AI-Powered Proxy and VPN Detection — The CrowdSec Way
One of the most common use cases of Cyber Threat Intelligence (CTI) data is the identification of VPN and proxy users. This is due to the fact that a lot of abuse prevention mechanisms focus on enforcing decisions based on the IP address of the abuser — starting from firewalls at the system level to preventing multiple signups for user accounts.
As a provider of CTI data, CrowdSec also provides such information on our 55 million IP database. Until recently, this information was provided by various third-party sources. However, as providers of the world's biggest CTI database, we ought to create our own solution for collecting and analyzing that set of information.
Our new AI-powered VPN and proxy detection mechanism for the CrowdSec CTI will be available soon, but we thought it would be interesting to give you a sneak peek into the research behind building the feature. This article details some of the methods we use to discover and tag users of anonymization tools on the web. If you’re interested in cybersecurity data collection and learning more about the backend of our VPN/proxy detection system, we’re sure you’ll find this article fascinating!