140 likes | 297 Views
SPAM Geolocation. Using GIS to visualize cyberspace events in a map. Introduction. SPAM Logs from Internet events have no coordinate system, only IP addresses Databases for IP Addresses Geolocation GIS for visualizing cyberspace events. Goals.
E N D
SPAM Geolocation Using GIS to visualize cyberspace events in a map.
Introduction • SPAM • Logs from Internet events have no coordinate system, only IP addresses • Databases for IP Addresses Geolocation • GIS for visualizing cyberspace events
Goals • Use GIS to assist an IT department to geolocate sources of SPAM and identify patterns that could help improve the IT planning and decision making.
Objectives • Collect SPAM IP addresses (April 2009) • MaxMind’s database • Geolocation software to get geographical coordinates for each SPAM IP address • Validate data and convert it to a DBF file • Generate maps to find patterns and visualize SPAM hot-spots
Data Two types of data used: 1- IP addresses from SPAM emails (logs and reports) 2- A GeoIP database that include geographical coordinates of most IP networks (MaxMind)
Data • April 2009: A total of 269,959 SPAM emails were received from 112,983 different IP addresses. • MaxMindGeoLiteCity, accuracy of over 99.5% at a country level and 79% on a city level for the US within a 25 mile radius”
Analysis • IT part of the project involved the collection of the IP addresses and the processing of latitude and longitude for each IP. Once this data was available, I created a table with the IPs and the geographical coordinates
Analysis • Display XY Data • Projections • Graduated Symbols
Analysis • Display XY Data • Projections • Clip • Spatial Join • Choropleths
Analysis • “select features” open the attributes table and export the selected entries to a file. Which can later be used by the IT department to configure Anti-SPAM rules and/or router configurations, because the table also hold the IP addresses and network information.
Conclusions • SPAM Hot-Spots • Be careful when denying traffic from entire countries • Fine tune Anti-SPAM rules na routers, by configuring levels of trust (reputation)
Suggestions for Future Researches • Similar approach could be used to geolocate IP address of legitimate Internet users for planning an IT infrastructure • Automate the time consuming process of extracting, formatting and geolocating the IP addresses