8/3/2019 Considering Statistical Reports of Populations Penetration in Attack to Networks
http://slidepdf.com/reader/full/considering-statistical-reports-of-populations-penetration-in-attack-to-networks 1/6
(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 9, No. 11, November 2011
Considering Statistical Reports of Populations
Penetration in Attack to Networks
Afshin Rezakhani RoozbahaniDepartment of Computer Engineering
The University of Ayatollah Alozma
Boroujerdi, Boroujerd, Iran
Nasser ModiriDepartment of Computer Engineering
Zanjan Azad University
Zanjan, [email protected]
Nasibe MohammadiDepartment of Computer Engineering
The University of Ayatollah Alozma
Boroujerdi, Boroujerd, Iran
Abstract —because the internet traffic is increasing continuously,
analyzing internet events and the penetration of countries is more
important from previous years. In this article, we study thepopulation of countries with most network traffics and consider
the attacks rate that accurate in them. Also we study countries
subject to attack and the rate of their attacks. These results can
be used in future research to place coordinators in gorgelocations of world to manage information that are passed
between countries. Also these results can be used in collaborative
intrusion detection systems (IDSs) for inform new attack methods
to all IDSs in other location of worlds.
Keywords-internet traffic; attacks rate; IDSs;
I. INTRODUCTION
The Internet is a global system of interconnected computernetworks that use the standard Internet Protocol Suite (TCP/IP)to serve billions of users worldwide [1]. The Internet,sometimes called simply "the Net," is a worldwide system of computer networks - a network of networks in which users at
any one computer can, if they have permission, get informationfrom any other computer (and sometimes talk directly to usersat other computers). It was conceived by the AdvancedResearch Projects Agency (ARPA) of the U.S. government in1969 and was first known as the ARPANet. The original aimwas to create a network that would allow users of a researchcomputer at one university to be able to "talk to" researchcomputers at other universities. A side benefit of ARPANet'sdesign was that, because messages could be routed or reroutedin more than one direction, the network could continue tofunction even if parts of it were destroyed in the event of amilitary attack or other disaster [2]. The security disciplines of computer networks are classified into three main classes:Detection, prevention, and protection [16]. The detectionmethods are in charge of detecting any intrusion in networks.
Prevention methods aim to deploy secure policies forunderlying network(s) and finally the protection methods try toexert manager’s views for protecting the networks.
II. INTERNET ATTACK METHODS
Without security measures and controls in place, our data
might be subjected to an attack. Some attacks are passive,
meaning information is monitored; others are active, meaning
the information is altered with intent to corrupt or destroy the
data or the network itself. In this section we seek the overview
on the methods that are used by hackers to attack in the
networks. These methods explain in below subsections [17].
A. Eavesdropping
In general, the majority of network communications occur in
an unsecured or "cleartext" format, which allows an attacker
who has gained access to data paths in your network to "listen
in" or interpret (read) the traffic. When an attacker is
eavesdropping on your communications, it is referred to as
sniffing or snooping. The ability of an eavesdropper to
monitor the network is generally the biggest security problem
that administrators face in an enterprise. Without strong
encryption services that are based on cryptography, your data
can be read by others as it traverses the network.
B. Data Modification
After an attacker has read your data, the next logical step is to
alter it. An attacker can modify the data in the packet without
the knowledge of the sender or receiver. Even if you do not
require confidentiality for all communications, you do not
want any of your messages to be modified in transit. For
example, if you are exchanging purchase requisitions, you do
not want the items, amounts, or billing information to be
modified.
C. Identity Spoofing (IP Address Spoofing)
Most networks and operating systems use the IP address of a
computer to identify a valid entity. In certain cases, it ispossible for an IP address to be falsely assumed— identity
spoofing. An attacker might also use special programs to
construct IP packets that appear to originate from valid
addresses inside the corporate intranet.
132 http://sites.google.com/site/ijcsis/ISSN 1947-5500
8/3/2019 Considering Statistical Reports of Populations Penetration in Attack to Networks
http://slidepdf.com/reader/full/considering-statistical-reports-of-populations-penetration-in-attack-to-networks 2/6
(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 9, No. 11, November 2011
After gaining access to the network with a valid IP address,
the attacker can modify, reroute, or delete your data. The
attacker can also conduct other types of attacks, as described
in the following sections.
D. Password-Based Attacks
A common denominator of most operating system and
network security plans is password-based access control. This
means your access rights to a computer and network resourcesare determined by who you are, that is, your user name and
your password.
Older applications do not always protect identity information
as it is passed through the network for validation. This might
allow an eavesdropper to gain access to the network by posing
as a valid user.
When an attacker finds a valid user account, the attacker has
the same rights as the real user. Therefore, if the user has
administrator-level rights, the attacker also can create accounts
for subsequent access at a later time.
After gaining access to your network with a valid account, anattacker can do any of the following:
Obtain lists of valid user and computer names and network
information.
Modify server and network configurations, including access
controls and routing tables.
Modify, reroute, or delete your data.
III. CONSIDERING THE POPULATION OF CONTRIES WITH
MORE INTERNET TRAFFICS
A. Considering the Population of Contries
First, we study the population of some countries that playimportant role in internet traffics and network attacks producer.The below table is based on most network attacks producercountries. These report showing in table1 [3, 4, 5, 6, 7, 8, 9,10].
Table 1. Population and Percentage of countries in the world
Country Population Percentage in
world
China 1,330,141,295 19%
USA 310,232,863 4%
Netherlands 16,783,092 0.2%
Germany 82,282,988 1%
Russia 142,012,121 2%
Great Britain 62,348,447 0.9%
Canada 34019000 0.4%
Ukraine 45,415,596 0.6%
Latvia 2,231,503 0.03%
France 64,768,389 0.9%
B. Considering the Rate of Attack Producers
In this section, we study the rate of attacks that areoccurred at internet. Of course our study is depended on top
ten countries hosting malware [11].
Table2. Compare percentage of Contries Population with their
attackers
Country Percentage of all
attacks(hosting malware)
Percentage
in world
China 52.7% 19%
USA 19.02% 4%
Netherlands 5.86% 0.2%
Germany 5.07% 1%
Russia 2.58% 2%Great Britain 2.54% 0.9%
Canada 2.22% 0.4%
Ukraine 2.17% 0.6%
Latvia 1.53% 0.03%
France 0.6% 0.9%
Of course countries with next rates are according below:
11. Spain 12. North Korea 13. Brazil 14. Cyprus 15. Sweden
16. Taiwan 17. Norway 18. Israel 19. Luxemburg 20. Estonia
Table2 compares the Percentage of all attacks (hosting
malware) with Percentage of their population penetrations in
world. For example, the penetration of China population in
world is: 19%. Meanwhile, the hosting malware in this country
is: 52.7%. This means about of 52% of world attackers, is
managing their attacks in China.
C. Considering the Statistical Report of Internet Users in
Above Countries
In two previous sections, we considered percentage of population and attackers. But in this section, we study theinternet users at exist in these countries. This statistical report
is showing as below [3].
Table 3. Considering the penetration (% population) in ten
countries
Country Population Internet Penetration
133 http://sites.google.com/site/ijcsis/
ISSN 1947-5500
8/3/2019 Considering Statistical Reports of Populations Penetration in Attack to Networks
http://slidepdf.com/reader/full/considering-statistical-reports-of-populations-penetration-in-attack-to-networks 3/6
8/3/2019 Considering Statistical Reports of Populations Penetration in Attack to Networks
http://slidepdf.com/reader/full/considering-statistical-reports-of-populations-penetration-in-attack-to-networks 4/6
(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 9, No. 11, November 2011
Figure 2. Internet Users in the worlds by geographic region[12]
Figure 3. world Internet penetration rates by geographic regions[12]
Figure 4. Internet Users in the world by distribution by world
regions[12]
F. Top ten malicious programs on the Internet
The twenty malicious programs most commonly used in
Internet attacks are listed below. Each program has been
identified more than 170,000 times and, overall, the programs
listed below were involved in more than 37% (27,443,757) of
all identified incidents [11].
Table 5. Top ten malicious programs on the Internet
№ Name Number of
attacks
% of
total
1 HEUR:Trojan.Script.Iframer 9858304 13.39
2 Trojan-
Downloader.JS.Gumblar.x
2940448 3.99
3 not-a-
virus:AdWare.Win32.Boran.z
2875110 3.91
4 HEUR:Exploit.Script.Generic 2571443 3.49
5 HEUR:Trojan-
Downloader.Script.Generic
1512262 2.05
6 HEUR:Trojan.Win32.Generic 1396496 1.9
7 Worm.VBS.Autorun.hf 1131293 1.548 Trojan-
Downloader.HTML.IFrame.sz
935231 1.27
9 HEUR:Exploit.Script.Generic 752690 1.02
10 Trojan.JS.Redirector.l 705627 0.96
IV. CONSIDERING THE RELIABILITY OF NETWORKS
Another important subject is the availability and reliability
of Internet platform. For this, we study the network
monitoring in some regions and ten countries hosting malware.
The Internet Traffic Report monitors the flow of data around
the world. It then displays a value between zero and 100.
Higher values indicate faster and more reliable connections
[12].
A. Internet Traffic Report in Regions
We consider in this section the score of networks inregions. The "traffic index" is a score from 0 to 100 where 0 is
135 http://sites.google.com/site/ijcsis/
ISSN 1947-5500
8/3/2019 Considering Statistical Reports of Populations Penetration in Attack to Networks
http://slidepdf.com/reader/full/considering-statistical-reports-of-populations-penetration-in-attack-to-networks 5/6
(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 9, No. 11, November 2011
"slow" and 100 is "fast". It is determined by comparing thecurrent response of a ping echo to all previous responses fromthe same router over the past 7 days. A score of 0 to 100 is thenassigned to the current response depending on if this responseis better or worse than all previous responses from that router[13]. This report shows the Global Traffic Index for the 24hours (10/12/2010).
Table 6. Compare Internet traffics in regions
Region Score Avg. Response
Time (ms)
Avg. Packet
Loss (%)
Asia 68 302 9 %
Australia 83 162 0 %
Europe 75 244 11 %
North
America 78 213 16 %
South
America 85 144 0 %
B. Internet Traffic Report in ten Countries
We consider in this section the traffic scores in tencountries hosting malware. Similar to above subsection,this report structure is showing as below table [12].
Table 7. Compare Internet traffics in ten Countries
Country Score Avg. Response
Time (ms)
Avg. Packet
Loss (%)
China 96 34 0
USA 83 - 99 9 - 166 0
Netherlands 84 158 0
Germany 83 168 0
Russia Not
Consider
- -
Great Britain 82 - 85 149 - 156 0
Canada 94 57 0
Ukraine Not
Consider
- -
Latvia NotConsider
- -
France NotConsider
- -
V. CONSIDERING COUNTRIES SUBJECT TO ATTACK
More than 86% of the 73,619,767 attacks targeted the
machines of users in the ten countries listed below. This
ranking has changed significantly since last year. China
remains the leader in terms of numbers of potential victims, but
the number of attacks dropped by 7%. Other countries which
were near the top of the table last year, such as Egypt, Turkey,
and Vietnam, now seem to be of less interest to cybercriminals.
However, the number of attacks on users based in the US,
Germany, Great Britain and Russia rose significantly [11].
Table 8. Top ten countries subject to attack in 2009
Country Percentage of all
attacks
1 China 46.75%
2 USA 6.64%
3 Russia 5.83%
4 India 4.54%
5 Germany 2.53%
6 Great Britain 2.25%
7 Saudi Arabia 1.81%
8 Brazil 1.78%
9 Italy 1.74%
10 Vietnam 1.64%
VI. OUR SUGGESTED APPROACH
A. Suggested Toplogy
We studied statistical reports from Internet traffics in some
important countries and saw that the most attackers utilize
these countries to networks attacks. Also they were the victim
countries and subject to attack. So, if exist some powerful
coordinators in these countries and strongly monitor their
networks to detect/prevent attacks, other countries able work
at Internet safety. This idea is showing in figure4.
136 http://sites.google.com/site/ijcsis/
ISSN 1947-5500
8/3/2019 Considering Statistical Reports of Populations Penetration in Attack to Networks
http://slidepdf.com/reader/full/considering-statistical-reports-of-populations-penetration-in-attack-to-networks 6/6
(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 9, No. 11, November 2011
Figure 5. Placing Strong/Intelligence IDS/IPS in Countries that
Subject to Attacks
Because the significant percentage of hackers, attack in
few countries, we propose place powerful IDSs/IPSs to these
countries. When new attack is detected by IDSs/IPSs, they
send properties of detected attack to All IDSs/IPSs that exist
in other countries. We evaluated this idea in other papers and
showed the overhead traffic decreased by the time and do not
created any significant problem [14].
Also, the relations between IDSs/IPSs can be done with
secured mobile agents [15]. They propose a system where
agent system will be explored on the top Grid systems that
will provide security, autonomy, dynamic behavior and robust
infrastructure. The key features of the proposed Agent based
Grid Architecture are:* Resuming of tasks (by using software agents) after a CPU
has returned back to its idle state. All the communication and
the execution of tasks are handled by software agents.
* Providing security to agents personal (confidential) data.
Support of task migration is provided by our architecture due
to the introduction of agents. It handles fault tolerance by
maintaining multiple copies of the task.
The architecture is actually a modification of Globus
Toolkit where agents are introduced. In this way we reduced
the communication overhead and provided support for task
migration for resource utilization [15].
B. Standardization all Detection Methods
We propose use semantic web stucture between all
IDSs/IPSs to simple relation between coordinators. This work,
leads to collaboration platform intrusion detection/prevention
systems and causes all be abled to use from other experiences
of IDSs/IPSs. We propoesd this idea is other paper Precisely.
The form of semantic web that is create when an attack is
detected is showing in below figure.
Figure 6. The Semantic Web Form of a detected Attack[14]
VII. CONCOLUSION
In this article, we considered the population of countries
with most traffic attacks rate that accurate in them. Also we
studied the probability and the rate of attacks. Studies of ten
countries subject to attack in 2009 were performing. Do not
found any semantic relation between population and attacks.
At last, we proposed place coordinators in top countries
hosting malware to detect anomalies quickly. With this, All
IDSs/IPSs use from coordinators abilities to detect the attacks.
REFERENCES
[1] en.wikipedia.org/wiki/Internet.
[2] http://searchwindevelopment.techtarget.com/definition/Internet,
[3] http://www.internetworldstats.com/stats.htm
[4] http://www.indexmundi.com/netherlands/population.html
[5] http://www.countryreports.org/people/overview.aspx?Countryname=&countryId=91.
[6] http://www.trueknowledge.com/q/population_of_russia_2010
[7] www.trueknowledge.com/q/population_of_uk_2010 [8] www.statcan.gc.ca
[9] www.kyivpost.com/news/nation/detail/86668/
[10] https://www.cia.gov/library/publications/the-world-factbook/geos/fr.html.
[11] Kaspersky Security Bulletin 2009. Statistics, 2009
[12] http://www.internettrafficreport.com/
[13] http://www.internettrafficreport.com/faq.htm#trindex
[14] Afshin Rezakhani Roozbahani, L.Rikhtechi and N.mohammadi,"Converting Network Attacks to Standard Semantic Web Formin Cloud Computing Infrastructure", International Journal of Computer Applications (0975 – 8887) Volume 3 – No.4, June2010.
[15] K.MuthuManickam, "A Security Model for Mobile Agent inGrid Environment", International Journal of ComputerApplications (0975 – 8887) Volume 2 – No.2, May 2010.
[16] J. M. Kizza,”Computer Network Security”, Published bySpringer, 2005.
[17] Microsoft, TechNet Library, Resources for IT Professionals,http://technet.microsoft.com/en-us/library/default.aspx, Last visited atDecember2010
137 http://sites.google.com/site/ijcsis/
ISSN 1947-5500