Considering Statistical Reports of Populations Penetration in Attack to Networks by ijcsiseditor


									                                                              (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                            Vol. 9, No. 11, November 2011

          Considering Statistical Reports of Populations
               Penetration in Attack to Networks
    Afshin Rezakhani Roozbahani                             Nasser Modiri                                 Nasibe Mohammadi
  Department of Computer Engineering             Department of Computer Engineering               Department of Computer Engineering
  The University of Ayatollah Alozma                   Zanjan Azad University                     The University of Ayatollah Alozma
      Boroujerdi, Boroujerd, Iran                            Zanjan, Iran                             Boroujerdi, Boroujerd, Iran                              

Abstract—because the internet traffic is increasing continuously,
analyzing internet events and the penetration of countries is more                        II.   INTERNET ATTACK METHODS
important from previous years. In this article, we study the                    Without security measures and controls in place, our data
population of countries with most network traffics and consider
                                                                           might be subjected to an attack. Some attacks are passive,
the attacks rate that accurate in them. Also we study countries
subject to attack and the rate of their attacks. These results can         meaning information is monitored; others are active, meaning
be used in future research to place coordinators in gorge                  the information is altered with intent to corrupt or destroy the
locations of world to manage information that are passed                   data or the network itself. In this section we seek the overview
between countries. Also these results can be used in collaborative         on the methods that are used by hackers to attack in the
intrusion detection systems (IDSs) for inform new attack methods           networks. These methods explain in below subsections [17].
to all IDSs in other location of worlds.
                                                                           A. Eavesdropping
Keywords-internet traffic; attacks rate; IDSs;                             In general, the majority of network communications occur in
                                                                           an unsecured or "cleartext" format, which allows an attacker
                       I.    INTRODUCTION                                  who has gained access to data paths in your network to "listen
                                                                           in" or interpret (read) the traffic. When an attacker is
   The Internet is a global system of interconnected computer              eavesdropping on your communications, it is referred to as
networks that use the standard Internet Protocol Suite (TCP/IP)            sniffing or snooping. The ability of an eavesdropper to
to serve billions of users worldwide [1]. The Internet,                    monitor the network is generally the biggest security problem
sometimes called simply "the Net," is a worldwide system of                that administrators face in an enterprise. Without strong
computer networks - a network of networks in which users at
                                                                           encryption services that are based on cryptography, your data
any one computer can, if they have permission, get information
from any other computer (and sometimes talk directly to users              can be read by others as it traverses the network.
at other computers). It was conceived by the Advanced                      B. Data Modification
Research Projects Agency (ARPA) of the U.S. government in
                                                                           After an attacker has read your data, the next logical step is to
1969 and was first known as the ARPANet. The original aim
was to create a network that would allow users of a research               alter it. An attacker can modify the data in the packet without
computer at one university to be able to "talk to" research                the knowledge of the sender or receiver. Even if you do not
computers at other universities. A side benefit of ARPANet's               require confidentiality for all communications, you do not
design was that, because messages could be routed or rerouted              want any of your messages to be modified in transit. For
in more than one direction, the network could continue to                  example, if you are exchanging purchase requisitions, you do
function even if parts of it were destroyed in the event of a              not want the items, amounts, or billing information to be
military attack or other disaster [2]. The security disciplines of         modified.
computer networks are classified into three main classes:
                                                                           C. Identity Spoofing (IP Address Spoofing)
Detection, prevention, and protection [16]. The detection
methods are in charge of detecting any intrusion in networks.              Most networks and operating systems use the IP address of a
Prevention methods aim to deploy secure policies for                       computer to identify a valid entity. In certain cases, it is
underlying network(s) and finally the protection methods try to            possible for an IP address to be falsely assumed— identity
exert manager’s views for protecting the networks.                         spoofing. An attacker might also use special programs to
                                                                           construct IP packets that appear to originate from valid
                                                                           addresses inside the corporate intranet.

                                                                                                        ISSN 1947-5500
                                                             (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                           Vol. 9, No. 11, November 2011

After gaining access to the network with a valid IP address,                  Canada              34019000                 0.4%
the attacker can modify, reroute, or delete your data. The                    Ukraine             45,415,596               0.6%
attacker can also conduct other types of attacks, as described                                    2,231,503                0.03%
in the following sections.
                                                                              France              64,768,389               0.9%
D. Password-Based Attacks
A common denominator of most operating system and
                                                                          B. Considering the Rate of Attack Producers
network security plans is password-based access control. This
means your access rights to a computer and network resources                  In this section, we study the rate of attacks that are
are determined by who you are, that is, your user name and                occurred at internet. Of course our study is depended on top
your password.                                                            ten countries hosting malware [11].

Older applications do not always protect identity information             Table2. Compare percentage of Contries Population with their
as it is passed through the network for validation. This might                                    attackers
allow an eavesdropper to gain access to the network by posing                Country           Percentage of all         Percentage
as a valid user.                                                                           attacks(hosting malware)       in world
                                                                              China                  52.7%                  19%
When an attacker finds a valid user account, the attacker has
the same rights as the real user. Therefore, if the user has                    USA                     19.02%                      4%
administrator-level rights, the attacker also can create accounts          Netherlands                   5.86%                    0.2%
for subsequent access at a later time.
                                                                            Germany                      5.07%                      1%
After gaining access to your network with a valid account, an                 Russia                     2.58%                      2%
attacker can do any of the following:                                      Great Britain                 2.54%                    0.9%
                                                                             Canada                      2.22%                    0.4%
Obtain lists of valid user and computer names and network                    Ukraine                     2.17%                    0.6%
information.                                                                  Latvia                     1.53%                    0.03%
                                                                             France                      0.6%                      0.9%
Modify server and network configurations, including access
controls and routing tables.

Modify, reroute, or delete your data.                                     Of course countries with next rates are according below:

   III.    CONSIDERING THE POPULATION OF CONTRIES WITH                        11. Spain 12. North Korea 13. Brazil 14. Cyprus 15. Sweden
                  MORE INTERNET TRAFFICS
                                                                             16. Taiwan 17. Norway 18. Israel 19. Luxemburg 20. Estonia
A. Considering the Population of Contries
   First, we study the population of some countries that play                 Table2 compares the Percentage of all attacks (hosting
important role in internet traffics and network attacks producer.         malware) with Percentage of their population penetrations in
The below table is based on most network attacks producer                 world. For example, the penetration of China population in
countries. These report showing in table1 [3, 4, 5, 6, 7, 8, 9,           world is: 19%. Meanwhile, the hosting malware in this country
10].                                                                      is: 52.7%. This means about of 52% of world attackers, is
                                                                          managing their attacks in China.
 Table 1. Population and Percentage of countries in the world
                                                                          C. Considering the Statistical Report of Internet Users in
    Country            Population         Percentage in                       Above Countries
                                              world                           In two previous sections, we considered percentage of
                                                                          population and attackers. But in this section, we study the
      China          1,330,141,295            19%
                                                                          internet users at exist in these countries. This statistical report
          USA         310,232,863               4%                        is showing as below [3].
 Netherlands          16,783,092               0.2%
  Germany              82,282,988               1%
                                                                            Table 3. Considering the penetration (% population) in ten
    Russia            142,012,121               2%                                                  countries
 Great Britain        62,348,447               0.9%                          Country        Population          Internet     Penetration

                                                                                                        ISSN 1947-5500
                                                                   (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                                 Vol. 9, No. 11, November 2011

                                            Users            (%                Great     0.9%       82%             0.7%               2.54%
                                                          Population)         Britain
    China             1,330,141,295      420,000,000        32 %              Canada     0.4%       78%             0.3%               2.22%

                                                                              Ukraine     0.6%      33%             0.2%               2.17%
    USA               310,232,863        239,232,863         77 %
                                                                              Latvia     0.03%      67%            0.02%               1.53%
                                                                              France      0.9%      69%             0.6%                0.6%
Netherlands            16,783,092        14,872,200           89%
 Germany               82,282,988        65,123,800           79%
   Russia             142,012,121        59,700,000           43%
Great Britain          62,348,447        51,442,100           82%                 This table shows the penetration of total internet users in
  Canada               34019000          26,224,900           78%             ten countries hosting malware that are playing important role
                                                                              in Internet Attacks. For example, the percentage of population
   Ukraine             45,415,596        15,300,000           33%             of China is 19% of total world population. On the other hand,
   Latvia              2,231,503         1,503,400            67%             32% of the populations of this country are Internet users.
   France              64,768,389        44,625,300           69%             Thus, about 19% * 32% = 6% of the population China is
                                                                              percentage of people who use Internet in all of world Internet
                                                                              Users. This means column4 (Total Internet Users in world (%
                                                                              Population)) is obtained as below:
    This table show the penetration (% population) in above
countries. For example 77% of population is USA use internet
                                                                              Column4 = column2 * column3;
in their works.
                                                                                  Figure1 show the role of penetration of populations in
D. Comparing above Reports                                                    these countries in world attacks (hosting malware) that
     According to internet world stats [3], total population of               occurred in them.
world is 6,845,609,960. Also according the reports of this site,
total internet users in world is 1,966,514,816. Thus, the
average rate of internet users in world is:

  Average rate = Internet users in world / world population

  Average rate = 1,966,514,816 / 6,845,609,960 = 28%

    This means that from each hundred people in world, only
about twenty eight of peoples work via internet to do their
works. Now we consider this rate in top ten countries hosting
malware. This compare is showing in table4.

  Table 4. Compare population penetration factor in attacks

Country     Percent      Internet      Total Internet    Percentage
            age in      Users (%      Users in world        of all
             world      Populatio     (% Population)    attacks(hosti          Figure 1. Relation between population and rate of malware
                            n)                          ng malware)                                   hosting[12]
 China       19%          32 %             6%              52.7%
                                                                              E. Study the Internet Users in Regions
 USA         4%           77 %             3%             19.02%
                                                                                 Three below figures that are obtained by Internet World
Netherla     0.2%         89%             0.2%             5.86%              Stats [3], compare different regions by Internet Users in the
  nds                                                                         world by geographic regions, world Internet penetration rates
German       1%           79%             0.8%             5.07%              and Internet Users in the world by distribution by world
   y                                                                          regions.
 Russia      2%           43%             0.9%             2.58%

                                                                                                          ISSN 1947-5500
                                                                 (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                               Vol. 9, No. 11, November 2011

                                                                                  Figure 4. Internet Users in the world by distribution by world

                                                                             F. Top ten malicious programs on the Internet
                                                                                  The twenty malicious programs most commonly used in
                                                                             Internet attacks are listed below. Each program has been
                                                                             identified more than 170,000 times and, overall, the programs
                                                                             listed below were involved in more than 37% (27,443,757) of
                                                                             all identified incidents [11].

                                                                                   Table 5. Top ten malicious programs on the Internet

  Figure 2. Internet Users in the worlds by geographic region[12]            №     Name                                      Number of       % of
                                                                                                                             attacks         total
                                                                              1    HEUR:Trojan.Script.Iframer                 9858304         13.39
                                                                              2    Trojan-                                    2940448         3.99
                                                                              3    not-a-                                     2875110          3.91
                                                                              4    HEUR:Exploit.Script.Generic                2571443          3.49
                                                                              5    HEUR:Trojan-                               1512262          2.05
                                                                              6    HEUR:Trojan.Win32.Generic                  1396496           1.9
                                                                              7    Worm.VBS.Autorun.hf                        1131293          1.54
                                                                              8    Trojan-                                    935231           1.27
                                                                              9    HEUR:Exploit.Script.Generic                 752690          1.02
                                                                             10    Trojan.JS.Redirector.l                      705627          0.96

                                                                                    IV.    CONSIDERING THE RELIABILITY OF NETWORKS
                                                                                Another important subject is the availability and reliability
                                                                             of Internet platform. For this, we study the network
                                                                             monitoring in some regions and ten countries hosting malware.
                                                                             The Internet Traffic Report monitors the flow of data around
Figure 3. world Internet penetration rates by geographic regions[12]         the world. It then displays a value between zero and 100.
                                                                             Higher values indicate faster and more reliable connections

                                                                             A.   Internet Traffic Report in Regions
                                                                                 We consider in this section the score of networks in
                                                                             regions. The "traffic index" is a score from 0 to 100 where 0 is

                                                                                                              ISSN 1947-5500
                                                               (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                             Vol. 9, No. 11, November 2011

"slow" and 100 is "fast". It is determined by comparing the               the number of attacks dropped by 7%. Other countries which
current response of a ping echo to all previous responses from            were near the top of the table last year, such as Egypt, Turkey,
the same router over the past 7 days. A score of 0 to 100 is then         and Vietnam, now seem to be of less interest to cybercriminals.
assigned to the current response depending on if this response            However, the number of attacks on users based in the US,
is better or worse than all previous responses from that router           Germany, Great Britain and Russia rose significantly [11].
[13]. This report shows the Global Traffic Index for the 24
hours (10/12/2010).
                                                                               Table 8. Top ten countries subject to attack in 2009
           Table 6. Compare Internet traffics in regions
                                                                                             Country           Percentage of all
   Region           Score      Avg. Response      Avg. Packet                                                        attacks
                                 Time (ms)         Loss (%)                            1     China                   46.75%
    Asia             68             302              9%
                                                                                       2     USA                     6.64%
  Australia          83              162              0%                               3     Russia                  5.83%
  Europe             75              244              11 %                             4     India                   4.54%
   North             78              213              16 %
  America                                                                              5     Germany                 2.53%
   South             85              144              0%                               6     Great Britain           2.25%
                                                                                       7     Saudi Arabia            1.81%
                                                                                       8     Brazil                  1.78%
B. Internet Traffic Report in ten Countries
                                                                                       9     Italy                   1.74%
   We consider in this section the traffic scores in ten
   countries hosting malware. Similar to above subsection,                            10     Vietnam                 1.64%
   this report structure is showing as below table [12].

                                                                                           VI.   OUR SUGGESTED APPROACH
      Table 7. Compare Internet traffics in ten Countries
                                                                          A. Suggested Toplogy
  Country           Score       Avg. Response      Avg. Packet
                                                                             We studied statistical reports from Internet traffics in some
                                  Time (ms)         Loss (%)
                                                                          important countries and saw that the most attackers utilize
   China             96               34                0
                                                                          these countries to networks attacks. Also they were the victim
                                                                          countries and subject to attack. So, if exist some powerful
    USA            83 - 99         9 - 166                 0
                                                                          coordinators in these countries and strongly monitor their
 Netherlands         84              158                   0              networks to detect/prevent attacks, other countries able work
  Germany            83              168                   0              at Internet safety. This idea is showing in figure4.
   Russia           Not               -                    -
Great Britain      82 - 85        149 - 156                0
  Canada             94              57                    0
  Ukraine           Not               -                    -
   Latvia           Not               -                    -
   France           Not               -                    -

    More than 86% of the 73,619,767 attacks targeted the
machines of users in the ten countries listed below. This
ranking has changed significantly since last year. China
remains the leader in terms of numbers of potential victims, but

                                                                                                        ISSN 1947-5500
                                                                 (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                               Vol. 9, No. 11, November 2011

                                                                           B. Standardization all Detection Methods

                                                                               We propose use semantic web stucture between all
                                                                           IDSs/IPSs to simple relation between coordinators. This work,
                                                                           leads to collaboration platform intrusion detection/prevention
                                                                           systems and causes all be abled to use from other experiences
                                                                           of IDSs/IPSs. We propoesd this idea is other paper Precisely.
                                                                           The form of semantic web that is create when an attack is
                                                                           detected is showing in below figure.

                                                                             Figure 6. The Semantic Web Form of a detected Attack[14]

                                                                                                     VII.    CONCOLUSION
                                                                              In this article, we considered the population of countries
                                                                           with most traffic attacks rate that accurate in them. Also we
   Figure 5. Placing Strong/Intelligence IDS/IPS in Countries that         studied the probability and the rate of attacks. Studies of ten
                         Subject to Attacks                                countries subject to attack in 2009 were performing. Do not
                                                                           found any semantic relation between population and attacks.
     Because the significant percentage of hackers, attack in              At last, we proposed place coordinators in top countries
few countries, we propose place powerful IDSs/IPSs to these                hosting malware to detect anomalies quickly. With this, All
countries. When new attack is detected by IDSs/IPSs, they                  IDSs/IPSs use from coordinators abilities to detect the attacks.
send properties of detected attack to All IDSs/IPSs that exist
in other countries. We evaluated this idea in other papers and                                           REFERENCES
showed the overhead traffic decreased by the time and do not               [1]
created any significant problem [14].                                      [2],
     Also, the relations between IDSs/IPSs can be done with                [3]
secured mobile agents [15]. They propose a system where                    [4]
agent system will be explored on the top Grid systems that                 [5]
will provide security, autonomy, dynamic behavior and robust                      me=&countryId=91.
infrastructure. The key features of the proposed Agent based               [6]
Grid Architecture are:                                                     [7]
 * Resuming of tasks (by using software agents) after a CPU                [8]
has returned back to its idle state. All the communication and             [9]
the execution of tasks are handled by software agents.                     [10]
* Providing security to agents personal (confidential) data.                      factbook/geos/fr.html.
Support of task migration is provided by our architecture due              [11]   Kaspersky Security Bulletin 2009. Statistics, 2009
to the introduction of agents. It handles fault tolerance by               [12]
maintaining multiple copies of the task.                                   [13]
     The architecture is actually a modification of Globus                 [14]   Afshin Rezakhani Roozbahani, L.Rikhtechi and N.mohammadi,
                                                                                  "Converting Network Attacks to Standard Semantic Web Form
Toolkit where agents are introduced. In this way we reduced                       in Cloud Computing Infrastructure", International Journal of
the communication overhead and provided support for task                          Computer Applications (0975 – 8887) Volume 3 – No.4, June
migration for resource utilization [15].                                          2010.
                                                                           [15]   K.MuthuManickam, "A Security Model for Mobile Agent in
                                                                                  Grid Environment", International Journal of Computer
                                                                                  Applications (0975 – 8887) Volume 2 – No.2, May 2010.
                                                                           [16]   J. M. Kizza,”Computer Network Security”, Published by
                                                                                  Springer, 2005.
                                                                           [17] Microsoft, TechNet Library, Resources for IT Professionals,
                                                                      , Last visited at

                                                                                                              ISSN 1947-5500

To top