Get documents about "Considering Statistical Reports of Populations Penetration in Attack to Networks
Document Sample
(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 9, No. 11, November 2011
Considering Statistical Reports of Populations
Penetration in Attack to Networks
Afshin Rezakhani Roozbahani Nasser Modiri Nasibe Mohammadi
Department of Computer Engineering Department of Computer Engineering Department of Computer Engineering
The University of Ayatollah Alozma Zanjan Azad University The University of Ayatollah Alozma
Boroujerdi, Boroujerd, Iran Zanjan, Iran Boroujerdi, Boroujerd, Iran
Af.rezakhani@gmail.com NasserModiri@yahoo.com n.mohammadi07@gmail.com
Abstract—because the internet traffic is increasing continuously,
analyzing internet events and the penetration of countries is more II. INTERNET ATTACK METHODS
important from previous years. In this article, we study the Without security measures and controls in place, our data
population of countries with most network traffics and consider
might be subjected to an attack. Some attacks are passive,
the attacks rate that accurate in them. Also we study countries
subject to attack and the rate of their attacks. These results can meaning information is monitored; others are active, meaning
be used in future research to place coordinators in gorge the information is altered with intent to corrupt or destroy the
locations of world to manage information that are passed data or the network itself. In this section we seek the overview
between countries. Also these results can be used in collaborative on the methods that are used by hackers to attack in the
intrusion detection systems (IDSs) for inform new attack methods networks. These methods explain in below subsections [17].
to all IDSs in other location of worlds.
A. Eavesdropping
Keywords-internet traffic; attacks rate; IDSs; In general, the majority of network communications occur in
an unsecured or "cleartext" format, which allows an attacker
I. INTRODUCTION who has gained access to data paths in your network to "listen
in" or interpret (read) the traffic. When an attacker is
The Internet is a global system of interconnected computer eavesdropping on your communications, it is referred to as
networks that use the standard Internet Protocol Suite (TCP/IP) sniffing or snooping. The ability of an eavesdropper to
to serve billions of users worldwide [1]. The Internet, monitor the network is generally the biggest security problem
sometimes called simply "the Net," is a worldwide system of that administrators face in an enterprise. Without strong
computer networks - a network of networks in which users at
encryption services that are based on cryptography, your data
any one computer can, if they have permission, get information
from any other computer (and sometimes talk directly to users can be read by others as it traverses the network.
at other computers). It was conceived by the Advanced B. Data Modification
Research Projects Agency (ARPA) of the U.S. government in
After an attacker has read your data, the next logical step is to
1969 and was first known as the ARPANet. The original aim
was to create a network that would allow users of a research alter it. An attacker can modify the data in the packet without
computer at one university to be able to "talk to" research the knowledge of the sender or receiver. Even if you do not
computers at other universities. A side benefit of ARPANet's require confidentiality for all communications, you do not
design was that, because messages could be routed or rerouted want any of your messages to be modified in transit. For
in more than one direction, the network could continue to example, if you are exchanging purchase requisitions, you do
function even if parts of it were destroyed in the event of a not want the items, amounts, or billing information to be
military attack or other disaster [2]. The security disciplines of modified.
computer networks are classified into three main classes:
C. Identity Spoofing (IP Address Spoofing)
Detection, prevention, and protection [16]. The detection
methods are in charge of detecting any intrusion in networks. Most networks and operating systems use the IP address of a
Prevention methods aim to deploy secure policies for computer to identify a valid entity. In certain cases, it is
underlying network(s) and finally the protection methods try to possible for an IP address to be falsely assumed— identity
exert manager’s views for protecting the networks. spoofing. An attacker might also use special programs to
construct IP packets that appear to originate from valid
addresses inside the corporate intranet.
132 http://sites.google.com/site/ijcsis/
ISSN 1947-5500
(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 9, No. 11, November 2011
After gaining access to the network with a valid IP address, Canada 34019000 0.4%
the attacker can modify, reroute, or delete your data. The Ukraine 45,415,596 0.6%
attacker can also conduct other types of attacks, as described 2,231,503 0.03%
Latvia
in the following sections.
France 64,768,389 0.9%
D. Password-Based Attacks
A common denominator of most operating system and
B. Considering the Rate of Attack Producers
network security plans is password-based access control. This
means your access rights to a computer and network resources In this section, we study the rate of attacks that are
are determined by who you are, that is, your user name and occurred at internet. Of course our study is depended on top
your password. ten countries hosting malware [11].
Older applications do not always protect identity information Table2. Compare percentage of Contries Population with their
as it is passed through the network for validation. This might attackers
allow an eavesdropper to gain access to the network by posing Country Percentage of all Percentage
as a valid user. attacks(hosting malware) in world
China 52.7% 19%
When an attacker finds a valid user account, the attacker has
the same rights as the real user. Therefore, if the user has USA 19.02% 4%
administrator-level rights, the attacker also can create accounts Netherlands 5.86% 0.2%
for subsequent access at a later time.
Germany 5.07% 1%
After gaining access to your network with a valid account, an Russia 2.58% 2%
attacker can do any of the following: Great Britain 2.54% 0.9%
Canada 2.22% 0.4%
Obtain lists of valid user and computer names and network Ukraine 2.17% 0.6%
information. Latvia 1.53% 0.03%
France 0.6% 0.9%
Modify server and network configurations, including access
controls and routing tables.
Modify, reroute, or delete your data. Of course countries with next rates are according below:
III. CONSIDERING THE POPULATION OF CONTRIES WITH 11. Spain 12. North Korea 13. Brazil 14. Cyprus 15. Sweden
MORE INTERNET TRAFFICS
16. Taiwan 17. Norway 18. Israel 19. Luxemburg 20. Estonia
A. Considering the Population of Contries
First, we study the population of some countries that play Table2 compares the Percentage of all attacks (hosting
important role in internet traffics and network attacks producer. malware) with Percentage of their population penetrations in
The below table is based on most network attacks producer world. For example, the penetration of China population in
countries. These report showing in table1 [3, 4, 5, 6, 7, 8, 9, world is: 19%. Meanwhile, the hosting malware in this country
10]. is: 52.7%. This means about of 52% of world attackers, is
managing their attacks in China.
Table 1. Population and Percentage of countries in the world
C. Considering the Statistical Report of Internet Users in
Country Population Percentage in Above Countries
world In two previous sections, we considered percentage of
population and attackers. But in this section, we study the
China 1,330,141,295 19%
internet users at exist in these countries. This statistical report
USA 310,232,863 4% is showing as below [3].
Netherlands 16,783,092 0.2%
Germany 82,282,988 1%
Table 3. Considering the penetration (% population) in ten
Russia 142,012,121 2% countries
Great Britain 62,348,447 0.9% Country Population Internet Penetration
133 http://sites.google.com/site/ijcsis/
ISSN 1947-5500
(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 9, No. 11, November 2011
Users (% Great 0.9% 82% 0.7% 2.54%
Population) Britain
China 1,330,141,295 420,000,000 32 % Canada 0.4% 78% 0.3% 2.22%
Ukraine 0.6% 33% 0.2% 2.17%
USA 310,232,863 239,232,863 77 %
Latvia 0.03% 67% 0.02% 1.53%
France 0.9% 69% 0.6% 0.6%
Netherlands 16,783,092 14,872,200 89%
Germany 82,282,988 65,123,800 79%
Russia 142,012,121 59,700,000 43%
Great Britain 62,348,447 51,442,100 82% This table shows the penetration of total internet users in
Canada 34019000 26,224,900 78% ten countries hosting malware that are playing important role
in Internet Attacks. For example, the percentage of population
Ukraine 45,415,596 15,300,000 33% of China is 19% of total world population. On the other hand,
Latvia 2,231,503 1,503,400 67% 32% of the populations of this country are Internet users.
France 64,768,389 44,625,300 69% Thus, about 19% * 32% = 6% of the population China is
percentage of people who use Internet in all of world Internet
Users. This means column4 (Total Internet Users in world (%
Population)) is obtained as below:
This table show the penetration (% population) in above
countries. For example 77% of population is USA use internet
Column4 = column2 * column3;
in their works.
Figure1 show the role of penetration of populations in
D. Comparing above Reports these countries in world attacks (hosting malware) that
According to internet world stats [3], total population of occurred in them.
world is 6,845,609,960. Also according the reports of this site,
total internet users in world is 1,966,514,816. Thus, the
average rate of internet users in world is:
Average rate = Internet users in world / world population
Then:
Average rate = 1,966,514,816 / 6,845,609,960 = 28%
This means that from each hundred people in world, only
about twenty eight of peoples work via internet to do their
works. Now we consider this rate in top ten countries hosting
malware. This compare is showing in table4.
Table 4. Compare population penetration factor in attacks
Country Percent Internet Total Internet Percentage
age in Users (% Users in world of all
world Populatio (% Population) attacks(hosti Figure 1. Relation between population and rate of malware
n) ng malware) hosting[12]
China 19% 32 % 6% 52.7%
E. Study the Internet Users in Regions
USA 4% 77 % 3% 19.02%
Three below figures that are obtained by Internet World
Netherla 0.2% 89% 0.2% 5.86% Stats [3], compare different regions by Internet Users in the
nds world by geographic regions, world Internet penetration rates
German 1% 79% 0.8% 5.07% and Internet Users in the world by distribution by world
y regions.
Russia 2% 43% 0.9% 2.58%
134 http://sites.google.com/site/ijcsis/
ISSN 1947-5500
(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 9, No. 11, November 2011
Figure 4. Internet Users in the world by distribution by world
regions[12]
F. Top ten malicious programs on the Internet
The twenty malicious programs most commonly used in
Internet attacks are listed below. Each program has been
identified more than 170,000 times and, overall, the programs
listed below were involved in more than 37% (27,443,757) of
all identified incidents [11].
Table 5. Top ten malicious programs on the Internet
Figure 2. Internet Users in the worlds by geographic region[12] № Name Number of % of
attacks total
1 HEUR:Trojan.Script.Iframer 9858304 13.39
2 Trojan- 2940448 3.99
Downloader.JS.Gumblar.x
3 not-a- 2875110 3.91
virus:AdWare.Win32.Boran.z
4 HEUR:Exploit.Script.Generic 2571443 3.49
5 HEUR:Trojan- 1512262 2.05
Downloader.Script.Generic
6 HEUR:Trojan.Win32.Generic 1396496 1.9
7 Worm.VBS.Autorun.hf 1131293 1.54
8 Trojan- 935231 1.27
Downloader.HTML.IFrame.sz
9 HEUR:Exploit.Script.Generic 752690 1.02
10 Trojan.JS.Redirector.l 705627 0.96
IV. CONSIDERING THE RELIABILITY OF NETWORKS
Another important subject is the availability and reliability
of Internet platform. For this, we study the network
monitoring in some regions and ten countries hosting malware.
The Internet Traffic Report monitors the flow of data around
Figure 3. world Internet penetration rates by geographic regions[12] the world. It then displays a value between zero and 100.
Higher values indicate faster and more reliable connections
[12].
A. Internet Traffic Report in Regions
We consider in this section the score of networks in
regions. The "traffic index" is a score from 0 to 100 where 0 is
135 http://sites.google.com/site/ijcsis/
ISSN 1947-5500
(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 9, No. 11, November 2011
"slow" and 100 is "fast". It is determined by comparing the the number of attacks dropped by 7%. Other countries which
current response of a ping echo to all previous responses from were near the top of the table last year, such as Egypt, Turkey,
the same router over the past 7 days. A score of 0 to 100 is then and Vietnam, now seem to be of less interest to cybercriminals.
assigned to the current response depending on if this response However, the number of attacks on users based in the US,
is better or worse than all previous responses from that router Germany, Great Britain and Russia rose significantly [11].
[13]. This report shows the Global Traffic Index for the 24
hours (10/12/2010).
Table 8. Top ten countries subject to attack in 2009
Table 6. Compare Internet traffics in regions
Country Percentage of all
Region Score Avg. Response Avg. Packet attacks
Time (ms) Loss (%) 1 China 46.75%
Asia 68 302 9%
2 USA 6.64%
Australia 83 162 0% 3 Russia 5.83%
Europe 75 244 11 % 4 India 4.54%
North 78 213 16 %
America 5 Germany 2.53%
South 85 144 0% 6 Great Britain 2.25%
America
7 Saudi Arabia 1.81%
8 Brazil 1.78%
B. Internet Traffic Report in ten Countries
9 Italy 1.74%
We consider in this section the traffic scores in ten
countries hosting malware. Similar to above subsection, 10 Vietnam 1.64%
this report structure is showing as below table [12].
VI. OUR SUGGESTED APPROACH
Table 7. Compare Internet traffics in ten Countries
A. Suggested Toplogy
Country Score Avg. Response Avg. Packet
We studied statistical reports from Internet traffics in some
Time (ms) Loss (%)
important countries and saw that the most attackers utilize
China 96 34 0
these countries to networks attacks. Also they were the victim
countries and subject to attack. So, if exist some powerful
USA 83 - 99 9 - 166 0
coordinators in these countries and strongly monitor their
Netherlands 84 158 0 networks to detect/prevent attacks, other countries able work
Germany 83 168 0 at Internet safety. This idea is showing in figure4.
Russia Not - -
Consider
Great Britain 82 - 85 149 - 156 0
Canada 94 57 0
Ukraine Not - -
Consider
Latvia Not - -
Consider
France Not - -
Consider
V. CONSIDERING COUNTRIES SUBJECT TO ATTACK
More than 86% of the 73,619,767 attacks targeted the
machines of users in the ten countries listed below. This
ranking has changed significantly since last year. China
remains the leader in terms of numbers of potential victims, but
136 http://sites.google.com/site/ijcsis/
ISSN 1947-5500
(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 9, No. 11, November 2011
B. Standardization all Detection Methods
We propose use semantic web stucture between all
IDSs/IPSs to simple relation between coordinators. This work,
leads to collaboration platform intrusion detection/prevention
systems and causes all be abled to use from other experiences
of IDSs/IPSs. We propoesd this idea is other paper Precisely.
The form of semantic web that is create when an attack is
detected is showing in below figure.
Figure 6. The Semantic Web Form of a detected Attack[14]
VII. CONCOLUSION
In this article, we considered the population of countries
with most traffic attacks rate that accurate in them. Also we
Figure 5. Placing Strong/Intelligence IDS/IPS in Countries that studied the probability and the rate of attacks. Studies of ten
Subject to Attacks countries subject to attack in 2009 were performing. Do not
found any semantic relation between population and attacks.
Because the significant percentage of hackers, attack in At last, we proposed place coordinators in top countries
few countries, we propose place powerful IDSs/IPSs to these hosting malware to detect anomalies quickly. With this, All
countries. When new attack is detected by IDSs/IPSs, they IDSs/IPSs use from coordinators abilities to detect the attacks.
send properties of detected attack to All IDSs/IPSs that exist
in other countries. We evaluated this idea in other papers and REFERENCES
showed the overhead traffic decreased by the time and do not [1] en.wikipedia.org/wiki/Internet.
created any significant problem [14]. [2] http://searchwindevelopment.techtarget.com/definition/Internet,
Also, the relations between IDSs/IPSs can be done with [3] http://www.internetworldstats.com/stats.htm
secured mobile agents [15]. They propose a system where [4] http://www.indexmundi.com/netherlands/population.html
agent system will be explored on the top Grid systems that [5] http://www.countryreports.org/people/overview.aspx?Countryna
will provide security, autonomy, dynamic behavior and robust me=&countryId=91.
infrastructure. The key features of the proposed Agent based [6] http://www.trueknowledge.com/q/population_of_russia_2010
Grid Architecture are: [7] www.trueknowledge.com/q/population_of_uk_2010
* Resuming of tasks (by using software agents) after a CPU [8] www.statcan.gc.ca
has returned back to its idle state. All the communication and [9] www.kyivpost.com/news/nation/detail/86668/
the execution of tasks are handled by software agents. [10] https://www.cia.gov/library/publications/the-world-
* Providing security to agents personal (confidential) data. factbook/geos/fr.html.
Support of task migration is provided by our architecture due [11] Kaspersky Security Bulletin 2009. Statistics, 2009
to the introduction of agents. It handles fault tolerance by [12] http://www.internettrafficreport.com/
maintaining multiple copies of the task. [13] http://www.internettrafficreport.com/faq.htm#trindex
The architecture is actually a modification of Globus [14] Afshin Rezakhani Roozbahani, L.Rikhtechi and N.mohammadi,
"Converting Network Attacks to Standard Semantic Web Form
Toolkit where agents are introduced. In this way we reduced in Cloud Computing Infrastructure", International Journal of
the communication overhead and provided support for task Computer Applications (0975 – 8887) Volume 3 – No.4, June
migration for resource utilization [15]. 2010.
[15] K.MuthuManickam, "A Security Model for Mobile Agent in
Grid Environment", International Journal of Computer
Applications (0975 – 8887) Volume 2 – No.2, May 2010.
[16] J. M. Kizza,”Computer Network Security”, Published by
Springer, 2005.
[17] Microsoft, TechNet Library, Resources for IT Professionals,
http://technet.microsoft.com/en-us/library/default.aspx, Last visited at
December2010
137 http://sites.google.com/site/ijcsis/
ISSN 1947-5500
Related docs
Other docs by ijcsiseditor
Digital Images Encryption in Spatial Domain Based on Singular Value Decomposition and Cellular Automata
Views: 0 | Downloads: 0
Agent Behavior in Multiagent Systems: Issues and Challenges in Design, Development and Implementation
Views: 1 | Downloads: 0
Optimizing Cost, Delay, Packet Loss and Network Load in AODV Routing Protocols
Views: 2 | Downloads: 0
