Geolocation of covert communication entity on the Internet for post-steganalysis

Abstract

Geolocation of covert communication entity is significantly important for the forensics of the crime but has significant challenges when the steganalyst locks the guilty actor IP and wants to know the physical location of the actor. This kind of post-steganalysis involves not only the stegos transmitted on the Internet but the IP package head and content. This paper presents a geolocation method for the location of the covert communication entity based on hop-hot path coding. The method estimates the location of the covert communication entity by combining the path and delay between probes and the covert communication entity IP, which improves the deficiency that similar delays do not necessarily mean close geographical locations of the IPs. Moreover, the similarity between the IPs’ paths can be measured by coding the paths between IPs and probes. The results of a series of experiments show that the median error of the proposed method is within 6.16 km using different thresholds.