Camille Moriot, François Lesueur, N. Stouls, F. Valois
{"title":"如何从远程IP地址构建社会组织信息以丰富安全分析?","authors":"Camille Moriot, François Lesueur, N. Stouls, F. Valois","doi":"10.1109/LCN53696.2022.9843570","DOIUrl":null,"url":null,"abstract":"There is a constant threat of having our computing systems under attack. Information regarding the origins of the traffic we receive can be valuable. Currently, the AS-number and the localization are the most commonly used IP-related information to characterize an attack.In this paper, we propose expanding knowledge about a remote IP’s owner to improve defensive reaction effectiveness and obtain in-depth analyzes of attacker profiles. We introduce the enrichment with socio-organizational information (such as organization type, activity field, etc.) about the entities owning the IP in addition to infrastructural information. This integration is driven by combining RDAP and Wikidata. We demonstrate that this proposal is promising.","PeriodicalId":303965,"journal":{"name":"2022 IEEE 47th Conference on Local Computer Networks (LCN)","volume":"16 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"How to build socio-organizational information from remote IP addresses to enrich security analysis?\",\"authors\":\"Camille Moriot, François Lesueur, N. Stouls, F. Valois\",\"doi\":\"10.1109/LCN53696.2022.9843570\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"There is a constant threat of having our computing systems under attack. Information regarding the origins of the traffic we receive can be valuable. Currently, the AS-number and the localization are the most commonly used IP-related information to characterize an attack.In this paper, we propose expanding knowledge about a remote IP’s owner to improve defensive reaction effectiveness and obtain in-depth analyzes of attacker profiles. We introduce the enrichment with socio-organizational information (such as organization type, activity field, etc.) about the entities owning the IP in addition to infrastructural information. This integration is driven by combining RDAP and Wikidata. We demonstrate that this proposal is promising.\",\"PeriodicalId\":303965,\"journal\":{\"name\":\"2022 IEEE 47th Conference on Local Computer Networks (LCN)\",\"volume\":\"16 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-09-26\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 IEEE 47th Conference on Local Computer Networks (LCN)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/LCN53696.2022.9843570\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE 47th Conference on Local Computer Networks (LCN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/LCN53696.2022.9843570","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
How to build socio-organizational information from remote IP addresses to enrich security analysis?
There is a constant threat of having our computing systems under attack. Information regarding the origins of the traffic we receive can be valuable. Currently, the AS-number and the localization are the most commonly used IP-related information to characterize an attack.In this paper, we propose expanding knowledge about a remote IP’s owner to improve defensive reaction effectiveness and obtain in-depth analyzes of attacker profiles. We introduce the enrichment with socio-organizational information (such as organization type, activity field, etc.) about the entities owning the IP in addition to infrastructural information. This integration is driven by combining RDAP and Wikidata. We demonstrate that this proposal is promising.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
