CN110300368B - IP geographical positioning system overall processing method - Google Patents

Abstract

The invention belongs to the technical field of network security, and discloses a network IP geographical positioning system overall processing method, which adopts a triangulation method to determine the position of a measured host, forms an overlapping area in the distance range from all adjacent reference nodes to a target host, and obtains the geographical position of the target by taking the centroid coordinate of the overlapping area as the actual physical address of the measured target. The invention improves the accuracy of IP geographical position positioning and solves the problem of accurate positioning of the IP geographical position of the network target node. For civil use, the overall solution of the IP geographic positioning system based on the DoS attack can help network application to improve performance, improve safety and provide new services; in military affairs, the IP geographic positioning fusion method based on multi-point cooperation can provide technical support for network cross-domain cooperative combat.

Description

IP geographical positioning system overall processing method

Technical Field

The invention belongs to the technical field of network security, and particularly relates to a network IP geographical positioning system overall processing method.

Background

The basic method of network IP geolocation is to estimate its geographic location using the name of the IP device, registration information, or latency information. The basic principle of positioning algorithm design is as follows: on the premise of ensuring the positioning accuracy, the method reduces the measurement overhead as much as possible, has good expansibility and can protect the privacy of users. The initial location algorithm infers the geographic location of the IP device by querying or mining the information implied in the host Name to the DNS, Domain Name System, servers of the Domain Name System. Some positioning algorithms then estimate the host location based on a linear relationship between time delay and geographic distance, and reduce the positioning error through topological information. In recent years, probability-based positioning algorithms become a research hotspot again, positioning is performed by searching for a distribution rule of time delay and geographic distance, and although improvement is continuously performed, the two types of algorithms cannot accurately position the IP geographic position of a target node because of the lack of adjacent reference nodes of a plurality of target nodes and no related fusion algorithm.

The overall solution for IP geolocation systems is very difficult and challenging, and no relevant research results have been seen in the currently published literature.

Disclosure of Invention

In order to solve the problem of accurate positioning of the IP geographical position of a network target node, the invention provides a general processing method of a network IP geographical positioning system on the basis of establishing a search theory of adjacent reference nodes.

In order to achieve the purpose, the invention adopts the following technical scheme:

a network IP geographic positioning system overall processing method adopts a triangular positioning method to determine the position of a measured host, the distance ranges from all adjacent reference nodes to a target host form an overlapping area, and the centroid coordinates of the overlapping area are used as the actual physical address of a measuring target to obtain the geographic position of the measuring target; the method comprises the following specific steps:

step 1: IP geographical positioning adjacent reference node searching module:

STEP.1 neighbor reference node search

Network measurement path adjacent to reference node B1: t is a target node; m1 and M2 are measuring nodes and send network measuring path data packets to a target node; b1 is the IP geographical position reference value nearest to the target node on the network measurement path; a is a network attack node;

according to the measured IP of the target host, measuring network path, comparing the measured IP with the IP geographical position reference library to obtain a neighboring reference node which is closest to the target IP on the network measured path, and measuring the distance from the target host to the neighboring reference node;

STEP.2DoS attack test

The attack host implements DoS attack to the known adjacent reference node and refuses service attack; blocking the known adjacent reference nodes to enable the known adjacent reference nodes not to be normally routed, so that network measurement paths which pass through the known adjacent reference nodes and reach the target nodes are not communicated;

STEP.3 DoS attack-based neighboring reference node search

Performing DoS attack on the known adjacent reference node, measuring a network path to obtain a new adjacent reference node of the target IP, and measuring the distance from the target host to the new adjacent reference node;

network measurement path adjacent to reference node B2: t is a target node; m1 and M2 are measuring nodes and send network measuring path data packets to a target node; b1 is a known adjacent reference node, B2 is an IP geographical position reference value which is closest to a target node on a network measurement path; a is a network attack node, and a DoS data packet is sent to a known adjacent reference node;

network measurement path adjacent to reference node B3: t is a target node; m1 and M2 are measuring nodes and send network measuring path data packets to a target node; b1 and B2 are known adjacent reference nodes, B3 is an IP geographical position reference value which is closest to a target node on a network measurement path; a is a network attack node, and a DoS data packet is sent to a known adjacent reference node;

network measurement path adjacent to reference node B4: t is a target node; m1 and M2 are measuring nodes and send network measuring path data packets to a target node; b1, B2 and B3 are known adjacent reference nodes, B4 is an IP geographical position reference value closest to a target node on a network measurement path; a is a network attack node, and a DoS data packet is sent to a known adjacent reference node;

step 2: the IP geographic positioning module is used for determining the position of the tested host by adopting a method similar to triangular positioning based on the multi-point cooperative IP geographic positioning module; assuming that there is a linear relationship between the time delay and the geographical distance, as shown in equation (1):

r_i＝m×c×(x_i-b_i) (1)

wherein d is_iRepresenting a reference node B_iGeographical distance, x, to node T under test_iRepresenting the time delay between two nodes, b_iSome local delay representing a reference node, such as congestion delay; m is a conversion coefficient, m: m is more than 0 and less than 1, and c is the speed of light; estimating the distance from the tested host to the reference node probabilistically, forming an overlapping area when the number of the reference nodes is more than 2, and determining the position of the tested host by taking the centroid coordinate of the overlapping area as the actual physical address of the measuring target;

and step 3: IP geographical positioning fusion algorithm module

Inputting: n circular regions whose intersection is not empty { (x)_i，y_i，r_i) N, where x is 1,2_i，y_iIs a circle center coordinate and r_iIs the radius of the circle;

and (3) outputting: n circular regions { (x)_i，y_i，r_i) 1, 2.. n. centroid coordinates (c _ x, c _ y) and area Ar of the intersection portion;

step.1, setting the granularity of an x axis and a y axis as g _ x and g _ y respectively;

and set a set of constraints as

Step.2. rectangle region of interval { mi_x≤x≤ma_x，mi_y≤y≤ma_yDiscretizing with x-axis granularity g _ x and y-axis granularity g _ y, where mi is_x＝min_1≤i≤n{x_i-r_i}，ma_xmax_1≤i≤n{x_i+r_i}，mi_y＝min_1≤i≤n{y_i-r_i}，ma_y＝max_1≤i≤n{y_i+r_i}; that is, the set of discretized coordinate points is DS { (x, y) | x ═ mi { (x, y) |_x+j×g_x，y＝mi_y+ kXg _ y }, where j is 0 ≦ j ≦ fix ((ma) ≦_x-mi_x)/g_x，0≤k≤fix((ma_y-mi_y) /g _ y) and the fix () function represents a take down integer };

step.3, the set of the discrete coordinate points of the multi-circle intersection region is DS n S; the centroid coordinates c _ x, c _ y are calculated as follows:

wherein the | · | | function represents the potential of the set;

and 4, step 4: IP geographical positioning error analysis module:

the IP geographical positioning module based on the multi-point coordination takes the centroid coordinate of the overlapped area as the physical address of the measurement target, and because the actual physical address of the target is the geographical coordinate of any point in the overlapped area, the IP geographical positioning based on the multi-point coordination has an error, and the area of the overlapped area is taken as the geographical positioning error for precision analysis; solving the area of the overlapped region, discretizing the overlapped region by set granularity, and then solving the area of the overlapped region on the basis;

step.4, based on the fact that the multi-circle intersection region is a convex set, calculating the area Ar: computing

Let n be (x)_max-x_min) /g _ x, where n is an integer;

then the following results are obtained:

and 5: IP geographical positioning system overall architecture based on DoS attack

The overall architecture of the solution of the IP geographic positioning system based on the DoS attack is as follows: the target host IP is respectively connected with the network path measuring module and the DoS attack module through the IP geographical positioning scheduling module; the output ends of the network path measuring module and the DoS attack module are respectively connected with the adjacent reference node searching module through the target network module; the output end of the adjacent reference node searching module is connected with the IP geographical positioning error analysis module through the IP geographical positioning fusion algorithm module; the data output end of the IP geographic positioning scheduling module is connected with the adjacent reference node searching module through the IP geographic position reference library; and the data end of the IP geographical positioning fusion algorithm module is connected with the data end of the IP geographical positioning scheduling module.

The working process of the IP geographic positioning system solution based on the DoS attack is as follows:

according to the measured IP of the target host, the network path measuring module measures network paths, the adjacent reference node searching module compares the IP geographic position reference library to obtain the adjacent reference node which is closest to the target IP on the network measuring paths, and the distance from the target host to the adjacent reference node is measured;

performing DoS attack on the known adjacent reference nodes through a DoS attack module, measuring network paths to obtain new adjacent reference nodes of the target IP, and measuring the distance from the target host to the new adjacent reference nodes;

forming an overlapping area in the distance range from all the adjacent reference nodes to the target host, and taking the centroid coordinates of the overlapping area as the actual physical address of the measurement target to obtain the geographic position of the measurement target;

the IP geographic positioning module based on the multi-point coordination takes the centroid coordinate of the overlapped area as the physical address of the measurement target, the actual physical address of the target is the geographic coordinate of any point in the overlapped area, therefore, the IP geographic positioning based on the multi-point coordination has errors, and the area of the overlapped area is taken as the geographic positioning error.

Due to the adoption of the technical scheme, the invention has the following advantages:

aiming at the problem that the IP geographical position of a network target node cannot be accurately positioned in the existing IP geographical positioning technology, the invention provides an IP geographical positioning module based on multi-point coordination on the basis of obtaining a plurality of adjacent reference nodes of the target node through a DoS attack test, establishes an IP geographical positioning fusion algorithm module based on multi-point coordination, establishes an IP geographical positioning error analysis module based on multi-point coordination, designs and realizes an IP geographical positioning system overall solution based on DoS attack, improves the accuracy of IP geographical position positioning and solves the problem of the IP geographical position accurate positioning of the network target node. For civil use, the overall solution of the IP geographic positioning system based on the DoS attack can help network application to improve performance, improve safety and provide new services; in military affairs, the IP geographic positioning fusion method based on multi-point cooperation can provide technical support for network cross-domain cooperative combat.

In order to solve the problem of accurate positioning of the IP geographic position of a network target node, the invention provides an IP geographic positioning theory based on multi-point cooperation on the basis of establishing a search theory of an adjacent reference node, establishes an IP geographic positioning fusion algorithm based on multi-point cooperation, constructs an IP geographic positioning error analysis method based on multi-point cooperation, designs and realizes an overall solution of an IP geographic positioning system based on DoS attack, improves the accuracy of IP geographic position positioning, and can provide technical support for cross-domain collaborative combat of a network.

The overall solution of the IP geolocation system based on DoS attack is to use the centroid coordinate of the overlapped region as the physical address of the measurement target, but the actual physical address of the target may be the geographic coordinate of any point in the overlapped region, so there is a certain error in the IP geolocation based on multi-point coordination, and the area of the overlapped region may be used as the geolocation error.

Aiming at the problem that the IP geographical position of a network target node cannot be accurately positioned in the existing IP geographical positioning technology, the invention provides an IP geographical positioning theory based on multi-point cooperation on the basis of obtaining a plurality of adjacent reference nodes of the target node through a DoS attack test, establishes an IP geographical positioning fusion algorithm based on multi-point cooperation, establishes an IP geographical positioning error analysis method based on multi-point cooperation, designs and realizes an IP geographical positioning system overall solution based on DoS attack, improves the accuracy of IP geographical position positioning and solves the problem of the IP geographical position accurate positioning of the network target node. For civil use, the overall solution of the IP geographic positioning system based on the DoS attack can help network application to improve performance, improve safety and provide new services; in military affairs, the IP geographic positioning fusion method based on multi-point cooperation can provide technical support for network cross-domain cooperative combat

Description of the figures

FIG. 1 is a block diagram of an IP geolocation system of the present invention.

FIG. 2 is a diagram of the overall architecture of an IP geolocation system.

FIG. 3 is a flow chart of an implementation of the overall process of the network IP geolocation system;

FIG. 4 is a diagram of a network measurement path adjacent to reference node B1;

FIG. 5 is a diagram of a network measurement path adjacent to reference node B2;

FIG. 6 is a diagram of a network measurement path adjacent to reference node B3;

FIG. 7 is a diagram of a network measurement path adjacent to reference node B4;

fig. 8 is a block diagram of an IP geolocation based on multipoint coordination.

Detailed Description

As shown in fig. 1,2, 3, 4, 5, 6, 7, and 8, an overall processing method of a network IP geolocation system is based on a multipoint coordination IP geolocation module, establishes a multipoint coordination based IP geolocation fusion algorithm module, establishes a multipoint coordination based IP geolocation error analysis method module, designs and implements a DoS attack based IP geolocation system overall solution, improves the accuracy of IP geolocation positioning, and can provide technical support for network cross-domain collaborative combat.

The processing method adopts a method similar to triangulation to determine the position of the tested host. And forming an overlapping area by the distance ranges from all the adjacent reference nodes to the target host, and taking the centroid coordinates of the overlapping area as the actual physical address of the measurement target to obtain the geographic position of the measurement target. The overall solution of the IP geolocation system based on DoS attack is to use the centroid coordinate of the overlapped region as the physical address of the measurement target, but the actual physical address of the target may be the geographic coordinate of any point in the overlapped region, so there is a certain error in the IP geolocation based on multi-point coordination, and the area of the overlapped region may be used as the geolocation error.

A network IP geographic positioning system overall processing method adopts a triangular positioning method to determine the position of a measured host, the distance ranges from all adjacent reference nodes to a target host form an overlapping area, and the centroid coordinates of the overlapping area are used as the actual physical address of a measuring target to obtain the geographic position of the measuring target; the method comprises the following specific steps:

step 1: the IP geographical positioning adjacent reference node searching module is used for:

STEP.1 neighbor reference node search

Network measurement path adjacent to reference node B1: t is a target node; m1 and M2 are measuring nodes and send network measuring path data packets to a target node; b1 is the IP geographical position reference value nearest to the target node on the network measurement path; a is a network attack node;

according to the measured IP of the target host, measuring network path, comparing the measured IP with the IP geographical position reference library to obtain a neighboring reference node which is closest to the target IP on the network measured path, and measuring the distance from the target host to the neighboring reference node;

STEP.2DoS attack test

The attack host implements DoS attack to the known adjacent reference node and refuses service attack; blocking the known adjacent reference nodes to enable the known adjacent reference nodes not to be normally routed, so that network measurement paths which pass through the known adjacent reference nodes and reach the target nodes are not communicated;

STEP.3 DoS attack-based neighboring reference node search

Performing DoS attack on the known adjacent reference node, measuring a network path to obtain a new adjacent reference node of the target IP, and measuring the distance from the target host to the new adjacent reference node;

network measurement path adjacent to reference node B2: t is a target node; m1 and M2 are measuring nodes and send network measuring path data packets to a target node; b1 is a known adjacent reference node, B2 is an IP geographical position reference value which is closest to a target node on a network measurement path; a is a network attack node, and a DoS data packet is sent to a known adjacent reference node;

network measurement path adjacent to reference node B3: t is a target node; m1 and M2 are measuring nodes and send network measuring path data packets to a target node; b1 and B2 are known adjacent reference nodes, B3 is an IP geographical position reference value which is closest to a target node on a network measurement path; a is a network attack node, and a DoS data packet is sent to a known adjacent reference node;

network measurement path adjacent to reference node B4: t is a target node; m1 and M2 are measuring nodes and send network measuring path data packets to a target node; b1, B2 and B3 are known adjacent reference nodes, B4 is an IP geographical position reference value closest to a target node on a network measurement path; a is a network attack node, and a DoS data packet is sent to a known adjacent reference node;

step 2: the IP geographic positioning module is used for determining the position of the tested host by adopting a method similar to triangular positioning based on the multi-point cooperative IP geographic positioning module; assuming that there is a linear relationship between the time delay and the geographical distance, as shown in equation (1):

r_i＝m×c×(x_i-b_i) (1)

wherein d is_iRepresenting a reference node B_iGeographical distance, x, to node T under test_iRepresenting the time delay between two nodes, b_iSome local delay representing a reference node, such as congestion delay; m is a conversion coefficient, m: m is more than 0 and less than 1, and c is the speed of light; estimating the distance from the tested host to the reference node probabilistically, forming an overlapping area when the number of the reference nodes is more than 2, and determining the position of the tested host by taking the centroid coordinate of the overlapping area as the actual physical address of the measuring target;

and step 3: IP geographical positioning fusion algorithm module

Inputting: n circular regions whose intersection is not empty { (x)_i，y_i，r_i) N, where x is 1,2_i，y_iIs a circle center coordinate and r_iIs the radius of the circle;

and (3) outputting: n circular regions { (x)_i，y_i，r_i) 1, 2.. n. centroid coordinates (c _ x, c _ y) and area Ar of the intersection portion;

step.1, setting the granularity of an x axis and a y axis as g _ x and g _ y respectively;

and set a set of constraints as

Step.2. rectangle region of interval { mi_x≤x≤ma_x，mi_y≤y≤ma_yDiscretizing with x-axis granularity g _ x and y-axis granularity g _ y, where mi is_x＝min_1≤i≤n{x_i-r_i}，ma_x＝max_1≤i≤n{x_i+r_i}，mi_y＝min_1≤i≤n{y_i-r_i}，ma_y＝max_1≤i≤n{y_i+r_i}; that is, the set of discretized coordinate points is DS { (x, y) | x ═ mi { (x, y) |_x+j×g_x，y＝mi_y+ kXg _ y }, where j is 0 ≦ j ≦ fix ((ma) ≦_x-mi_x)/g_x，0≤k≤fix((ma_y-mi_y) /g _ y) and the fix () function represents a take down integer };

step.3, the set of the discrete coordinate points of the multi-circle intersection region is DS n S; the centroid coordinates c _ x, c _ y are calculated as follows:

wherein the | · | | function represents the potential of the set;

and 4, step 4: IP geographical positioning error analysis module:

the IP geographical positioning module based on the multi-point coordination takes the centroid coordinate of the overlapped area as the physical address of the measurement target, and because the actual physical address of the target is the geographical coordinate of any point in the overlapped area, the IP geographical positioning based on the multi-point coordination has an error, and the area of the overlapped area is taken as the geographical positioning error for precision analysis; solving the area of the overlapped region, discretizing the overlapped region by set granularity, and then solving the area of the overlapped region on the basis;

step.4, based on the fact that the multi-circle intersection region is a convex set, calculating the area Ar: computing

Let n be (x)_max-x_min) /g _ x, where n is an integer;

then the following results are obtained:

and 5: the general architecture of the IP geolocation system based on DoS attacks is shown in fig. 2.

The overall architecture of the solution of the IP geographic positioning system based on the DoS attack is as follows: the target host IP is respectively connected with the network path measuring module and the DoS attack module through the IP geographical positioning scheduling module; the output ends of the network path measuring module and the DoS attack module are respectively connected with the adjacent reference node searching module through the target network module; the output end of the adjacent reference node searching module is connected with the IP geographical positioning error analysis module through the IP geographical positioning fusion algorithm module; the data output end of the IP geographic positioning scheduling module is connected with the adjacent reference node searching module through the IP geographic position reference library; and the data end of the IP geographical positioning fusion algorithm module is connected with the data end of the IP geographical positioning scheduling module.

The working flow of the IP geographic positioning system solution based on the DoS attack is shown in figure 3.

According to the measured IP of the target host, the network path measuring module measures network paths, the adjacent reference node searching module compares the IP geographic position reference library to obtain the adjacent reference node which is closest to the target IP on the network measuring paths, and the distance from the target host to the adjacent reference node is measured;

performing DoS attack on the known adjacent reference nodes through a DoS attack module, measuring network paths to obtain new adjacent reference nodes of the target IP, and measuring the distance from the target host to the new adjacent reference nodes;

forming an overlapping area in the distance range from all the adjacent reference nodes to the target host, and taking the centroid coordinates of the overlapping area as the actual physical address of the measurement target to obtain the geographic position of the measurement target;

the IP geographic positioning module based on the multi-point coordination takes the centroid coordinate of the overlapped area as the physical address of the measurement target, the actual physical address of the target is the geographic coordinate of any point in the overlapped area, therefore, the IP geographic positioning based on the multi-point coordination has errors, and the area of the overlapped area is taken as the geographic positioning error.

Claims (1)

1. An overall processing method of a network IP geographical positioning system is characterized in that: determining the position of a tested host by adopting a triangulation method, forming an overlapping area by the distance range from all adjacent reference nodes to a target host, and taking the centroid coordinate of the overlapping area as the actual physical address of a measuring target to obtain the geographic position of the measuring target; the method comprises the following specific steps:

step 1: the IP geographical positioning adjacent reference node searching module is used for:

STEP.1 neighbor reference node search

Network measurement path adjacent to reference node B1: t is a target node; m1 and M2 are measuring nodes and send network measuring path data packets to a target node; b1 is the IP geographical position reference node nearest to the target node on the network measurement path; a is a network attack node;

according to the measured IP of the target host, measuring network path, comparing the measured IP with the IP geographical position reference library to obtain a neighboring reference node which is closest to the target IP on the network measured path, and measuring the distance from the target host to the neighboring reference node;

STEP.2DoS attack test

The attack host implements DoS attack to the known adjacent reference node and refuses service attack; blocking the known adjacent reference nodes to enable the known adjacent reference nodes not to be normally routed, so that network measurement paths which pass through the known adjacent reference nodes and reach the target nodes are not communicated;

STEP.3 DoS attack-based neighboring reference node search

Performing DoS attack on the known adjacent reference node, measuring a network path to obtain a new adjacent reference node of the target IP, and measuring the distance from the target host to the new adjacent reference node;

network measurement path adjacent to reference node B2: t is a target node; m1 and M2 are measuring nodes and send network measuring path data packets to a target node; b1 is a known adjacent reference node, B2 is an IP geographical position reference node which is closest to a target node on a network measurement path; a is a network attack node, and a DoS data packet is sent to a known adjacent reference node;

network measurement path adjacent to reference node B3: t is a target node; m1 and M2 are measuring nodes and send network measuring path data packets to a target node; b1 and B2 are known neighboring reference nodes, B3 is the IP geographical position reference node closest to the target node on the network measurement path; a is a network attack node, and a DoS data packet is sent to a known adjacent reference node;

network measurement path adjacent to reference node B4: t is a target node; m1 and M2 are measuring nodes and send network measuring path data packets to a target node; b1, B2 and B3 are known neighboring reference nodes, B4 is the IP geographical location reference node closest to the target node on the network measurement path; a is a network attack node, and a DoS data packet is sent to a known adjacent reference node;

step 2: the IP geographic positioning module is used for determining the position of the tested host by adopting a method similar to triangular positioning based on the multi-point cooperative IP geographic positioning module; assuming that there is a linear relationship between the time delay and the geographical distance, as shown in equation (1):

r_i＝m×c×(x_i-b_i) (1)

wherein d is_iRepresenting a reference node B_iGeographical distance, x, to node T under test_iRepresenting the time delay between two nodes, b_iSome local delay representing a reference node, such as congestion delay; m is a conversion coefficient, m: 0<m<1, c is the speed of light; estimating the distance from the tested host to the reference node probabilistically, forming an overlapping area when the number of the reference nodes is more than 2, and determining the position of the tested host by taking the centroid coordinate of the overlapping area as the actual physical address of the measuring target;

and step 3: IP geographical positioning fusion algorithm module

Inputting: n circular regions whose intersection is not empty { (x)_i,y_i,r_i) N, where x is 1,2_i,y_iIs a circle center coordinate and r_iIs the radius of the circle;

and (3) outputting: n circular regions { (x)_i,y_i,r_i) 1, 2.. n. centroid coordinates (c _ x, c _ y) and area Ar of the intersection portion;

step.1, setting the granularity of an x axis and a y axis as g _ x and g _ y respectively;

and set a set of constraints as

(x-x_i)²+(y-y_i)²≤r_i ²}；

Step.2. rectangle region of interval { mi_x≤x≤ma_x,mi_y≤y≤ma_yDiscretizing with x-axis granularity g _ x and y-axis granularity g _ y, where mi is_x＝min_1≤i≤n{x_i-r_i}，ma_x＝max_1≤i≤n{x_i+r_i}，mi_y＝min_1≤i≤n{y_i-r_i}，ma_y＝max_1≤i≤n{y_i+r_i}; that is, the set of discretized coordinate points is:

DS＝{(x，y)|x＝mi_x+j×g_x，y＝mi_y+k×g_y}

wherein j is not less than 0 and not more than fix ((ma)_x-mi_x)/g-x,0≤k≤fix((ma_y-mi_y) /g _ y) and the fix () function represents a take down integer };

step.3, the set of the discrete coordinate points of the multi-circle intersection region is DS n S; the centroid coordinates c _ x, c _ y are calculated as follows:

wherein the | · | | function represents the potential of the set;

and 4, step 4: IP geographical positioning error analysis module:

the IP geographical positioning module based on the multi-point coordination takes the centroid coordinate of the overlapped area as the physical address of the measurement target, and because the actual physical address of the target is the geographical coordinate of any point in the overlapped area, the IP geographical positioning based on the multi-point coordination has an error, and the area of the overlapped area is taken as the geographical positioning error for precision analysis; solving the area of the overlapped region, discretizing the overlapped region by set granularity, and then solving the area of the overlapped region on the basis;

step.4, based on the fact that the multi-circle intersection region is a convex set, calculating the area Ar: computing

Let n be (x)_max-x_min) /g _ x, where n is an integer;

then the following results are obtained:

and 5: IP geographical positioning system overall architecture based on DoS attack

The overall architecture of the solution of the IP geographic positioning system based on the DoS attack is as follows: the target host IP is respectively connected with the network path measuring module and the DoS attack module through the IP geographical positioning scheduling module; the output ends of the network path measuring module and the DoS attack module are respectively connected with the adjacent reference node searching module through the target network module; the output end of the adjacent reference node searching module is connected with the IP geographical positioning error analysis module through the IP geographical positioning fusion algorithm module; the data output end of the IP geographic positioning scheduling module is connected with the adjacent reference node searching module through the IP geographic position reference library; the data end of the IP geographical positioning fusion algorithm module is connected with the data end of the IP geographical positioning scheduling module;

the working process of the IP geographic positioning system solution based on the DoS attack is as follows:

according to the measured IP of the target host, the network path measuring module measures network paths, the adjacent reference node searching module compares the IP geographic position reference library to obtain the adjacent reference node which is closest to the target IP on the network measuring paths, and the distance from the target host to the adjacent reference node is measured;

performing DoS attack on the known adjacent reference nodes through a DoS attack module, measuring network paths to obtain new adjacent reference nodes of the target IP, and measuring the distance from the target host to the new adjacent reference nodes;

forming an overlapping area in the distance range from all the adjacent reference nodes to the target host, and taking the centroid coordinates of the overlapping area as the actual physical address of the measurement target to obtain the geographic position of the measurement target; the IP geographic positioning module based on the multi-point coordination takes the centroid coordinate of the overlapped area as the physical address of the measurement target, the actual physical address of the target is the geographic coordinate of any point in the overlapped area, therefore, the IP geographic positioning based on the multi-point coordination has errors, and the area of the overlapped area is taken as the geographic positioning error.

Images