CN110300368B - IP geographical positioning system overall processing method - Google Patents
IP geographical positioning system overall processing method Download PDFInfo
- Publication number
- CN110300368B CN110300368B CN201910436919.8A CN201910436919A CN110300368B CN 110300368 B CN110300368 B CN 110300368B CN 201910436919 A CN201910436919 A CN 201910436919A CN 110300368 B CN110300368 B CN 110300368B
- Authority
- CN
- China
- Prior art keywords
- target
- network
- node
- measuring
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
- H04W12/122—Counter-measures against attacks; Protection against rogue devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/63—Location-dependent; Proximity-dependent
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/02—Services making use of location information
- H04W4/023—Services making use of location information using mutual or relative location information between multiple location based services [LBS] targets or of distance thresholds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W64/00—Locating users or terminals or network equipment for network management purposes, e.g. mobility management
- H04W64/003—Locating users or terminals or network equipment for network management purposes, e.g. mobility management locating network equipment
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention belongs to the technical field of network security, and discloses a network IP geographical positioning system overall processing method, which adopts a triangulation method to determine the position of a measured host, forms an overlapping area in the distance range from all adjacent reference nodes to a target host, and obtains the geographical position of the target by taking the centroid coordinate of the overlapping area as the actual physical address of the measured target. The invention improves the accuracy of IP geographical position positioning and solves the problem of accurate positioning of the IP geographical position of the network target node. For civil use, the overall solution of the IP geographic positioning system based on the DoS attack can help network application to improve performance, improve safety and provide new services; in military affairs, the IP geographic positioning fusion method based on multi-point cooperation can provide technical support for network cross-domain cooperative combat.
Description
Technical Field
The invention belongs to the technical field of network security, and particularly relates to a network IP geographical positioning system overall processing method.
Background
The basic method of network IP geolocation is to estimate its geographic location using the name of the IP device, registration information, or latency information. The basic principle of positioning algorithm design is as follows: on the premise of ensuring the positioning accuracy, the method reduces the measurement overhead as much as possible, has good expansibility and can protect the privacy of users. The initial location algorithm infers the geographic location of the IP device by querying or mining the information implied in the host Name to the DNS, Domain Name System, servers of the Domain Name System. Some positioning algorithms then estimate the host location based on a linear relationship between time delay and geographic distance, and reduce the positioning error through topological information. In recent years, probability-based positioning algorithms become a research hotspot again, positioning is performed by searching for a distribution rule of time delay and geographic distance, and although improvement is continuously performed, the two types of algorithms cannot accurately position the IP geographic position of a target node because of the lack of adjacent reference nodes of a plurality of target nodes and no related fusion algorithm.
The overall solution for IP geolocation systems is very difficult and challenging, and no relevant research results have been seen in the currently published literature.
Disclosure of Invention
In order to solve the problem of accurate positioning of the IP geographical position of a network target node, the invention provides a general processing method of a network IP geographical positioning system on the basis of establishing a search theory of adjacent reference nodes.
In order to achieve the purpose, the invention adopts the following technical scheme:
a network IP geographic positioning system overall processing method adopts a triangular positioning method to determine the position of a measured host, the distance ranges from all adjacent reference nodes to a target host form an overlapping area, and the centroid coordinates of the overlapping area are used as the actual physical address of a measuring target to obtain the geographic position of the measuring target; the method comprises the following specific steps:
step 1: IP geographical positioning adjacent reference node searching module:
STEP.1 neighbor reference node search
Network measurement path adjacent to reference node B1: t is a target node; m1 and M2 are measuring nodes and send network measuring path data packets to a target node; b1 is the IP geographical position reference value nearest to the target node on the network measurement path; a is a network attack node;
according to the measured IP of the target host, measuring network path, comparing the measured IP with the IP geographical position reference library to obtain a neighboring reference node which is closest to the target IP on the network measured path, and measuring the distance from the target host to the neighboring reference node;
STEP.2DoS attack test
The attack host implements DoS attack to the known adjacent reference node and refuses service attack; blocking the known adjacent reference nodes to enable the known adjacent reference nodes not to be normally routed, so that network measurement paths which pass through the known adjacent reference nodes and reach the target nodes are not communicated;
STEP.3 DoS attack-based neighboring reference node search
Performing DoS attack on the known adjacent reference node, measuring a network path to obtain a new adjacent reference node of the target IP, and measuring the distance from the target host to the new adjacent reference node;
network measurement path adjacent to reference node B2: t is a target node; m1 and M2 are measuring nodes and send network measuring path data packets to a target node; b1 is a known adjacent reference node, B2 is an IP geographical position reference value which is closest to a target node on a network measurement path; a is a network attack node, and a DoS data packet is sent to a known adjacent reference node;
network measurement path adjacent to reference node B3: t is a target node; m1 and M2 are measuring nodes and send network measuring path data packets to a target node; b1 and B2 are known adjacent reference nodes, B3 is an IP geographical position reference value which is closest to a target node on a network measurement path; a is a network attack node, and a DoS data packet is sent to a known adjacent reference node;
network measurement path adjacent to reference node B4: t is a target node; m1 and M2 are measuring nodes and send network measuring path data packets to a target node; b1, B2 and B3 are known adjacent reference nodes, B4 is an IP geographical position reference value closest to a target node on a network measurement path; a is a network attack node, and a DoS data packet is sent to a known adjacent reference node;
step 2: the IP geographic positioning module is used for determining the position of the tested host by adopting a method similar to triangular positioning based on the multi-point cooperative IP geographic positioning module; assuming that there is a linear relationship between the time delay and the geographical distance, as shown in equation (1):
ri=m×c×(xi-bi) (1)
wherein d isiRepresenting a reference node BiGeographical distance, x, to node T under testiRepresenting the time delay between two nodes, biSome local delay representing a reference node, such as congestion delay; m is a conversion coefficient, m: m is more than 0 and less than 1, and c is the speed of light; estimating the distance from the tested host to the reference node probabilistically, forming an overlapping area when the number of the reference nodes is more than 2, and determining the position of the tested host by taking the centroid coordinate of the overlapping area as the actual physical address of the measuring target;
and step 3: IP geographical positioning fusion algorithm module
Inputting: n circular regions whose intersection is not empty { (x)i,yi,ri) N, where x is 1,2i,yiIs a circle center coordinate and riIs the radius of the circle;
and (3) outputting: n circular regions { (x)i,yi,ri) 1, 2.. n. centroid coordinates (c _ x, c _ y) and area Ar of the intersection portion;
step.1, setting the granularity of an x axis and a y axis as g _ x and g _ y respectively;
Step.2. rectangle region of interval { mix≤x≤max,miy≤y≤mayDiscretizing with x-axis granularity g _ x and y-axis granularity g _ y, where mi isx=min1≤i≤n{xi-ri},maxmax1≤i≤n{xi+ri},miy=min1≤i≤n{yi-ri},may=max1≤i≤n{yi+ri}; that is, the set of discretized coordinate points is DS { (x, y) | x ═ mi { (x, y) |x+j×g_x,y=miy+ kXg _ y }, where j is 0 ≦ j ≦ fix ((ma) ≦x-mix)/g_x,0≤k≤fix((may-miy) /g _ y) and the fix () function represents a take down integer };
step.3, the set of the discrete coordinate points of the multi-circle intersection region is DS n S; the centroid coordinates c _ x, c _ y are calculated as follows:
wherein the | · | | function represents the potential of the set;
and 4, step 4: IP geographical positioning error analysis module:
the IP geographical positioning module based on the multi-point coordination takes the centroid coordinate of the overlapped area as the physical address of the measurement target, and because the actual physical address of the target is the geographical coordinate of any point in the overlapped area, the IP geographical positioning based on the multi-point coordination has an error, and the area of the overlapped area is taken as the geographical positioning error for precision analysis; solving the area of the overlapped region, discretizing the overlapped region by set granularity, and then solving the area of the overlapped region on the basis;
step.4, based on the fact that the multi-circle intersection region is a convex set, calculating the area Ar: computing
Let n be (x)max-xmin) /g _ x, where n is an integer;
then the following results are obtained:
and 5: IP geographical positioning system overall architecture based on DoS attack
The overall architecture of the solution of the IP geographic positioning system based on the DoS attack is as follows: the target host IP is respectively connected with the network path measuring module and the DoS attack module through the IP geographical positioning scheduling module; the output ends of the network path measuring module and the DoS attack module are respectively connected with the adjacent reference node searching module through the target network module; the output end of the adjacent reference node searching module is connected with the IP geographical positioning error analysis module through the IP geographical positioning fusion algorithm module; the data output end of the IP geographic positioning scheduling module is connected with the adjacent reference node searching module through the IP geographic position reference library; and the data end of the IP geographical positioning fusion algorithm module is connected with the data end of the IP geographical positioning scheduling module.
The working process of the IP geographic positioning system solution based on the DoS attack is as follows:
according to the measured IP of the target host, the network path measuring module measures network paths, the adjacent reference node searching module compares the IP geographic position reference library to obtain the adjacent reference node which is closest to the target IP on the network measuring paths, and the distance from the target host to the adjacent reference node is measured;
performing DoS attack on the known adjacent reference nodes through a DoS attack module, measuring network paths to obtain new adjacent reference nodes of the target IP, and measuring the distance from the target host to the new adjacent reference nodes;
forming an overlapping area in the distance range from all the adjacent reference nodes to the target host, and taking the centroid coordinates of the overlapping area as the actual physical address of the measurement target to obtain the geographic position of the measurement target;
the IP geographic positioning module based on the multi-point coordination takes the centroid coordinate of the overlapped area as the physical address of the measurement target, the actual physical address of the target is the geographic coordinate of any point in the overlapped area, therefore, the IP geographic positioning based on the multi-point coordination has errors, and the area of the overlapped area is taken as the geographic positioning error.
Due to the adoption of the technical scheme, the invention has the following advantages:
aiming at the problem that the IP geographical position of a network target node cannot be accurately positioned in the existing IP geographical positioning technology, the invention provides an IP geographical positioning module based on multi-point coordination on the basis of obtaining a plurality of adjacent reference nodes of the target node through a DoS attack test, establishes an IP geographical positioning fusion algorithm module based on multi-point coordination, establishes an IP geographical positioning error analysis module based on multi-point coordination, designs and realizes an IP geographical positioning system overall solution based on DoS attack, improves the accuracy of IP geographical position positioning and solves the problem of the IP geographical position accurate positioning of the network target node. For civil use, the overall solution of the IP geographic positioning system based on the DoS attack can help network application to improve performance, improve safety and provide new services; in military affairs, the IP geographic positioning fusion method based on multi-point cooperation can provide technical support for network cross-domain cooperative combat.
In order to solve the problem of accurate positioning of the IP geographic position of a network target node, the invention provides an IP geographic positioning theory based on multi-point cooperation on the basis of establishing a search theory of an adjacent reference node, establishes an IP geographic positioning fusion algorithm based on multi-point cooperation, constructs an IP geographic positioning error analysis method based on multi-point cooperation, designs and realizes an overall solution of an IP geographic positioning system based on DoS attack, improves the accuracy of IP geographic position positioning, and can provide technical support for cross-domain collaborative combat of a network.
The overall solution of the IP geolocation system based on DoS attack is to use the centroid coordinate of the overlapped region as the physical address of the measurement target, but the actual physical address of the target may be the geographic coordinate of any point in the overlapped region, so there is a certain error in the IP geolocation based on multi-point coordination, and the area of the overlapped region may be used as the geolocation error.
Aiming at the problem that the IP geographical position of a network target node cannot be accurately positioned in the existing IP geographical positioning technology, the invention provides an IP geographical positioning theory based on multi-point cooperation on the basis of obtaining a plurality of adjacent reference nodes of the target node through a DoS attack test, establishes an IP geographical positioning fusion algorithm based on multi-point cooperation, establishes an IP geographical positioning error analysis method based on multi-point cooperation, designs and realizes an IP geographical positioning system overall solution based on DoS attack, improves the accuracy of IP geographical position positioning and solves the problem of the IP geographical position accurate positioning of the network target node. For civil use, the overall solution of the IP geographic positioning system based on the DoS attack can help network application to improve performance, improve safety and provide new services; in military affairs, the IP geographic positioning fusion method based on multi-point cooperation can provide technical support for network cross-domain cooperative combat
Description of the figures
FIG. 1 is a block diagram of an IP geolocation system of the present invention.
FIG. 2 is a diagram of the overall architecture of an IP geolocation system.
FIG. 3 is a flow chart of an implementation of the overall process of the network IP geolocation system;
FIG. 4 is a diagram of a network measurement path adjacent to reference node B1;
FIG. 5 is a diagram of a network measurement path adjacent to reference node B2;
FIG. 6 is a diagram of a network measurement path adjacent to reference node B3;
FIG. 7 is a diagram of a network measurement path adjacent to reference node B4;
fig. 8 is a block diagram of an IP geolocation based on multipoint coordination.
Detailed Description
As shown in fig. 1,2, 3, 4, 5, 6, 7, and 8, an overall processing method of a network IP geolocation system is based on a multipoint coordination IP geolocation module, establishes a multipoint coordination based IP geolocation fusion algorithm module, establishes a multipoint coordination based IP geolocation error analysis method module, designs and implements a DoS attack based IP geolocation system overall solution, improves the accuracy of IP geolocation positioning, and can provide technical support for network cross-domain collaborative combat.
The processing method adopts a method similar to triangulation to determine the position of the tested host. And forming an overlapping area by the distance ranges from all the adjacent reference nodes to the target host, and taking the centroid coordinates of the overlapping area as the actual physical address of the measurement target to obtain the geographic position of the measurement target. The overall solution of the IP geolocation system based on DoS attack is to use the centroid coordinate of the overlapped region as the physical address of the measurement target, but the actual physical address of the target may be the geographic coordinate of any point in the overlapped region, so there is a certain error in the IP geolocation based on multi-point coordination, and the area of the overlapped region may be used as the geolocation error.
A network IP geographic positioning system overall processing method adopts a triangular positioning method to determine the position of a measured host, the distance ranges from all adjacent reference nodes to a target host form an overlapping area, and the centroid coordinates of the overlapping area are used as the actual physical address of a measuring target to obtain the geographic position of the measuring target; the method comprises the following specific steps:
step 1: the IP geographical positioning adjacent reference node searching module is used for:
STEP.1 neighbor reference node search
Network measurement path adjacent to reference node B1: t is a target node; m1 and M2 are measuring nodes and send network measuring path data packets to a target node; b1 is the IP geographical position reference value nearest to the target node on the network measurement path; a is a network attack node;
according to the measured IP of the target host, measuring network path, comparing the measured IP with the IP geographical position reference library to obtain a neighboring reference node which is closest to the target IP on the network measured path, and measuring the distance from the target host to the neighboring reference node;
STEP.2DoS attack test
The attack host implements DoS attack to the known adjacent reference node and refuses service attack; blocking the known adjacent reference nodes to enable the known adjacent reference nodes not to be normally routed, so that network measurement paths which pass through the known adjacent reference nodes and reach the target nodes are not communicated;
STEP.3 DoS attack-based neighboring reference node search
Performing DoS attack on the known adjacent reference node, measuring a network path to obtain a new adjacent reference node of the target IP, and measuring the distance from the target host to the new adjacent reference node;
network measurement path adjacent to reference node B2: t is a target node; m1 and M2 are measuring nodes and send network measuring path data packets to a target node; b1 is a known adjacent reference node, B2 is an IP geographical position reference value which is closest to a target node on a network measurement path; a is a network attack node, and a DoS data packet is sent to a known adjacent reference node;
network measurement path adjacent to reference node B3: t is a target node; m1 and M2 are measuring nodes and send network measuring path data packets to a target node; b1 and B2 are known adjacent reference nodes, B3 is an IP geographical position reference value which is closest to a target node on a network measurement path; a is a network attack node, and a DoS data packet is sent to a known adjacent reference node;
network measurement path adjacent to reference node B4: t is a target node; m1 and M2 are measuring nodes and send network measuring path data packets to a target node; b1, B2 and B3 are known adjacent reference nodes, B4 is an IP geographical position reference value closest to a target node on a network measurement path; a is a network attack node, and a DoS data packet is sent to a known adjacent reference node;
step 2: the IP geographic positioning module is used for determining the position of the tested host by adopting a method similar to triangular positioning based on the multi-point cooperative IP geographic positioning module; assuming that there is a linear relationship between the time delay and the geographical distance, as shown in equation (1):
ri=m×c×(xi-bi) (1)
wherein d isiRepresenting a reference node BiGeographical distance, x, to node T under testiRepresenting the time delay between two nodes, biSome local delay representing a reference node, such as congestion delay; m is a conversion coefficient, m: m is more than 0 and less than 1, and c is the speed of light; estimating the distance from the tested host to the reference node probabilistically, forming an overlapping area when the number of the reference nodes is more than 2, and determining the position of the tested host by taking the centroid coordinate of the overlapping area as the actual physical address of the measuring target;
and step 3: IP geographical positioning fusion algorithm module
Inputting: n circular regions whose intersection is not empty { (x)i,yi,ri) N, where x is 1,2i,yiIs a circle center coordinate and riIs the radius of the circle;
and (3) outputting: n circular regions { (x)i,yi,ri) 1, 2.. n. centroid coordinates (c _ x, c _ y) and area Ar of the intersection portion;
step.1, setting the granularity of an x axis and a y axis as g _ x and g _ y respectively;
Step.2. rectangle region of interval { mix≤x≤max,miy≤y≤mayDiscretizing with x-axis granularity g _ x and y-axis granularity g _ y, where mi isx=min1≤i≤n{xi-ri},max=max1≤i≤n{xi+ri},miy=min1≤i≤n{yi-ri},may=max1≤i≤n{yi+ri}; that is, the set of discretized coordinate points is DS { (x, y) | x ═ mi { (x, y) |x+j×g_x,y=miy+ kXg _ y }, where j is 0 ≦ j ≦ fix ((ma) ≦x-mix)/g_x,0≤k≤fix((may-miy) /g _ y) and the fix () function represents a take down integer };
step.3, the set of the discrete coordinate points of the multi-circle intersection region is DS n S; the centroid coordinates c _ x, c _ y are calculated as follows:
wherein the | · | | function represents the potential of the set;
and 4, step 4: IP geographical positioning error analysis module:
the IP geographical positioning module based on the multi-point coordination takes the centroid coordinate of the overlapped area as the physical address of the measurement target, and because the actual physical address of the target is the geographical coordinate of any point in the overlapped area, the IP geographical positioning based on the multi-point coordination has an error, and the area of the overlapped area is taken as the geographical positioning error for precision analysis; solving the area of the overlapped region, discretizing the overlapped region by set granularity, and then solving the area of the overlapped region on the basis;
step.4, based on the fact that the multi-circle intersection region is a convex set, calculating the area Ar: computing
Let n be (x)max-xmin) /g _ x, where n is an integer;
then the following results are obtained:
and 5: the general architecture of the IP geolocation system based on DoS attacks is shown in fig. 2.
The overall architecture of the solution of the IP geographic positioning system based on the DoS attack is as follows: the target host IP is respectively connected with the network path measuring module and the DoS attack module through the IP geographical positioning scheduling module; the output ends of the network path measuring module and the DoS attack module are respectively connected with the adjacent reference node searching module through the target network module; the output end of the adjacent reference node searching module is connected with the IP geographical positioning error analysis module through the IP geographical positioning fusion algorithm module; the data output end of the IP geographic positioning scheduling module is connected with the adjacent reference node searching module through the IP geographic position reference library; and the data end of the IP geographical positioning fusion algorithm module is connected with the data end of the IP geographical positioning scheduling module.
The working flow of the IP geographic positioning system solution based on the DoS attack is shown in figure 3.
According to the measured IP of the target host, the network path measuring module measures network paths, the adjacent reference node searching module compares the IP geographic position reference library to obtain the adjacent reference node which is closest to the target IP on the network measuring paths, and the distance from the target host to the adjacent reference node is measured;
performing DoS attack on the known adjacent reference nodes through a DoS attack module, measuring network paths to obtain new adjacent reference nodes of the target IP, and measuring the distance from the target host to the new adjacent reference nodes;
forming an overlapping area in the distance range from all the adjacent reference nodes to the target host, and taking the centroid coordinates of the overlapping area as the actual physical address of the measurement target to obtain the geographic position of the measurement target;
the IP geographic positioning module based on the multi-point coordination takes the centroid coordinate of the overlapped area as the physical address of the measurement target, the actual physical address of the target is the geographic coordinate of any point in the overlapped area, therefore, the IP geographic positioning based on the multi-point coordination has errors, and the area of the overlapped area is taken as the geographic positioning error.
Claims (1)
1. An overall processing method of a network IP geographical positioning system is characterized in that: determining the position of a tested host by adopting a triangulation method, forming an overlapping area by the distance range from all adjacent reference nodes to a target host, and taking the centroid coordinate of the overlapping area as the actual physical address of a measuring target to obtain the geographic position of the measuring target; the method comprises the following specific steps:
step 1: the IP geographical positioning adjacent reference node searching module is used for:
STEP.1 neighbor reference node search
Network measurement path adjacent to reference node B1: t is a target node; m1 and M2 are measuring nodes and send network measuring path data packets to a target node; b1 is the IP geographical position reference node nearest to the target node on the network measurement path; a is a network attack node;
according to the measured IP of the target host, measuring network path, comparing the measured IP with the IP geographical position reference library to obtain a neighboring reference node which is closest to the target IP on the network measured path, and measuring the distance from the target host to the neighboring reference node;
STEP.2DoS attack test
The attack host implements DoS attack to the known adjacent reference node and refuses service attack; blocking the known adjacent reference nodes to enable the known adjacent reference nodes not to be normally routed, so that network measurement paths which pass through the known adjacent reference nodes and reach the target nodes are not communicated;
STEP.3 DoS attack-based neighboring reference node search
Performing DoS attack on the known adjacent reference node, measuring a network path to obtain a new adjacent reference node of the target IP, and measuring the distance from the target host to the new adjacent reference node;
network measurement path adjacent to reference node B2: t is a target node; m1 and M2 are measuring nodes and send network measuring path data packets to a target node; b1 is a known adjacent reference node, B2 is an IP geographical position reference node which is closest to a target node on a network measurement path; a is a network attack node, and a DoS data packet is sent to a known adjacent reference node;
network measurement path adjacent to reference node B3: t is a target node; m1 and M2 are measuring nodes and send network measuring path data packets to a target node; b1 and B2 are known neighboring reference nodes, B3 is the IP geographical position reference node closest to the target node on the network measurement path; a is a network attack node, and a DoS data packet is sent to a known adjacent reference node;
network measurement path adjacent to reference node B4: t is a target node; m1 and M2 are measuring nodes and send network measuring path data packets to a target node; b1, B2 and B3 are known neighboring reference nodes, B4 is the IP geographical location reference node closest to the target node on the network measurement path; a is a network attack node, and a DoS data packet is sent to a known adjacent reference node;
step 2: the IP geographic positioning module is used for determining the position of the tested host by adopting a method similar to triangular positioning based on the multi-point cooperative IP geographic positioning module; assuming that there is a linear relationship between the time delay and the geographical distance, as shown in equation (1):
ri=m×c×(xi-bi) (1)
wherein d isiRepresenting a reference node BiGeographical distance, x, to node T under testiRepresenting the time delay between two nodes, biSome local delay representing a reference node, such as congestion delay; m is a conversion coefficient, m: 0<m<1, c is the speed of light; estimating the distance from the tested host to the reference node probabilistically, forming an overlapping area when the number of the reference nodes is more than 2, and determining the position of the tested host by taking the centroid coordinate of the overlapping area as the actual physical address of the measuring target;
and step 3: IP geographical positioning fusion algorithm module
Inputting: n circular regions whose intersection is not empty { (x)i,yi,ri) N, where x is 1,2i,yiIs a circle center coordinate and riIs the radius of the circle;
and (3) outputting: n circular regions { (x)i,yi,ri) 1, 2.. n. centroid coordinates (c _ x, c _ y) and area Ar of the intersection portion;
step.1, setting the granularity of an x axis and a y axis as g _ x and g _ y respectively;
Step.2. rectangle region of interval { mix≤x≤max,miy≤y≤mayDiscretizing with x-axis granularity g _ x and y-axis granularity g _ y, where mi isx=min1≤i≤n{xi-ri},max=max1≤i≤n{xi+ri},miy=min1≤i≤n{yi-ri},may=max1≤i≤n{yi+ri}; that is, the set of discretized coordinate points is:
DS={(x,y)|x=mix+j×g_x,y=miy+k×g_y}
wherein j is not less than 0 and not more than fix ((ma)x-mix)/g-x,0≤k≤fix((may-miy) /g _ y) and the fix () function represents a take down integer };
step.3, the set of the discrete coordinate points of the multi-circle intersection region is DS n S; the centroid coordinates c _ x, c _ y are calculated as follows:
wherein the | · | | function represents the potential of the set;
and 4, step 4: IP geographical positioning error analysis module:
the IP geographical positioning module based on the multi-point coordination takes the centroid coordinate of the overlapped area as the physical address of the measurement target, and because the actual physical address of the target is the geographical coordinate of any point in the overlapped area, the IP geographical positioning based on the multi-point coordination has an error, and the area of the overlapped area is taken as the geographical positioning error for precision analysis; solving the area of the overlapped region, discretizing the overlapped region by set granularity, and then solving the area of the overlapped region on the basis;
step.4, based on the fact that the multi-circle intersection region is a convex set, calculating the area Ar: computing
Let n be (x)max-xmin) /g _ x, where n is an integer;
then the following results are obtained:
and 5: IP geographical positioning system overall architecture based on DoS attack
The overall architecture of the solution of the IP geographic positioning system based on the DoS attack is as follows: the target host IP is respectively connected with the network path measuring module and the DoS attack module through the IP geographical positioning scheduling module; the output ends of the network path measuring module and the DoS attack module are respectively connected with the adjacent reference node searching module through the target network module; the output end of the adjacent reference node searching module is connected with the IP geographical positioning error analysis module through the IP geographical positioning fusion algorithm module; the data output end of the IP geographic positioning scheduling module is connected with the adjacent reference node searching module through the IP geographic position reference library; the data end of the IP geographical positioning fusion algorithm module is connected with the data end of the IP geographical positioning scheduling module;
the working process of the IP geographic positioning system solution based on the DoS attack is as follows:
according to the measured IP of the target host, the network path measuring module measures network paths, the adjacent reference node searching module compares the IP geographic position reference library to obtain the adjacent reference node which is closest to the target IP on the network measuring paths, and the distance from the target host to the adjacent reference node is measured;
performing DoS attack on the known adjacent reference nodes through a DoS attack module, measuring network paths to obtain new adjacent reference nodes of the target IP, and measuring the distance from the target host to the new adjacent reference nodes;
forming an overlapping area in the distance range from all the adjacent reference nodes to the target host, and taking the centroid coordinates of the overlapping area as the actual physical address of the measurement target to obtain the geographic position of the measurement target; the IP geographic positioning module based on the multi-point coordination takes the centroid coordinate of the overlapped area as the physical address of the measurement target, the actual physical address of the target is the geographic coordinate of any point in the overlapped area, therefore, the IP geographic positioning based on the multi-point coordination has errors, and the area of the overlapped area is taken as the geographic positioning error.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910436919.8A CN110300368B (en) | 2019-05-24 | 2019-05-24 | IP geographical positioning system overall processing method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910436919.8A CN110300368B (en) | 2019-05-24 | 2019-05-24 | IP geographical positioning system overall processing method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110300368A CN110300368A (en) | 2019-10-01 |
CN110300368B true CN110300368B (en) | 2021-01-01 |
Family
ID=68027131
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910436919.8A Active CN110300368B (en) | 2019-05-24 | 2019-05-24 | IP geographical positioning system overall processing method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110300368B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113824810A (en) * | 2021-08-23 | 2021-12-21 | 南京莱克贝尔信息技术有限公司 | Target-driven IP address geographic position inference method |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101222317A (en) * | 2007-11-29 | 2008-07-16 | 哈尔滨工程大学 | Depth-first attack drawing generating method |
CN105991639A (en) * | 2015-07-08 | 2016-10-05 | 北京匡恩网络科技有限责任公司 | Network attack path analysis method |
CN106453417A (en) * | 2016-12-05 | 2017-02-22 | 国网浙江省电力公司电力科学研究院 | Network attack target prediction method based on neighbor similarity |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7336175B2 (en) * | 2004-05-13 | 2008-02-26 | Cisco Technology, Inc. | Methods and devices for locating and uniquely provisioning RFID devices |
CN105245627B (en) * | 2015-08-31 | 2019-01-18 | 罗向阳 | A kind of IP localization method based on network coordinate system |
CN109688107B (en) * | 2018-11-20 | 2021-11-09 | 西安电子科技大学 | Cloud data safety positioning method based on integrity audit and communication time delay |
-
2019
- 2019-05-24 CN CN201910436919.8A patent/CN110300368B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101222317A (en) * | 2007-11-29 | 2008-07-16 | 哈尔滨工程大学 | Depth-first attack drawing generating method |
CN105991639A (en) * | 2015-07-08 | 2016-10-05 | 北京匡恩网络科技有限责任公司 | Network attack path analysis method |
CN106453417A (en) * | 2016-12-05 | 2017-02-22 | 国网浙江省电力公司电力科学研究院 | Network attack target prediction method based on neighbor similarity |
Also Published As
Publication number | Publication date |
---|---|
CN110300368A (en) | 2019-10-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Katz-Bassett et al. | Towards IP geolocation using delay and topology measurements | |
Wu et al. | A novel range-free localization based on regulated neighborhood distance for wireless ad hoc and sensor networks | |
Ng et al. | Towards global network positioning | |
Xiao et al. | Reliable anchor-based sensor localization in irregular areas | |
Niculescu et al. | Error characteristics of ad hoc positioning systems (APS) | |
Chen et al. | Phoenix: A weight-based network coordinate system using matrix factorization | |
CN110474843B (en) | IP positioning method based on route hop count | |
CN104506591A (en) | Target IP (Internet protocol) geographic position locating method based on nearest common router | |
CN105245627B (en) | A kind of IP localization method based on network coordinate system | |
Zhao et al. | IP Geolocation based on identification routers and local delay distribution similarity | |
CN105262849B (en) | IP localization methods based on tolerable error | |
CN103973837A (en) | Method and device for determining physical location information | |
Lim et al. | Distributed localization for anisotropic sensor networks | |
WO2019001175A1 (en) | Positioning offset correction method and apparatus | |
Chen et al. | Towards IP location estimation using the nearest common router | |
Huang et al. | CTS: A cellular-based trajectory tracking system with GPS-level accuracy | |
CN110300368B (en) | IP geographical positioning system overall processing method | |
Chen et al. | A landmark calibration-based IP geolocation approach | |
Hillmann et al. | On the path to high precise ip geolocation: A self-optimizing model | |
CN111711707B (en) | IP address positioning method based on neighbor relation | |
CN104093206B (en) | It is a kind of based on the network node of underwater sensor method for self-locating for mixing constraint satisfaction | |
Zhang et al. | Towards unique and anchor-free localization for wireless sensor networks | |
Eriksson et al. | Posit: An adaptive framework for lightweight ip geolocation | |
Xiang et al. | No-jump-into-latency in china's internet! toward last-mile hop count based ip geo-localization | |
CN105245628B (en) | A kind of network entity geographic position locating method suitable for Weak link network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |