Using Geolocation for the Strategic Preincident Preparation of an IT Forensics Analysis

Koch, Robert; Golling, Mario; Stiemert, Lars; Rodosek, Gabi Dreo

doi:10.1109/jsyst.2015.2389518

Cited by 13 publications

(6 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Any detected unfair acting during the on-line exam should be regarded as circumstantial evidence and not as a proof from the judicial point of view [12,16]. Furthermore, a suspicion of cheating during on-line exams can lead to suspension of degree granting until the issue is resolved [15].…”

Section: Related Workmentioning

confidence: 99%

A Method for Cheating Indication in Unproctored On-Line Exams

Komosný

Rehman

2022

Sensors

View full text Add to dashboard Cite

COVID-19 has disrupted every field of life and education is not immune to it. Student learning and examinations moved on-line on a few weeks notice, which has created a large workload for academics to grade the assessments and manually detect students’ dishonesty. In this paper, we propose a method to automatically indicate cheating in unproctored on-line exams, when somebody else other than the legitimate student takes the exam. The method is based on the analysis of the student’s on-line traces, which are logged by distance education systems. We work with customized IP geolocation and other data to derive the student’s cheating risk score. We apply the method to approx. 3600 students in 22 courses, where the partial or final on-line exams were unproctored. The found cheating risk scores are presented along with examples of indicated cheatings. The method can be used to select students for knowledge re-validation, or to compare student cheating across courses, age groups, countries, and universities. We compared student cheating risk scores between four academic terms, including two terms of university closure due to COVID-19.

show abstract

Section: Related Workmentioning

confidence: 99%

A Method for Cheating Indication in Unproctored On-Line Exams

Komosný

Rehman

2022

Sensors

View full text Add to dashboard Cite

show abstract

“…There are many applications of IP geolocation, such as where the device locations may be needed retrospectively. These include address reputation [ 14 ], phishing mitigation [ 15 ], credit card fraud [ 16 ], and forensic investigation [ 17 ].…”

Section: Related Workmentioning

confidence: 99%

Retrospective IP Address Geolocation for Geography-Aware Internet Services

Komosný

2021

Sensors

View full text Add to dashboard Cite

The paper deals with the locations of IP addresses that were used in the past. This retrospective geolocation suffers from continuous changes in the Internet space and a limited availability of past IP location databases. I analyse the retrospective geolocation of IPv4 and IPv6 addresses over five years. An approach is also introduced to handle missing past IP geolocation databases. The results show that it is safe to retrospectively locate IP addresses by a couple of years, but there are differences between IPv4 and IPv6. The described parametric model of location lifetime allows us to estimate the time when the address location changed in the past. The retrospective geolocation of IP addresses has a broad range of applications, including social studies, system analyses, and security investigations. Two longitudinal use cases with the applied results are discussed. The first deals with geotargeted online content. The second deals with identity theft prevention in e-commerce.

show abstract

“…Based on their data, together with various predictive models, they are able to identify a specific web page and deduce its content even though the traffic is encrypted. A similar approach was also used by Koch and Rodosek for analysing SSH traffic. Another example of using traffic features is the work by Hellemons et al .…”

Section: Information Extraction From Encrypted Trafficmentioning

confidence: 99%

“…Koch and Rodosek proposed a system for detecting interactive attacks using SSH. Packet sizes, IP addresses and packet inter‐arrival times were used to create clusters of packets, which were likely to match an SSH command and its corresponding response.…”

Section: Feature‐based Traffic Classification Techniques For Encryptementioning

confidence: 99%

A survey of methods for encrypted traffic classification and analysis

et al. 2015

View full text Add to dashboard Cite

Summary With the widespread use of encrypted data transport, network traffic encryption is becoming a standard nowadays. This presents a challenge for traffic measurement, especially for analysis and anomaly detection methods, which are dependent on the type of network traffic. In this paper, we survey existing approaches for classification and analysis of encrypted traffic. First, we describe the most widespread encryption protocols used throughout the Internet. We show that the initiation of an encrypted connection and the protocol structure give away much information for encrypted traffic classification and analysis. Then, we survey payload and feature‐based classification methods for encrypted traffic and categorize them using an established taxonomy. The advantage of some of described classification methods is the ability to recognize the encrypted application protocol in addition to the encryption protocol. Finally, we make a comprehensive comparison of the surveyed feature‐based classification methods and present their weaknesses and strengths. Copyright © 2015 John Wiley & Sons, Ltd.

show abstract

Using Geolocation for the Strategic Preincident Preparation of an IT Forensics Analysis

Cited by 13 publications

References 21 publications

A Method for Cheating Indication in Unproctored On-Line Exams

A Method for Cheating Indication in Unproctored On-Line Exams

Retrospective IP Address Geolocation for Geography-Aware Internet Services

A survey of methods for encrypted traffic classification and analysis

Contact Info

Product

Resources

About