CN110855754A - IoT-based cloud host physical position verification method for weak network connection area - Google Patents

IoT-based cloud host physical position verification method for weak network connection area Download PDF

Info

Publication number
CN110855754A
CN110855754A CN201911014984.8A CN201911014984A CN110855754A CN 110855754 A CN110855754 A CN 110855754A CN 201911014984 A CN201911014984 A CN 201911014984A CN 110855754 A CN110855754 A CN 110855754A
Authority
CN
China
Prior art keywords
landmarks
cloud host
landmark
verification
time delay
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911014984.8A
Other languages
Chinese (zh)
Other versions
CN110855754B (en
Inventor
贾东征
刘丽敏
贾世杰
林璟锵
陈天宇
吕娜
赵欣怡
王平建
钱文飞
尤玮婧
张阳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Information Engineering of CAS
Original Assignee
Institute of Information Engineering of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Information Engineering of CAS filed Critical Institute of Information Engineering of CAS
Priority to CN201911014984.8A priority Critical patent/CN110855754B/en
Publication of CN110855754A publication Critical patent/CN110855754A/en
Application granted granted Critical
Publication of CN110855754B publication Critical patent/CN110855754B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/107Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/52Network services specially adapted for the location of the user terminal

Abstract

The invention provides an IoT-based cloud host physical position verification method in a weak network connection area, which is used for solving the problems that time delay and distance do not have a strong linear relation and positioning accuracy is low due to unreliable landmark hosts and uneven distribution.

Description

IoT-based cloud host physical position verification method for weak network connection area
Technical Field
The invention belongs to the technical field of cloud service security attribute verification, and particularly relates to a method for verifying cloud host physical location attributes in IoT-based (Internet of Things) cloud service in a weak network connection area.
Background
Cloud computing is a new computing and storage resource leasing service mode which is rapidly developed in recent years, and with the increasing maturity of cloud services (final performance of cloud computing environments), the verification of the position of a cloud host or sensitive data in the cloud services becomes a very urgent problem. On one hand, more and more services need to clearly know the physical location of the leased cloud host due to performance requirements, such as location-based content distribution, online video, data disaster tolerance, online voting, and the like; on the other hand, the user clearly knows the physical location of the leased cloud host, which is a right provided by the cloud service provider to the user through a Service Level Agreement (SLA); further, due to differences in requirements of different countries and regions in data privacy Protection, information management, and the like, applications that restrict access according to location are required to evaluate or avoid the legal risk and influence and the like caused thereby, for example, General Data Protection Regulation (GDPR) issued in the european union in 2 months in 2018 stipulates that a violating person is penalized at a maximum of 2000 ten thousand euros, or 4% of the income of the last year. Thus, verifying the physical location of the cloud host is an increasingly pressing issue of concern to one user.
Currently, cloud service providers offer different granularity of geographical area options in SLAs, such as amazon's EC2 service, to help customers achieve various goals. Because the cloud service has opacity, that is, after a user rents a Virtual Machine (VM), the VM only needs to be deployed on the cloud service provider infrastructure without maintaining hardware facilities, so that the cloud service provider is difficult to convince the physical location promised by the cloud host rented by the user. In fact, for reasons of reducing economic cost and the like, on one hand, a cloud service provider or staff thereof may try to violate the SLA and deploy VMs rented by customers to cheaper places; on the other hand, cloud service providers have the ability to enable rapid migration of computing and storage resources, in other words, cloud service providers have the ability and motivation to deploy user-rented cloud hosts to remote data centers in violation of SLA regulations. Therefore, even if the cloud service provider provides a physical location commitment in the SLA, the user needs a technique to verify whether the physical location of the leased cloud host meets the constraints of the SLA.
Compared to traditional physical hosts, cloud hosts have some unique properties: 1) fast Migration of computing and storage resources, such as Virtual Machine Migration (Virtual Machine Migration); 2) cloud hosts of different data centers send requested data packets with the same IP address, such as elastic IP (elastic IP) and the like. Therefore, common methods of determining physical hosts using IP addresses as input (e.g., Whois, DNS LOC records, traceroute, etc.) are not suitable for cloud hosts. The end-to-end delay measurement can be used to determine the location of the cloud host, but such methods generally require that the network delay be strongly linear with distance. However, such a strong linear relationship is generally only applicable to the rich network connection area, and is not applicable to the weak network connection area or the authentication effect in the weak network connection area is not ideal. Verifying the cloud host location for areas of weak network connectivity is a very challenging task.
For convenience of description in this patent application, some host location verification features will be described below in connection with this patent application.
Latency-based host authentication:
the host authentication method based on time delay mainly comprises the following steps: 1) acquiring a group of landmark hosts with known positions and wide distribution and capable of responding to network requests; 2) measuring network time delay between the landmark and the target host; 3) converting the time delay into a physical distance by adopting a certain mathematical model; 4) different geometric methods (such as triangulation) are used to translate the physical distances into position constraints and thereby estimate the position of the target host.
Delay-distance correlation coefficient:
the correlation coefficient is a quantity for researching the linear correlation degree between variables, and can be used for determining whether the network delay and the physical distance are in a linear relation or not, and sequentially determining whether the network in the target area is rich network connection or weak network connection. The specific method comprises the following steps: suppose VdelIs the variance of the time delay, VdisIs the variance of the distance, cov (del, dis) is the covariance between the delay and the distance, then the correlation coefficient Corr (del, dis) of the delay and the distance can be calculated by the following formula:
Figure BDA0002245398970000021
the absolute value range of Corr (del, dis) is [0,1], and it is known from relevant literature research that if Corr (del, dis) ≧ 0.7, the region is rich network connection; if Corr (del, dis) <0.7, then the area belongs to a moderately connected or weakly connected network connection area. Currently, only a few countries such as europe and north america belong to rich network connection regions, and most countries of the world belong to weak connection or moderate connection network regions, such as china.
Disclosure of Invention
The invention provides an IoT-based cloud host physical position verification method in a weak network connection area aiming at the safety problem of cloud host position verification in the weak network connection area, and solves the problems that time delay and distance do not have a strong linear relation and positioning accuracy is low due to unreliable landmark hosts and uneven distribution. The verification of the physical position of the host by the cloud end is realized by adopting a challenge-response mechanism, the verification method is presented in the form of a software component and directly deployed on the cloud host, and the IPcam which is widely distributed is used as a reliable landmark host with high probability through the steps of extraction, verification and cleaning; determining the position of the target host by adopting a shortest-nearest method based on voting; by the layered positioning method, the network measurement and verification overhead is effectively reduced; by the method of the time delay threshold value, time delay increase attacks of enemies, short attacks and common IP middleware attacks can be defended.
In order to solve the technical problems, the technical scheme adopted by the invention is as follows:
an IoT-based cloud host physical location verification method for a weak network connection area can be applied to software components and deployed in a cloud host to provide a service for cloud host physical location verification, and specifically, the method adopts the following technical steps:
1) preprocessing an IoT landmark, namely acquiring a reliable landmark at a high probability by collecting widely distributed IoT equipment as the landmark and through the processes of extraction, verification and cleaning;
2) a step of generating a random landmark set, which effectively reduces the measurement overhead by a layered measurement method and can also prevent the cloud service provider from time delay attack to a specific host;
3) acquiring the minimum time delay of a designated landmark and a host to be tested, and performing network measurement on each landmark and the host to be tested for multiple times, wherein the minimum time delay is used as the time delay of the landmark and the target host, so that the interference of network uncertainty is reduced;
4) and (3) verifying the physical position of the target cloud host, wherein the position verification of the cloud host is realized by adopting a shortest-nearest method based on voting.
Further, in step 1), the physical location of the cloud host is verified by the user through a host location verification method based on time delay, the method needs to distribute wide landmark hosts, and the more landmark hosts near the target area, the higher the accuracy. However, the direct deployment of landmark equipment is expensive, and in addition, the existing distributed sites are not uniformly distributed, so that it cannot be guaranteed that each city has, for example, Planetlab. The ideal method is to adopt an existing device to perform time delay measurement, the IPcam device is used as a landmark host, and the method comprises the following operations: and searching keywords to collect a large amount of IoT equipment information, and extracting, verifying and cleaning to obtain a reliable landmark host at a high probability.
Further, in step 2), the mass devices and the target cloud host perform network measurement at the same time, which means huge communication overhead, and in order to reduce measurement overhead, the present solution adopts a layered method to gradually determine the position of the cloud host, firstly determine the area position of the cloud host, and then determine the urban position of the cloud host. When the position of each layer is verified, the landmark used for determining the position of the layer is randomly selected, so that the operation delay attack of a cloud service provider is effectively prevented, and the position verification efficiency and the result of the cloud host are further influenced.
Further, in step 3), the network delay between the landmark and the target cloud host is measured by using HTTP/Get in the present invention. Due to uncertainties in the network environment (e.g., network congestion or network path modifications), the measured delay from the same landmark and target host is not valid every time. The present invention takes the minimum of multiple measurements (e.g., 15) as the latency of the landmark with the target host. To prevent the effect from cache, the URL for each measurement is combined by IP, port and a randomly generated and non-existent picture.
Further, in step 4), the invention proposes a voting-based shortest-nearest method to realize cloud host location verification in the weak connection area. Specifically, a group of landmarks near the target host is selected, and the position of the target host is determined by the positions of several landmarks with the shortest time delay. The method does not depend on whether the time delay and the distance are in a linear relation or not, so that the verification of the position of the cloud host can be realized in the weak connection area.
An IoT-based cloud host physical location verification system for a weak network connection region, comprising:
the IoT-based landmark module is used for collecting distributed IoT equipment as landmarks, extracting, verifying and cleaning the landmarks and acquiring reliable landmarks;
the generation random landmark set module is used for randomly selecting landmarks for determining the area position and the city position of the cloud host from the reliable landmarks and generating a random landmark set;
the minimum time delay obtaining module is used for measuring the network time delay between each landmark and the cloud host in the set for multiple times, and the measured minimum value is used as the time delay between the landmark and the cloud host;
the cloud host position verification module is used for selecting a plurality of first landmarks with shortest time delay, counting the positions of the landmarks and determining the position with the most landmarks as the physical position of the cloud host; the verification of the physical position of the cloud host is realized by comparing whether the determined physical position of the cloud host is consistent with the position promised by the cloud service provider in the SLA.
Furthermore, the system can be directly deployed on the cloud host in a software component form and can be based on a Windows operating system or a Linux operating system.
Compared with the prior art, the invention has the beneficial effects that:
the invention provides a shortest-nearest method based on voting, which can carry out physical position verification of a cloud host in a weak network connection area; by turning widely distributed IoT devices (such as IPCam) into reliable landmark hosts, deployment overhead is greatly reduced; the invention adopts a layered positioning method, thereby effectively reducing the measurement overhead in the verification process of the physical position of the cloud host; meanwhile, the invention can effectively defend time delay increase attack, time delay shortening attack and IP middleware attack. Finally, the accuracy and the practicability of the cloud host physical position verification in the weak connection area are greatly improved.
Drawings
Fig. 1 is a schematic diagram of a cloud host physical location verification process.
FIG. 2 is a diagram of a cloud host physical location verification framework.
Fig. 3 is a flow diagram of a voting-based shortest-nearest method.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings.
The general process of the cloud host physical location verification method according to the present invention is shown in fig. 1. The client side sends a verification request to the cloud side (step 1 in fig. 1), the verification component deployed at the cloud side performs position verification by measuring time delay with a random landmark ( steps 2 and 3 in fig. 1), and a verification result is returned to the user (step 5 in fig. 1).
Fig. 2 is a framework flow diagram of a cloud host physical location verification method. The invention relates to four main steps, which correspond respectively to four modules: the system comprises an IoT-based landmark module, a random landmark set generating module, a minimum time delay acquiring module and a cloud host position verifying module.
The IoT-based landmark is selected in the embodiment mainly from the following points that ① is widely distributed and basically ensures that each city is covered, ② stably runs and keeps the position not frequently changed, at least, the verification link ensures that the position is not changed with high probability, ③ can access through the public Internet in an HTTP/Get mode, IPcam is taken as the landmark, and IPcam is taken as the reliable landmark with high probability through the following three steps:
1) extracting IoT-based landmark links, and collecting IPCam in a coarse-grained region by setting keywords such as brand, manufacturer, model and the like;
2) and in the information verification link, the collected IPcam information is verified through a multi-source database, so that the accuracy of the IPcam is improved. In addition, in the verification link, a voting mechanism is adopted, so that the accuracy of the result is further improved;
3) and cleaning a data link, and selecting an IPcam with an open 80-series port as a landmark in order to prevent a cloud service provider from setting a port blacklist and an IP blacklist. In addition, IPCam which can be accessed through the public Internet is selected as a landmark, and the landmark which participates in measurement each time is randomly selected, so that the possibility of malicious behaviors of the cloud service provider is further reduced.
In the embodiment, the random landmark set generation module adopts a two-stage position verification method, namely area-level position verification and city-level position verification. In the area-level location verification, a large country-level jurisdiction (such as China) is divided into a plurality of areas (such as provinces, direct jurisdictions, and autonomous regions), and a certain number of IPCam are randomly selected in each area to form an area-level landmark set. In city-level location verification, a certain number of IPCam are selected from each city in the region to be tested to form a city-level landmark set. It should be noted that the greater the number of landmarks at each level, the higher the accuracy of the verification, but at the same time, the communication overhead of the network measurement is increased. In this embodiment, cloud host location verification is implemented in china, and in the area-level location verification, 13 landmarks are averagely selected in each area, and in the city-level location verification, 12 landmarks are averagely selected in each city.
In the embodiment, the minimum time delay module is obtained by measuring the time delay between the landmark and the target host for multiple times and calculating the minimum value of the group of time delays as the effective time delay. Due to the uncertainty of the network connection condition, not every measured delay can be used as the effective delay between the landmark and the target host. For this purpose, the time delay between a landmark and a target host is measured a plurality of times (e.g., 15 times), and the minimum value is used as the time delay between the landmark and the target host. However, the ICMP protocol is limited by the router and firewall, resulting in failure to respond to network requests correctly. Therefore, the time delay measurement between the hosts is completed in an HTTP/Get mode. In addition, multiple network requests between two hosts in a short time are easily affected by cache, and the like, and for this purpose, the URL of each request is set as an IP address, a port number, and a randomly generated nonexistent picture are combined.
The cloud host location verification module in an embodiment completes cloud host location verification in the weakly connected region by a voting-based shortest-nearest method. The vote represents the weight of the target host in a certain area, and specifically, a group (VN) of landmarks is selected instead of one, the landmark with the shortest delay is selected to determine the position of the target host. Wherein the time delay of VN landmarks needs to be within a certain threshold value range, namely the maximum time delay TmaxAnd minimum time delay TminAnd finally, the area/city with the most votes is used as the position of the cloud host to be detected and compared with the position in the SLA, and then the cloud service provision is determinedWhether a merchant satisfies the physical location commitment in its SLA. The specific process is as follows:
1) generating a landmark set and completing network measurement between each landmark in the set and a host to be measured;
2) acquiring the minimum time delay between each landmark and a host to be tested;
3) finding the minimum time delay (mindelay) between VN and the host to be tested, wherein Tmin≤mindelay≤Tmax
4) Counting the positions of the VN landmarks and voting, wherein the number of the landmarks contained in the positions is the number of the votes obtained, calculating the position with the most votes, and considering the union of the positions if the positions are not unique;
5) and comparing the calculated position with the position promised in the SLA of the cloud service provider, if the calculated position is consistent with the position promised in the SLA of the cloud service provider, indicating that the position promised in the SLA of the cloud service provider is the real position information of the cloud host, and if the calculated position is not the false position information, completing verification.
The above embodiments are only for illustrating the technical solutions of the present invention and not for limiting the same, and those skilled in the art can modify the technical solutions of the present invention or substitute the same without departing from the spirit and scope of the present invention, and the scope of the present invention should be determined by the claims.

Claims (10)

1. An IoT-based cloud host physical location verification method for a weak network connection area is characterized by comprising the following steps:
collecting distributed IoT equipment as landmarks, extracting, verifying and cleaning the landmarks to obtain reliable landmarks;
randomly selecting landmarks for determining the area position and the city position of the cloud host from the reliable landmarks to generate a random landmark set;
measuring network time delay between each landmark and the cloud host in the set for multiple times, and taking the measured minimum value as the time delay between the landmark and the cloud host;
selecting a plurality of first landmarks with shortest time delay, counting the positions of the plurality of landmarks, and determining the position with the most landmarks as the physical position of the cloud host;
the verification of the physical position of the cloud host is realized by comparing whether the determined physical position of the cloud host is consistent with the position promised by the cloud service provider in the SLA.
2. The method of claim 1, wherein IPCam with an open 80-series port is preferably used as a landmark.
3. The method of claim 1, wherein the conditions that should be met reliably include: each city in China has coverage; the operation is stable, the position is kept not to change frequently, and the position is kept unchanged at least when the verification is carried out by adopting the method; can be accessed in the manner of HTTP/Get and through the public Internet.
4. The method of claim 1, wherein extracting refers to extracting the landmark by setting a keyword, wherein the keyword comprises a brand, a manufacturer, a model; the verification means that the landmark is verified through a multi-source database and a voting mechanism; cleaning is to clean up landmarks that are not accessible through the public internet.
5. The method of claim 1, wherein prior to selecting the landmark that determines the regional and urban location of the cloud host, a country level of jurisdiction is divided into a plurality of regional levels, and the city level involved is determined from each regional level.
6. The method of claim 1, wherein the network latency measurement is performed by sending data from the cloud host to the landmark on a broadcast basis.
7. The method of claim 6, wherein the network latency measurement is performed by accessing a URL based on HTTP/Get, wherein the URL is a combination of an IP address, a port, and a randomly generated and non-existent picture.
8. The method of claim 1 wherein a threshold range of time delays is first determined when selecting a plurality of landmarks, and landmarks lying within the threshold range are considered to be the first plurality of landmarks having the shortest time delays.
9. An IoT-based cloud host physical location verification system for a weak network connection area, comprising:
the IoT-based landmark module is used for collecting distributed IoT equipment as landmarks, extracting, verifying and cleaning the landmarks and acquiring reliable landmarks;
the generation random landmark set module is used for randomly selecting landmarks for determining the area position and the city position of the cloud host from the reliable landmarks and generating a random landmark set;
the minimum time delay obtaining module is used for measuring the network time delay between each landmark and the cloud host in the set for multiple times, and the measured minimum value is used as the time delay between the landmark and the cloud host;
the cloud host position verification module is used for selecting a plurality of first landmarks with shortest time delay, counting the positions of the landmarks and determining the position with the most landmarks as the physical position of the cloud host; the verification of the physical position of the cloud host is realized by comparing whether the determined physical position of the cloud host is consistent with the position promised by the cloud service provider in the SLA.
10. The system of claim 9, wherein the system can be directly deployed on the cloud host in the form of software components, and can be based on a Windows operating system or a Linux operating system.
CN201911014984.8A 2019-10-24 2019-10-24 IoT-based cloud host physical position verification method for weak network connection area Active CN110855754B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911014984.8A CN110855754B (en) 2019-10-24 2019-10-24 IoT-based cloud host physical position verification method for weak network connection area

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911014984.8A CN110855754B (en) 2019-10-24 2019-10-24 IoT-based cloud host physical position verification method for weak network connection area

Publications (2)

Publication Number Publication Date
CN110855754A true CN110855754A (en) 2020-02-28
CN110855754B CN110855754B (en) 2021-11-23

Family

ID=69597598

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911014984.8A Active CN110855754B (en) 2019-10-24 2019-10-24 IoT-based cloud host physical position verification method for weak network connection area

Country Status (1)

Country Link
CN (1) CN110855754B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101701814A (en) * 2009-11-04 2010-05-05 中兴通讯股份有限公司 Method for judging spatial position of target by linkage of multi-cameras and system thereof
US20120303776A1 (en) * 2011-05-27 2012-11-29 James Michael Ferris Methods and systems for data compliance management associated with cloud migration events
US20140043428A1 (en) * 2011-07-15 2014-02-13 At&T Intellectual Property I, Lp Apparatus and method for providing media services with telepresence
CN105245628A (en) * 2015-08-31 2016-01-13 罗向阳 Network entity geographical position positioning method suitable for weak connection network
CN207399518U (en) * 2017-05-18 2018-05-22 乐鑫信息科技(上海)有限公司 A kind of alignment system based on Wi-Fi internet of things equipment networks

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101701814A (en) * 2009-11-04 2010-05-05 中兴通讯股份有限公司 Method for judging spatial position of target by linkage of multi-cameras and system thereof
US20120303776A1 (en) * 2011-05-27 2012-11-29 James Michael Ferris Methods and systems for data compliance management associated with cloud migration events
US20140043428A1 (en) * 2011-07-15 2014-02-13 At&T Intellectual Property I, Lp Apparatus and method for providing media services with telepresence
CN105245628A (en) * 2015-08-31 2016-01-13 罗向阳 Network entity geographical position positioning method suitable for weak connection network
CN207399518U (en) * 2017-05-18 2018-05-22 乐鑫信息科技(上海)有限公司 A kind of alignment system based on Wi-Fi internet of things equipment networks

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
KARYN BENSON ET AL: "Do You Know Where Your Cloud Files Are?", 《CCSW’11》 *

Also Published As

Publication number Publication date
CN110855754B (en) 2021-11-23

Similar Documents

Publication Publication Date Title
US10904277B1 (en) Threat intelligence system measuring network threat levels
Dhamdhere et al. Inferring persistent interdomain congestion
Laki et al. Spotter: A model based active geolocation service
Scott et al. Satellite: Joint analysis of {CDNs} and {Network-Level} interference
Pang et al. Availability, usage, and deployment characteristics of the domain name system
WO2017107780A1 (en) Method, device and system for recognizing illegitimate proxy for charging fraud
WO2015158193A1 (en) Method and system for providing root domain name resolution service
CN107124434B (en) Method and system for discovering DNS malicious attack traffic
CN106778260A (en) Attack detection method and device
Cangialosi et al. Ting: Measuring and exploiting latencies between all tor nodes
CN105681133A (en) Method for detecting whether DNS server can prevent network attack
CN102710770A (en) Identification method for network access equipment and implementation system for identification method
Farnan et al. Poisoning the well: Exploring the great firewall's poisoned dns responses
CN107342913B (en) Detection method and device for CDN node
Feldman et al. A structural approach for PoP geo-location
Zhao et al. IP Geolocation based on identification routers and local delay distribution similarity
US8589459B1 (en) Privacy and security enhanced internet geolocation
CN106302737A (en) The cleaning method of bench mark data in a kind of IP location technology
CN106411819A (en) Method and apparatus for recognizing proxy Internet protocol address
CN114363091A (en) Method and system for realizing unified login of platform application based on APISIX
CN107612946B (en) IP address detection method and device and electronic equipment
CN106993027B (en) Remote data storage location verification method
US11394687B2 (en) Fully qualified domain name (FQDN) determination
Chen et al. A landmark calibration-based IP geolocation approach
CN110855754B (en) IoT-based cloud host physical position verification method for weak network connection area

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant