Big data police application of MAC address location technology

With the popularization of computer terminals and mobile devices, the new era of public opinion management in the information age and the needs of information security and big data in the new era have begun to highlight the importance and the necessity of strengthening management.



Computer positioning in the traditional way is roughly to obtain the IP address of the network exit where the computer is located through technical means, and then query the registration attributes of the relevant IP through the operator. In this way, the steps are cumbersome and the process is lengthy. This paper is used to discuss the big data management mode model in the new information age, in order to improve the query efficiency of PC, notebook and other computer terminal equipment positioning.



The popularity of mobile terminals has led to the development of WIFI. Now, wireless routers are basically deployed in every household and in the offices of some non-secret-related enterprises and institutions.



This is the basis of the big data acquisition model explored in this article. The technical ideas and application processes described in this article are all open documents. The author owns the copyright of this article, which can be adopted and cited by any non-governmental unit, group, or individual. However, the use and restriction of use by other groups and individuals by government law enforcement agencies is not covered by this statement.





User environment

First, let's sort out the common applications of netizens:

mobile phone: WeChat, mobile QQ, Momo, Baidu search, WIFI key, AutoNavi map, Baidu map, Tencent map, Google map.

Computer: QQ, Ali Wangwang, QQ Security Manager, 360 Antivirus, 350 Guard, Baidu Antivirus, Baidu Guard.

The map software on the mobile phone can not only display the map, but also locate through the functions of the mobile phone itself, and the positioning accuracy can generally reach within 10 meters. The positioning function described here includes both the GPS positioning method, the Beidou positioning method, and the base station positioning method. The former is accurate, but requires the positioning equipment to be within the range of the satellite signal; the latter, although only a rough range, is generally accurate. within a radius of 100 meters. This is sufficient in civilian-grade applications.



All current mobile phone map software can technically collect the latitude and longitude positioning address of the mobile phone, and the MAC address of the router of the WIFI network where the mobile phone is located (not the priority to collect SSID). Because the MAC address has a single format and unique encoding, and the SSID must have repeated names and diverse character sets, it is inconvenient to be uniquely adopted.

The above list is only the software with positioning function among the commonly used mobile phone software; the current mobile phone APP software, quite a lot of software includes the function of reading the user's current positioning information, because they are also trying to build their own user big data center. However, at present, after each APP software collects user positioning information, there is no mature case on how to mine big data applications.



Principle of data collection

When a mobile phone is connected to WIFI, after obtaining the IP address to access the Internet, the built-in software on the mobile phone reads the positioning information of the mobile phone, reads the MAC information of the gateway address of the wireless router, and transmits it to the database of the software server for storage. .

This actually locates the addresses of most routers. As long as there is a WIFI access point in its local area network, it is also a gateway of the network, which can be used by other computer terminals to access the Internet, which can roughly locate a batch of computer terminals. confirmed.

It can be seen from this that the client software with a larger user group can improve the data in detail, accurately and as soon as possible.



When a computer terminal is connected to the network in a wired/wireless manner, it must be connected to the Internet through a gateway, and by collecting the MAC information of the gateway router of the computer terminal and comparing it with the MAC address in the database, it can be quickly To determine the location of this wired/wireless device, the data can be accurate to the location of a building.



Data collection method

Mobile terminal:

1. It is preset by the mobile phone manufacturer in the background. After the mobile phone logs in to the WIFI, it obtains the router gateway MAC address information and SSID information and transmits it to the server database.

2. Collected from commonly used mobile phone software: software manufacturers with high installation popularity such as WeChat, QQ, Momo, WIFI key, etc., when the software logs in to WIFI, obtain the router gateway MAC address information, SSID information, and scan the same network segment The ARP address table of other devices is transmitted to the server database.

3. Additional collection: The software scans after the initial login to WIFI successfully, or periodically scans the ARP address table of other devices in the same network segment, and transmits it to the server database. This collection is not necessary, but has its police application prospects.



Computer terminal:

The desktop software manufacturer collects the MAC address of the gateway router, and goes to the server to query the coordinates of the device itself. Manufacturers with a relatively complete positioning database can open and query the coordinate information for a fee. For example, QQ, 360, Fetion, Tianyi and other software or ActiveX controls in online business halls have deployed hundreds of millions of computer terminal applications in my country. It is completely possible to use this platform for positioning of non-mobile devices and promotion of value-added services.



Data transmission method In

a single environment, the amount of data transmitted is not large. However, due to related device information, clear text transmission is not recommended. It is recommended to compress and encrypt the data before transmission. Since the amount of data is not large and accurate recording is not required, one-way transmission using the UDP protocol can be selected. Even if a certain recording fails, other mobile devices have a certain probability of data collection and transmission.



Modeling parameters Table structure

to be modeled and data capacity to be collected:

1. Table 1: Router MAC address, positioning coordinates, positioning time and coordinate offset:

Router MAC address: reserved IPV4 and IPV6 address segments, IPV4 is a 6-byte string, IPV6 is a 16-byte string.

Positioning coordinates: reserved for N bytes

Positioning time: year, month, day, hour and minute, record the time point when the record was first generated.

Coordinate offset: N bytes reserved, the acquisition method is GPS or base station positioning method. When other positioning device data is uploaded to the server, within the error range of a certain offset, the coordinate data and time data are not updated. Since GPS positioning is more accurate than base station positioning, if the mobile device reaches the outdoors and collects a more accurate positioning address, the server will update the positioning coordinates.

2. Table 2: The intranet MAC address periodically collected under the MAC address of this router, only the IPV4 format is collected, each information is 6 bytes, plus the label of the year, month, day, hour and minute.

3. Others: To be improved.





Civil application prospects

:

1. Positioning of PCs and notebooks: Many third-party software needs to push relevant real-time information in a targeted manner according to the location of the user group, such as QQ news bubbles, when users are in Beijing, they will push major news information in Beijing. When users are in Hunan, they push important news information in Hunan. In the future, when the user opens the webpage and selects the government affairs disclosure center, it can automatically push the relevant government affairs information of the jurisdiction where it is located, and it can even be accurate to the community location.

If operators also adopt this big data system, they can also accurately locate, and operators have their own mobile phones, and it is convenient for mobile phone manufacturers to integrate big data collection background according to their own format requirements.



2. Automatic update of IP address positioning software: The previous IP address positioning system was based on the allocation of IP segments. However, due to insufficient IPV4 address pools, some community operators adopted the method of large intranet and remote export. The positioning judgment software often makes mistakes in judgment; or there are some changes in IP segment allocation information that cause program judgment errors, this method can be used to accurately judge and correct the real coordinate address of the client.



3. Anti-copying and smuggling of software dongles: After many software manufacturers use dongles, they are still faced with the dilemma that dongles are copied and dongles are smuggled, which brings negative effects to the protection of intellectual property rights. However, we found that many small and medium-sized user terminals have deployed both servers and WIFI, and they all share the Internet based on a local area network. Nowadays, more and more application software not only supports the PC architecture, but also supports the use of mobile terminals. Therefore, if the application software adds a method of collecting the gateway MAC address on the mobile client, verifying the gateway MAC address on the server side, positioning and binding the dongle, it can effectively prevent the dongle from being copied and sold.



4. Computer anti-theft:

If the information database is rich enough, it is also a good application area for computer anti-theft. Computer manufacturers can record the router's MAC address when surfing the Internet in EFI or pre-installed software, and compare it with the blacklist database. Then, after the computer is lost, once the thief or the person receiving the stolen goods is turned on and surfed the Internet, it may be located and locked.



5. Value-added services of online banking controls:

If the general user uses online banking on the computer, there are ActiveX controls. If the control collects the user's network gateway and prompts the user for the address of the last operation, it can also be changed every time the online banking changes. Positioning mobile phone SMS reminders not only helps users to control their own funds, but also helps to track some online banking cases.





Police application prospects

1. Accelerated positioning of public safety information: In

the past, when analyzing IP information, the public safety department could not do without the support of the operator, but the process was cumbersome and the efficiency was not high. With the support, relevant big data information can be obtained through a unified standard format interface, which can then be used to analyze public security requirements.

The biggest benefit of this data is that it can accelerate positioning across regions.

Based on public safety requirements, relevant departments can also require mobile phone manufacturers or client software with a large user group to collect the SSID of the gateway router and the MAC addresses of other devices on the same network segment. Generally speaking, user networks are 24-bit masks. There are at most 252 other users. In a general home environment, a user under a civilian 24-bit mask is more than 10. This doesn't add network overhead, but this data collection can be beneficial to public safety experts. For example, the analysis of the relationship between the same people and so on.



2. Anti-pyramid marketing:

WeChat, QQ, and Momo are the common communication tools for MLM salespeople to pull each other’s heads. The biggest problem in cracking down on MLM groups in the past was the difficulty in locating MLM dens. Many people who want to escape from the MLM dens have no way to tell their location. If the mobile phone itself can upload the router MAC address location and SSID name when logging in to the nearby WIFI, then many cases can be easily located to the building.



3. Location of criminal suspects: Many criminal suspects have the experience of using mobile phones to connect to WIFI to surf the Internet, so when he did not commit a crime, the WIFI Internet access records can be collected for later tracking, even if the criminal suspects use other people's ID cards to open a house or rent a house , as long as he uses his mobile phone to connect to WIFI, he can immediately locate the specific location. Although the police can locate according to the mobile phone signal, it is a good analysis method to collect the MAC location as an aid to lock the target in a building.



4. Anti-terrorism: Nowadays, criminals are more and more able to use IT tools for communication, use computers for audio and video transmission, and training. Therefore, according to the relevant information of criminals’ mobile phones as an entry point, they can assist in analyzing criminals’ strongholds, close contacts, and associations. Relationships etc are a good source of data.



The contradiction between public safety and personal privacy The information collected by

this technology is limited to the device itself. Except for the MAC address and positioning information, it does not collect relevant information related to the user's identity. However, based on the social interpersonal relationship, a lot of content can be analyzed. . Therefore, it is still necessary to have a strict privacy and confidentiality mechanism to restrain data users.



Civil application operation mode

1. Communication operators are a good source of data to collect data. Since the three major operators currently have a large number of customized models for sale, China Mobile has Fetion, China Unicom has Wo, China Telecom has mobile clients such as Tianyi, so if the three operators It is very convenient to upgrade the client and then collect relevant positioning data.

After the data is collected, the most basic application is the fixed-point information push. The second is to provide positioning data services to law enforcement units and financial units.

2. Tencent, Alibaba, and Baidu have rich desktop user groups and mobile terminal user groups, so cooperation with them is one of the sources of obtaining positioning data.



The operation mode of police application is led

by relevant law enforcement agencies, and negotiates data collection, development, sharing and cooperation with software manufacturers with a large number of mobile terminal and computer terminal users

. The development of big data applications can be carried out by each company itself, but the police data structure is not allowed to be used for civil big data applications. The police data is compared with the civilian data, and the MAC address information of other terminals on the same network segment is mostly collected.

Data call management: refer to the relevant rules and regulations of law enforcement agencies.

After the database is established, the superiors of the law enforcement units designate an area for sampling pilots. After the official operation, the data company will establish a data cache center in each province on a provincial basis, and arrange for maintenance teams to station in the site for maintenance. Law enforcement agencies use the service for a fee. The maintenance team establishes a log system center to record all data query records.