We provide detection methodology information through our IP to Privacy Detection Extended database that can be used to build an accuracy score
We offer the Privacy Extended database that opens up the methodology of our anonymous IP detection method. However, we don’t provide an accuracy metric as we do for our IP to Geolocation extended database.
The reason for this is that anonymous IP detection involves using multiple methods. We urge the user to understand the nuances of each detection method so that they can fine-tune the anonymous IP detection based on their cybersecurity models and needs.
If you have a malicious IP data log, you can write a regression/statistical model based on our dataset(s). You can even incorporate malicious IP logs, IPinfo geolocation data, ASN or Company data, abuse data, DNSBL data, etc., to create your privacy detection accuracy score.
Documentation for IP to Privacy Extended Database
IPinfo IP to Privacy Detection Methodology
Let’s explore the different data methodologies we employ in detecting an anonymous IP address. Each methodology comes with its own nuances and should be considered carefully if you are trying to build an accuracy score metric.
Detection Methodology | Explanation | Caveat |
---|---|---|
anycast | If IP is identified as being any anycast IP, that could map to multiple physical servers in different locations | Reasonable indicator. Not all anycast IPs are linked with IP privacy solutions. |
census | If we’ve identified VPN software running on this IP as part of our internet-wide scan (successful openvpn or ipsec handshake) | Strong indicator. |
device_activity | If we’ve seen VPN-like behavior (multiple devices, multiple locations etc.) | Reasonable indicator. If a device is using organization/company VPN software, we might recognize that IP as a VPN. |
whois | If we’ve seen VPN provider attributes in the IP whois data (e.g. provider name) | Weak indicator. As IP information in the WHOIS records tends to be comparatively static. AS209854 Cyberzone S.A. details - IPinfo.io. |
vpn_config | If we’ve identified this IP in a VPN config file | Strong indicator. |
Why we don’t provide an accuracy score
The reason we do not provide a single-digit indicator for our Privacy extended database is that it limits the potential for detection modeling of IP addresses. The more data points you have, the more effective your IP labeling models will be. You might have policies to accept some VPN traffic or some hosting traffic. Therefore, the custom modeling approach helps you fine-tune and personalize your access policies based on our multi-dimensional data.
Moreover, if you build your own IP privacy confidence score system, you can use our IP to Geolocation, ASN, and Company database to create a more robust cybersecurity threat detection policy.
IPinfo services referenced:
- IP to Privacy Detection Extended Database
- IP to Privacy Detection API
- IP to Privacy Detection Database
Request your IP to Privacy Detection Extended Database by contacting our sales team.