Schwartz et al. - Google Patents
SNITCH: Leveraging IP Geolocation for Active VPN DetectionSchwartz et al.
View PDF- Document ID
- 1988920583196334639
- Author
- Schwartz T
- Manor O
- Otung A
External Links
Snippet
Cyber attacks and fraud pose significant risks to online platforms, with malicious actors who often employ VPN servers to conceal their identities and bypass geolocation-based security measures. Current passive VPN detection methods identify VPN connections with more than …
- 238000001514 detection method 0 title abstract description 139
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
- H04L63/083—Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network using passwords using one-time-passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to network resources
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/316—User authentication by observing the pattern of computer usage, e.g. typical user behaviour
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Mi et al. | Resident evil: Understanding residential ip proxy as a dark service | |
| US10440049B2 (en) | Network traffic analysis for malware detection and performance reporting | |
| Jin et al. | Hop-count filtering: an effective defense against spoofed DDoS traffic | |
| US9444835B2 (en) | Method for tracking machines on a network using multivariable fingerprinting of passively available information | |
| US8001597B2 (en) | Comprehensive online fraud detection system and method | |
| BR112012022088B1 (en) | computer-readable non-transient storage medium with instructions for running on a host computer, method for providing security on a host computer, and network security device | |
| US11178163B2 (en) | Location spoofing detection using round-trip times | |
| Nasser et al. | Provably curb man-in-the-middle attack-based ARP spoofing in a local network | |
| Hudaib et al. | DNS advanced attacks and analysis | |
| Nawrocki et al. | SoK: A data-driven view on methods to detect reflective amplification DDoS attacks using honeypots | |
| Zhang et al. | Onis: Inferring tcp/ip-based trust relationships completely off-path | |
| Gao et al. | A nationwide census on wifi security threats: prevalence, riskiness, and the economics | |
| Abdou et al. | Server location verification (SLV) and server location pinning: Augmenting TLS authentication | |
| Miller et al. | Traffic classification for the detection of anonymous web proxy routing | |
| Webb et al. | Finding proxy users at the service using anomaly detection | |
| Kadam et al. | Automated Wi-Fi penetration testing | |
| Aravind et al. | Tracing IP Addresses Behind Vpn/Proxy Servers | |
| CN111669376B (en) | Method and device for identifying safety risk of intranet | |
| Mühle et al. | Characterising proxy usage in the bitcoin peer-to-peer network | |
| Abdou et al. | Secure client and server geolocation over the Internet | |
| Schwartz et al. | SNITCH: Leveraging IP Geolocation for Active VPN Detection | |
| Ramesh et al. | {CalcuLatency}: Leveraging {Cross-Layer} Network Latency Measurements to Detect {Proxy-Enabled} Abuse | |
| Kumar et al. | Analysing Cyber Security Vulnerabilities using Click Jacking and HostHeader Injection | |
| Chiapponi | Detecting and Mitigating the New Generation of Scraping Bots | |
| Dzaky et al. | Improving DNS Server Resilience Against DDoS Attacks Through Anycast Routing |