1 / 14

SPAM Geolocation

SPAM Geolocation. Using GIS to visualize cyberspace events in a map. Introduction. SPAM Logs from Internet events have no coordinate system, only IP addresses Databases for IP Addresses Geolocation GIS for visualizing cyberspace events. Goals.

woods
Download Presentation

SPAM Geolocation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SPAM Geolocation Using GIS to visualize cyberspace events in a map.

  2. Introduction • SPAM • Logs from Internet events have no coordinate system, only IP addresses • Databases for IP Addresses Geolocation • GIS for visualizing cyberspace events

  3. Goals • Use GIS to assist an IT department to geolocate sources of SPAM and identify patterns that could help improve the IT planning and decision making.

  4. Objectives • Collect SPAM IP addresses (April 2009) • MaxMind’s database • Geolocation software to get geographical coordinates for each SPAM IP address • Validate data and convert it to a DBF file • Generate maps to find patterns and visualize SPAM hot-spots

  5. Data Two types of data used: 1- IP addresses from SPAM emails (logs and reports) 2- A GeoIP database that include geographical coordinates of most IP networks (MaxMind)

  6. Data • April 2009: A total of 269,959 SPAM emails were received from 112,983 different IP addresses. • MaxMindGeoLiteCity, accuracy of over 99.5% at a country level and 79% on a city level for the US within a 25 mile radius”

  7. Analysis • IT part of the project involved the collection of the IP addresses and the processing of latitude and longitude for each IP. Once this data was available, I created a table with the IPs and the geographical coordinates

  8. Analysis • Display XY Data • Projections • Graduated Symbols

  9. Analysis • Display XY Data • Projections • Clip • Spatial Join • Choropleths

  10. Analysis

  11. Analysis • “select features” open the attributes table and export the selected entries to a file. Which can later be used by the IT department to configure Anti-SPAM rules and/or router configurations, because the table also hold the IP addresses and network information.

  12. Conclusions • SPAM Hot-Spots • Be careful when denying traffic from entire countries • Fine tune Anti-SPAM rules na routers, by configuring levels of trust (reputation)

  13. Suggestions for Future Researches • Similar approach could be used to geolocate IP address of legitimate Internet users for planning an IT infrastructure • Automate the time consuming process of extracting, formatting and geolocating the IP addresses

  14. Questions

More Related