Go to DBLP homepageIP Geolocation with Adversarial Probe Mitigation
Abstract: IP Geolocation has many applications from service tailoring and customization to security, such as fraud detection and location-based access control. Active IP geolocation, where the location of a target is verified by probing, can enhance the trustworthiness of geolocation sufficient for security applications. For example, an NMS, can verify the geographic path a packet takes against a claimed path. Numerous active geolocation solutions have been proposed and developed; however, the vast majority were not designed to mitigate against the reality of potentially malicious probes. We propose a scheme, PARL (Probe-Adversary Resistant Localization), that leverages contradictions in measurements to maintain trust scores of probes that reflect their reliability and are used to eliminate malicious measurements. Unlike the state-of-the-art, PARL does not require the geolocation target to perform probing measurements, making it suitable for general IP geolocation. We evaluate our solution via C++ simulation and demonstrate that given enough iterations, it is able to distinguish between malicious and benign probes in probe networks of up to 44% malicious probes, whereas the state of the art can be tricked into accepting false locations when more than 30% of the probes are malicious. We also demonstrate PARL using the RIPE ATLAS probe network.
External IDs:dblp:conf/noms/OtungHFS24
Loading