kind of disclosed network IP geo-positioning system overall process method, it is the position that tested host is determined using a kind of method of triangulation location, the distance range of all neighbouring datum nodes to destination host forms an overlapping region, and using the center-of-mass coordinate of overlapping region as the actual physical address of measurement target, its geographical location is obtained.The present invention improves the accuracy of IP Geographic mapping, solves the problems, such as that the geographical location IP of network target node is accurately positioned.On civilian, the IP geo-positioning system conceptual solutions based on DoS attack can help network application to improve performance, improve safety and provide new service;Militarily, the IP geo-location fusion method based on multi-point cooperative can provide technical support for the cross-domain cooperation of network.

Description

A kind of IP geo-positioning system overall process method
Technical field
The invention belongs to technical field of network security, and in particular to a kind of network IP geo-positioning system overall process side Method.
Background technique
The basic skills of network IP geo-location is estimated using name, registration information or Delay of IP device etc. Count its geographical location.The basic principle of location algorithm design is: under the premise of guaranteeing positioning accuracy, reducing measurement to the greatest extent and opens Pin, while good scalability is had both, and privacy of user can be protected.Initial location algorithm is by being Domain Name to DNS System, the server inquiry of domain name system or excavates the information that lies in host name to speculate the geographical position of IP device It sets.Later, some location algorithms estimate position of host machine according to the linear relationship between time delay and geographic distance, and pass through topology Information reduces position error.In recent years, location algorithm based on probability becomes a research hotspot again, by finding time delay It is positioned with the regularity of distribution of geographic distance, though through continuously improving, these two types of algorithms cannot all be accurately positioned target section The geographical location IP of point, reason are not only to lack the datum node that closes on of multiple destination nodes, but also no relevant blending algorithm.
Be about IP geo-positioning system conceptual solutions it is very difficult, challenging, currently publish In document, related research result is not yet seen.
Summary of the invention
To solve the problems, such as that the geographical location IP of network target node is accurately positioned, the present invention is searched in the neighbouring datum node of foundation On the basis of rope is theoretical, a kind of network IP geo-positioning system overall process method is proposed.
For achieving the above object, the present invention adopts the following technical scheme:
A kind of network IP geo-positioning system overall process method, tested master is determined using a kind of method of triangulation location The distance range of the position of machine, all neighbouring datum nodes to destination host forms an overlapping region, and with overlapping region Actual physical address of the center-of-mass coordinate as measurement target, obtains its geographical location;The specific steps of which are as follows:
Step 1:IP geo-location is adjacent to datum node search module:
STEP.1 is searched for adjacent to datum node
The network measure path of neighbouring datum node B1: T is destination node;M1 and M2 is measuring node, to destination node Send network measure path data packet;B1 is the geographical location IP a reference value nearest away from destination node on network measure path;A is Network attack node;
According to measured destination host IP, network road warp is measured, the geographical location IP pattern library is compared, obtains network measure Road neighbouring datum node nearest away from Target IP on, and measure distance of the destination host to this adjacent to datum node;
STEP.2DoS attack test
It attacks host and implements DoS attack, Denial of Service attack to known neighbouring datum node;The known neighbouring base of obstruction Quasi- node prevents it from normally routing, so that reaching the network measure road of destination node by known neighbouring datum node Diameter is obstructed;
STEP.3 is searched for based on the neighbouring datum node of DoS attack
DoS attack is implemented to known neighbouring datum node, measurement network road warp obtains the new neighbouring benchmark of Target IP Node, and measure destination host to new neighbouring datum node distance;
The network measure path of neighbouring datum node B2: T is destination node;M1 and M2 is measuring node, to destination node Send network measure path data packet;B1 is known neighbouring datum node, B2 on network measure path away from destination node most The close geographical location IP a reference value;A is network attack node, sends DoS data packet to known neighbouring datum node;
The network measure path of neighbouring datum node B3: T is destination node;M1 and M2 is measuring node, to destination node Send network measure path data packet;B1 and B2 is known neighbouring datum node, and B3 is on network measure path away from target section The nearest geographical location the IP a reference value of point;A is network attack node, sends DoS data packet to known neighbouring datum node;
The network measure path of neighbouring datum node B4: T is destination node;M1 and M2 is measuring node, to destination node Send network measure path data packet;B1, B2 and B3 are known neighbouring datum node, and B4 is on network measure path away from target The nearest geographical location the IP a reference value of node;A is network attack node, sends DoS data packet to known neighbouring datum node;
Step 2:IP geo-location module, the IP geo-location module based on multi-point cooperative is using a kind of fixed similar to triangle The method of position determines the position of tested host;Assuming that there are a kind of linear relationships between time delay and geographic distance, such as formula (1) It is shown:
di=m.c. (xi-bi) (1)
Wherein, diRepresent datum node BiTo the geographic distance of tested node T, xiRepresent the time delay between two kinds of nodes, bi Certain local time delay for representing datum node, such as congestion time delay;M is conversion factor, and m:0 < m < 1, c are the light velocity;By probability Estimate that tested host arrives the distance of datum node, when the number of datum node is greater than 2, then one overlapping region of formation, and with Actual physical address of the center-of-mass coordinate of overlapping region as measurement target, so that it is determined that the position of tested host;
Step 3:IP geo-location blending algorithm module
Input: n intersection is not empty border circular areas { (xi,yi,ri) i=1,2 ... n, wherein xi,yiFor central coordinate of circle And riFor round radius;
Output: n border circular areas { (xi,yi,ri) i=1,2 ... the center-of-mass coordinate (c_x, c_y) of n intersection part and face Product Ar;
It is respectively g_x and g_y that x-axis and the granularity of y-axis, which is arranged, in Step.1;
And set constraint condition set as s=(x, y) | i=1,2 ... n, (x-xi)2-(y-yi)2≤ri 2}。
Step.2 is by section rectangular area { mix≤x≤max,miy≤y≤mayWith x-axis granularity g_x and y-axis granularity g_y Discrete processes are carried out, wherein mix=min1≤i≤n{xi-ri, max=max1≤i≤n{xi+ri, miy=min1≤i≤n{yi-ri, may =max1≤i≤n{yi+ri};That is, the collection of discretization coordinate points be combined into DS=(x, y) | x=mix+ j.g_x, y=miy+ k.g_y }, Wherein 0≤j≤fix ((max-mix)/g_x,0≤k≤fix((may-miy)/g_y) and fix () function representation remove integer;
The collection that Step.3 then justifies the discrete coordinates of intersection areas more is combined into DS ∩ S;Center-of-mass coordinate c_x, c_ are calculated below Y:
Wherein | | | | the gesture of function representation set;
Step 4:IP geo-location error analysis module:
IP geo-location module based on multi-point cooperative is the physics using the center-of-mass coordinate of overlapping region as measurement target Address, since the actual physical address of target is the geographical coordinate of overlapping region any point, the IP based on multi-point cooperative There are errors for geo-location, carry out precision analysis as geo-location error in the area of this overlapping region;Overlapping region face Long-pending solution carries out discretization to overlapping region with the granularity set, solves overlapping region area again on this basis;
It is a convex set that Step.4, which is based on more circle intersection areas, calculates its area Ar: calculating
If n=(xmax-xmin)/g_x, being apparent from n is integer;
Then obtain:
ymin(xmin+(i-1)·g_x)-ymin(xmin+i·g_x))·g_x/2。
Step 5: the IP geo-positioning system general frame based on DoS attack
The general frame of IP geo-positioning system solution based on DoS attack are as follows: destination host IP passes through IP geography Positioning scheduler module is connected with network path measurement module, DoS attack module respectively;Network path measurement module, DoS attack mould The output end of block passes through target network module respectively and is connected with neighbouring datum node search module;Neighbouring datum node search module Output end is connected by IP geo-location blending algorithm module with IP geo-location error analysis module;Wherein, IP geo-location The data output end of scheduler module is connected by the geographical location IP pattern library with neighbouring datum node search module;IP geo-location Blending algorithm module data end is connected with the data terminal of IP geo-location scheduler module.
IP geo-positioning system solution workflow based on DoS attack is as follows:
According to measured destination host IP, network path measurement module measures network road warp, passes through neighbouring datum node Search module compares the geographical location IP pattern library, obtains network measure road neighbouring datum node nearest away from Target IP on, and Destination host is measured to this adjacent to the distance of datum node;
To known neighbouring datum node, DoS attack is implemented by DoS attack module, measurement network road warp obtains target The new neighbouring datum node of IP, and measure destination host to neighbouring datum node newly distance;
The distance range of all neighbouring datum nodes to destination host forms an overlapping region, and with the mass center of overlapping region Actual physical address of the coordinate as measurement target, obtains its geographical location;
IP geo-location module based on multi-point cooperative is the physics using the center-of-mass coordinate of overlapping region as measurement target Address, the actual physical address of the target are the geographical coordinates of overlapping region any point, therefore based on multi-point cooperative There are errors for IP geo-location, and the area of overlapping region is as geo-location error.
Due to the adoption of the above technical scheme, the present invention has the following advantages:
The present invention is geographical for the IP that cannot be accurately positioned network target node existing for existing IP geographic positioning technology Position problems are tested by DoS attack, on the basis of the multiple neighbouring datum nodes for obtaining destination node, are proposed based on more The IP geo-location module of point collaboration, establishes the IP geo-location blending algorithm module based on multi-point cooperative, and construct base In the IP geo-location error analysis module of multi-point cooperative, IP geo-positioning system of the design with realization based on DoS attack is overall Solution improves the accuracy of IP Geographic mapping, and the geographical location IP for solving network target node is accurately positioned Problem.On civilian, the IP geo-positioning system conceptual solutions based on DoS attack can help network application improvement property It can, improve safety and new service be provided;Militarily, the IP geo-location fusion method based on multi-point cooperative can be The cross-domain cooperation of network provides technical support.
To solve the problems, such as that the geographical location IP of network target node is accurately positioned, the present invention is searched in the neighbouring datum node of foundation On the basis of rope is theoretical, the IP geo-location theory based on multi-point cooperative is proposed, it is geographical to establish the IP based on multi-point cooperative Blending algorithm is positioned, and constructs the IP geo-location error analysis method based on multi-point cooperative, design is attacked with realization based on DoS The IP geo-positioning system conceptual solutions hit, improve the accuracy of IP Geographic mapping, can be the cross-domain collaboration of network It fights and technical support is provided.
IP geo-positioning system conceptual solutions based on DoS attack are using the center-of-mass coordinate of overlapping region as measurement The physical address of target, but the actual physical address of target may be the geographical coordinate of overlapping region any point, therefore be based on There is a certain error for the IP geo-location of multi-point cooperative, and the area of overlapping region can be used as geo-location error.
The present invention is geographical for the IP that cannot be accurately positioned network target node existing for existing IP geographic positioning technology Position problems are tested by DoS attack, on the basis of the multiple neighbouring datum nodes for obtaining destination node, are proposed based on more The IP geo-location of point collaboration is theoretical, establishes the IP geo-location blending algorithm based on multi-point cooperative, and constructs based on more The IP geo-location error analysis method of point collaboration, design are totally solved with the IP geo-positioning system based on DoS attack is realized Scheme improves the accuracy of IP Geographic mapping, solves the problems, such as that the geographical location IP of network target node is accurately positioned. On civilian, the IP geo-positioning system conceptual solutions based on DoS attack can help network application to improve performance, improve Safety and provide new service;Militarily, the IP geo-location fusion method based on multi-point cooperative can for network across Domain cooperation provides technical support
Detailed description of the invention book
Fig. 1 is IP geo-positioning system block diagram of the present invention.
Fig. 2 is IP geo-positioning system general frame figure.
Fig. 3 is the implementation flow chart of network IP geo-positioning system overall process;
Fig. 4 is the network measure path profile of neighbouring datum node B1;
Fig. 5 is the network measure path profile of neighbouring datum node B2;
Fig. 6 is the network measure path profile of neighbouring datum node B3;
Fig. 7 is the network measure path profile of neighbouring datum node B4;
Fig. 8 is the IP geo-location module map based on multi-point cooperative.
Specific embodiment
As shown in Fig. 1,2,3,4,5,6,7,8, a kind of network IP geo-positioning system overall process method is based on multiple spot The IP geo-location module of collaboration establishes the IP geo-location blending algorithm module based on multi-point cooperative, and constructs and be based on The IP geo-location error analysis method module of multi-point cooperative, design and IP geo-positioning system of the realization based on DoS attack are total Body solution improves the accuracy of IP Geographic mapping, can provide technical support for the cross-domain cooperation of network.
The processing method is that the position of tested host is determined using a kind of method similar to triangulation location.It is all neighbouring The distance range of datum node to destination host forms an overlapping region, and using the center-of-mass coordinate of overlapping region as measurement mesh Target actual physical address obtains its geographical location.IP geo-positioning system conceptual solutions based on DoS attack are to hand over Physical address of the center-of-mass coordinate in folded region as measurement target, but the actual physical address of target may be that overlapping region is any The geographical coordinate of a bit, therefore there is a certain error for the IP geo-location based on multi-point cooperative, the area of overlapping region can be made For geo-location error.
A kind of network IP geo-positioning system overall process method, tested master is determined using a kind of method of triangulation location The distance range of the position of machine, all neighbouring datum nodes to destination host forms an overlapping region, and with overlapping region Actual physical address of the center-of-mass coordinate as measurement target, obtains its geographical location;The specific steps of which are as follows:
Step 1:IP geo-location is used for adjacent to datum node search module:
STEP.1 is searched for adjacent to datum node
The network measure path of neighbouring datum node B1: T is destination node;M1 and M2 is measuring node, to destination node Send network measure path data packet;B1 is the geographical location IP a reference value nearest away from destination node on network measure path;A is Network attack node;
According to measured destination host IP, network road warp is measured, the geographical location IP pattern library is compared, obtains network measure Road neighbouring datum node nearest away from Target IP on, and measure distance of the destination host to this adjacent to datum node;
STEP.2DoS attack test
It attacks host and implements DoS attack, Denial of Service attack to known neighbouring datum node;The known neighbouring base of obstruction Quasi- node prevents it from normally routing, so that reaching the network measure road of destination node by known neighbouring datum node Diameter is obstructed;
STEP.3 is searched for based on the neighbouring datum node of DoS attack
DoS attack is implemented to known neighbouring datum node, measurement network road warp obtains the new neighbouring benchmark of Target IP Node, and measure destination host to new neighbouring datum node distance;
The network measure path of neighbouring datum node B2: T is destination node;M1 and M2 is measuring node, to destination node Send network measure path data packet;B1 is known neighbouring datum node, B2 on network measure path away from destination node most The close geographical location IP a reference value;A is network attack node, sends DoS data packet to known neighbouring datum node;
The network measure path of neighbouring datum node B3: T is destination node;M1 and M2 is measuring node, to destination node Send network measure path data packet;B1 and B2 is known neighbouring datum node, and B3 is on network measure path away from target section The nearest geographical location the IP a reference value of point;A is network attack node, sends DoS data packet to known neighbouring datum node;
The network measure path of neighbouring datum node B4: T is destination node;M1 and M2 is measuring node, to destination node Send network measure path data packet;B1, B2 and B3 are known neighbouring datum node, and B4 is on network measure path away from target The nearest geographical location the IP a reference value of node;A is network attack node, sends DoS data packet to known neighbouring datum node;
Step 2:IP geo-location module, the IP geo-location module based on multi-point cooperative is using a kind of fixed similar to triangle The method of position determines the position of tested host;Assuming that there are a kind of linear relationships between time delay and geographic distance, such as formula (1) It is shown:
di=m.c. (xi-bi) (1)
Wherein, diRepresent datum node BiTo the geographic distance of tested node T, xiRepresent the time delay between two kinds of nodes, bi Certain local time delay for representing datum node, such as congestion time delay;M is conversion factor, and m:0 < m < 1, c are the light velocity;By probability Estimate that tested host arrives the distance of datum node, when the number of datum node is greater than 2, then one overlapping region of formation, and with Actual physical address of the center-of-mass coordinate of overlapping region as measurement target, so that it is determined that the position of tested host;
Step 3:IP geo-location blending algorithm module
Input: n intersection is not empty border circular areas { (xi,yi,ri) i=1,2 ... n, wherein xi,yiFor central coordinate of circle And riFor round radius;
Output: n border circular areas { (xi,yi,ri) i=1,2 ... the center-of-mass coordinate (c_x, c_y) of n intersection part and face Product Ar;
It is respectively g_x and g_y that x-axis and the granularity of y-axis, which is arranged, in Step.1;
And set constraint condition set as s=(x, y) | i=1,2 ... n, (x-xi)2-(y-yi)2≤ri 2}。
Step.2 is by section rectangular area { mix≤x≤max,miy≤y≤mayWith x-axis granularity g_x and y-axis granularity g_y Discrete processes are carried out, wherein mix=min1≤i≤n{xi-ri, max=max1≤i≤n{xi+ri, miy=min1≤i≤n{yi-ri, may =max1≤i≤n{yi+ri};That is, the collection of discretization coordinate points be combined into DS=(x, y) | x=mix+ j.g_x, y=miy+ k.g_y }, Wherein 0≤j≤fix ((max-mix)/g_x,0≤k≤fix((may-miy)/g_y) and fix () function representation remove integer;
The collection that Step.3 then justifies the discrete coordinates of intersection areas more is combined into DS ∩ S;Center-of-mass coordinate c_x, c_ are calculated below Y:
Wherein | | | | the gesture of function representation set;
Step 4:IP geo-location error analysis module:
IP geo-location module based on multi-point cooperative is the physics using the center-of-mass coordinate of overlapping region as measurement target Address, since the actual physical address of target is the geographical coordinate of overlapping region any point, the IP based on multi-point cooperative There are errors for geo-location, carry out precision analysis as geo-location error in the area of this overlapping region;Overlapping region face Long-pending solution carries out discretization to overlapping region with the granularity set, solves overlapping region area again on this basis;
It is a convex set that Step.4, which is based on more circle intersection areas, calculates its area Ar: calculating
If n=(xmax-xmin)/g_x, being apparent from n is integer;
Then obtain:
ymin(xmin+(i-1)·g_x)-ymin(xmin+i·g_x))·g_x/2。
Step 5: the IP geo-positioning system general frame based on DoS attack, as shown in Figure 2.
The general frame of IP geo-positioning system solution based on DoS attack are as follows: destination host IP passes through IP geography Positioning scheduler module is connected with network path measurement module, DoS attack module respectively;Network path measurement module, DoS attack mould The output end of block passes through target network module respectively and is connected with neighbouring datum node search module;Neighbouring datum node search module Output end is connected by IP geo-location blending algorithm module with IP geo-location error analysis module;Wherein, IP geo-location The data output end of scheduler module is connected by the geographical location IP pattern library with neighbouring datum node search module;IP geo-location Blending algorithm module data end is connected with the data terminal of IP geo-location scheduler module.
IP geo-positioning system solution workflow based on DoS attack, as shown in Figure 3.
According to measured destination host IP, network path measurement module measures network road warp, passes through neighbouring datum node Search module compares the geographical location IP pattern library, obtains network measure road neighbouring datum node nearest away from Target IP on, and Destination host is measured to this adjacent to the distance of datum node;
To known neighbouring datum node, DoS attack is implemented by DoS attack module, measurement network road warp obtains target The new neighbouring datum node of IP, and measure destination host to neighbouring datum node newly distance;
The distance range of all neighbouring datum nodes to destination host forms an overlapping region, and with the mass center of overlapping region Actual physical address of the coordinate as measurement target, obtains its geographical location;
IP geo-location module based on multi-point cooperative is the physics using the center-of-mass coordinate of overlapping region as measurement target Address, the actual physical address of the target are the geographical coordinates of overlapping region any point, therefore based on multi-point cooperative There are errors for IP geo-location, and the area of overlapping region is as geo-location error.

Claims (1)

1. a kind of network IP geo-positioning system overall process method, it is characterized in that: using a kind of method of triangulation location come really Surely the position of tested host, the distance range of all neighbouring datum nodes to destination host form an overlapping region, and to hand over Actual physical address of the center-of-mass coordinate in folded region as measurement target, obtains its geographical location;The specific steps of which are as follows:
Step 1:IP geo-location is used for adjacent to datum node search module:
STEP.1 is searched for adjacent to datum node
The network measure path of neighbouring datum node B1: T is destination node;M1 and M2 is measuring node, is sent to destination node Network measure path data packet;B1 is the geographical location IP a reference value nearest away from destination node on network measure path;A is network Attack node;
According to measured destination host IP, network road warp is measured, the geographical location IP pattern library is compared, obtains network measure road warp On the neighbouring datum node nearest away from Target IP, and measure distance of the destination host to this adjacent to datum node;
The test of STEP.2 DoS attack
It attacks host and implements DoS attack, Denial of Service attack to known neighbouring datum node;The known neighbouring benchmark section of obstruction Point prevents it from normally routing, so that reaching the network measure path of destination node not by known neighbouring datum node It is logical;
STEP.3 is searched for based on the neighbouring datum node of DoS attack
DoS attack is implemented to known neighbouring datum node, measurement network road warp obtains the new neighbouring benchmark section of Target IP Point, and measure destination host to new neighbouring datum node distance;
The network measure path of neighbouring datum node B2: T is destination node;M1 and M2 is measuring node, is sent to destination node Network measure path data packet;B1 is known neighbouring datum node, and B2 is nearest away from destination node on network measure path The geographical location IP a reference value;A is network attack node, sends DoS data packet to known neighbouring datum node;
The network measure path of neighbouring datum node B3: T is destination node;M1 and M2 is measuring node, is sent to destination node Network measure path data packet;B1 and B2 is known neighbouring datum node, B3 on network measure path away from destination node most The close geographical location IP a reference value;A is network attack node, sends DoS data packet to known neighbouring datum node;
The network measure path of neighbouring datum node B4: T is destination node;M1 and M2 is measuring node, is sent to destination node Network measure path data packet;B1, B2 and B3 are known neighbouring datum node, and B4 is on network measure path away from destination node The nearest geographical location IP a reference value;A is network attack node, sends DoS data packet to known neighbouring datum node;
Step 2:IP geo-location module, the IP geo-location module based on multi-point cooperative is using a kind of similar to triangulation location Method determines the position of tested host;Assuming that there are a kind of linear relationships between time delay and geographic distance, such as formula (1) institute Show:
di=m.c. (xi-bi) (1)
Wherein, diRepresent datum node BiTo the geographic distance of tested node T, xiRepresent the time delay between two kinds of nodes, biIt represents Certain local time delay of datum node, such as congestion time delay;M is conversion factor, and m:0 < m < 1, c are the light velocity;By probability estimate The distance of tested host to datum node forms an overlapping region, and then when the number of datum node is greater than 2 with overlapping Actual physical address of the center-of-mass coordinate in region as measurement target, so that it is determined that the position of tested host;
Step 3:IP geo-location blending algorithm module
Input: n intersection is not empty border circular areas { (xi,yi,ri) i=1,2 ... n, wherein xi,yiFor central coordinate of circle and ri For round radius;
Output: n border circular areas { (xi,yi,ri) i=1,2 ... the center-of-mass coordinate (c_x, c_y) and area of n intersection part Ar;
It is respectively g_x and g_y that x-axis and the granularity of y-axis, which is arranged, in Step.1;
And set constraint condition set as s=(x, y) | i=1,2 ... n, (x-xi)2-(y-yi)2≤ri 2};
Step.2 is by section rectangular area { mix≤x≤max,miy≤y≤mayWith x-axis granularity g_x and y-axis granularity g_y carry out from Processing is dissipated, wherein mix=min1≤i≤n{xi-ri, max=max1≤i≤n{xi+ri, miy=min1≤i≤n{yi-ri, may= max1≤i≤n{yi+ri};That is, the collection of discretization coordinate points be combined into DS=(x, y) | x=mix+ j.g_x, y=miy+ k.g_y }, In 0≤j≤fix ((max-mix)/g_x,0≤k≤fix((may-miy)/g_y) and fix () function representation remove integer;
The collection that Step.3 then justifies the discrete coordinates of intersection areas more is combined into DS ∩ S;Center-of-mass coordinate c_x, c_y are calculated below:
Wherein | | | | the gesture of function representation set;
Step 4:IP geo-location error analysis module:
IP geo-location module based on multi-point cooperative is the physical address using the center-of-mass coordinate of overlapping region as measurement target, Since the actual physical address of target is the geographical coordinate of overlapping region any point, the IP geography based on multi-point cooperative is fixed There are errors for position, carry out precision analysis as geo-location error in the area of this overlapping region;Overlapping region area is asked Solution carries out discretization to overlapping region with the granularity set, solves overlapping region area again on this basis;
It is a convex set that Step.4, which is based on more circle intersection areas, calculates its area Ar: calculating
If n=(xmax-xmin)/g_x, being apparent from n is integer;
Then obtain:
Step 5: the IP geo-positioning system general frame based on DoS attack
The general frame of IP geo-positioning system solution based on DoS attack are as follows: destination host IP passes through IP geo-location Scheduler module is connected with network path measurement module, DoS attack module respectively;Network path measurement module, DoS attack module Output end passes through target network module respectively and is connected with neighbouring datum node search module;Neighbouring datum node search module exports End is connected by IP geo-location blending algorithm module with IP geo-location error analysis module;Wherein, IP geo-location is dispatched The data output end of module is connected by the geographical location IP pattern library with neighbouring datum node search module;The fusion of IP geo-location Algoritic module data terminal is connected with the data terminal of IP geo-location scheduler module;
IP geo-positioning system solution workflow based on DoS attack is as follows:
According to measured destination host IP, network path measurement module measures network road warp, is searched for by neighbouring datum node Module compares the geographical location IP pattern library, obtains network measure road neighbouring datum node nearest away from Target IP on, and measure Destination host is to this adjacent to the distance of datum node;
To known neighbouring datum node, DoS attack is implemented by DoS attack module, measurement network road warp obtains Target IP New neighbouring datum node, and measure destination host to new neighbouring datum node distance;
The distance range of all neighbouring datum nodes to destination host forms an overlapping region, and with the center-of-mass coordinate of overlapping region As the actual physical address of measurement target, its geographical location is obtained;IP geo-location module based on multi-point cooperative is to hand over Physical address of the center-of-mass coordinate in folded region as measurement target, the actual physical address of the target is that overlapping region is any The geographical coordinate of a bit, therefore there are errors for the IP geo-location based on multi-point cooperative, the area of overlapping region is as geographical Position error.
CN201910436919.8A 2019-05-24 2019-05-24 IP geographical positioning system overall processing method Active CN110300368B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910436919.8A CN110300368B (en) 2019-05-24 2019-05-24 IP geographical positioning system overall processing method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910436919.8A CN110300368B (en) 2019-05-24 2019-05-24 IP geographical positioning system overall processing method

Publications (2)

Publication Number Publication Date
CN110300368A true CN110300368A (en) 2019-10-01
CN110300368B CN110300368B (en) 2021-01-01

Family

ID=68027131

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910436919.8A Active CN110300368B (en) 2019-05-24 2019-05-24 IP geographical positioning system overall processing method

Country Status (1)

Country Link
CN (1) CN110300368B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113824810A (en) * 2021-08-23 2021-12-21 南京莱克贝尔信息技术有限公司 Target-driven IP address geographic position inference method

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050252957A1 (en) * 2004-05-13 2005-11-17 Cisco Technology, Inc. Methods and devices for locating and uniquely provisioning RFID devices
CN101222317A (en) * 2007-11-29 2008-07-16 哈尔滨工程大学 Depth-first attack drawing generating method
CN105245627A (en) * 2015-08-31 2016-01-13 罗向阳 IP positioning method based on network coordinate system
CN105991639A (en) * 2015-07-08 2016-10-05 北京匡恩网络科技有限责任公司 Network attack path analysis method
CN106453417A (en) * 2016-12-05 2017-02-22 国网浙江省电力公司电力科学研究院 Network attack target prediction method based on neighbor similarity
CN109688107A (en) * 2018-11-20 2019-04-26 西安电子科技大学 Cloud data safety localization method based on integrality audit and communication delay

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050252957A1 (en) * 2004-05-13 2005-11-17 Cisco Technology, Inc. Methods and devices for locating and uniquely provisioning RFID devices
CN101222317A (en) * 2007-11-29 2008-07-16 哈尔滨工程大学 Depth-first attack drawing generating method
CN105991639A (en) * 2015-07-08 2016-10-05 北京匡恩网络科技有限责任公司 Network attack path analysis method
CN105245627A (en) * 2015-08-31 2016-01-13 罗向阳 IP positioning method based on network coordinate system
CN106453417A (en) * 2016-12-05 2017-02-22 国网浙江省电力公司电力科学研究院 Network attack target prediction method based on neighbor similarity
CN109688107A (en) * 2018-11-20 2019-04-26 西安电子科技大学 Cloud data safety localization method based on integrality audit and communication delay

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113824810A (en) * 2021-08-23 2021-12-21 南京莱克贝尔信息技术有限公司 Target-driven IP address geographic position inference method

Also Published As

Publication number Publication date
CN110300368B (en) 2021-01-01

Similar Documents

Publication Publication Date Title
Shu et al. Gradient-based fingerprinting for indoor localization and tracking
EP3139196B1 (en) System and method for positioning, mapping and data management by using crowdsourcing
Xiao et al. Reliable anchor-based sensor localization in irregular areas
CN110474843B (en) IP positioning method based on route hop count
Li et al. Rendered path: Range-free localization in anisotropic sensor networks with holes
CN104506591A (en) Target IP (Internet protocol) geographic position locating method based on nearest common router
Youn et al. Statistical geolocation of internet hosts
US8589459B1 (en) Privacy and security enhanced internet geolocation
Huang et al. Dynamic coverage in ad-hoc sensor networks
Liu et al. Node localization algorithm for wireless sensor networks based on static anchor node location selection strategy
CN110300368A (en) A kind of IP geo-positioning system overall process method
Chen et al. Towards IP location estimation using the nearest common router
US10015627B1 (en) System and method for reliable wireless device location mapping
Hillmann et al. On the path to high precise ip geolocation: A self-optimizing model
Laki et al. A detailed path-latency model for router geolocation
CN111711707A (en) IP address positioning method based on neighbor relation
CN113824810A (en) Target-driven IP address geographic position inference method
St Reconstructing trajectories from sparse call detail records
Hillmann et al. Dragoon: advanced modelling of IP geolocation by use of latency measurements
CN106937298B (en) A kind of improved wireless sensor network 3-D positioning method
Komosny et al. Estimation of Internet Node Location by Latency Measurements-The Underestimation Problem
Jinxia et al. Ip geolocation technology research based on network measurement
Candela et al. Dissecting the speed-of-internet of Middle East
Wang et al. Target driven IP Geolocation Algorithm
Ciavarrini et al. Geolocation of internet hosts using smartphones and crowdsourcing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant