More Web Proxy on the site http://driver.im/

research-article

Public Access

Global Variation in Attack Encounters and Hosting

Authors:

Kathleen M. Carley,

L. Richard CarleyAuthors Info & Claims

HoTSoS: Proceedings of the Hot Topics in Science of Security: Symposium and Bootcamp

Pages 62 - 73

https://doi.org/10.1145/3055305.3055306

Published: 04 April 2017 Publication History

Abstract

Countries vary greatly in the extent to which their computers encounter and host attacks. Empirically identifying factors behind such variation can provide a sound basis for policies to reduce attacks worldwide. However, the main current approach to identify these factors consists of expert opinions with limited empirical validation. In this work, we empirically test hypotheses regarding social and technological factors behind such international variation. We use Symantec's Intrusion Prevention System (IPS) telemetry data collected from around 10 million Symantec customers worldwide.

We find that web attacks and fake applications are most prominent in Western Europe and North America. Our results indicate a relationship between countries' wealth and technological sophistication and attack exposure, indicating that attackers probably target developed countries to maximize their profits. Moreover, Eastern Europe hosts disproportionate quantities of attacks. Our statistical analysis reveals a relationship between attack hosting and the combined effect of widespread corruption and computing resources. Surprisingly, China is not among the top 10 attack hosting countries and Africa hosts the smallest quantities of attacks. Our work has important policy implications.

References

[1]

R. Alavi, S. Islam, H. Jahankhani, and A. Al-Nemrat. Analyzing Human Factors for an Effective Information Security Management System:. International Journal of Secure Software Engineering, 4(1):50--74, 2013.

[2]

G. S. Becker and G. J. Stigler. Law enforcement, malfeasance, and compensation of enforcers. The Journal of Legal Studies, 3(1):1--18, Jan. 1974.

[3]

L. Bilge and T. Dumitraş. Before we knew it. An empirical study of zero-day attacks in the real world. In Computer and Communication Security Conference (CCS), Raleigh, NC, Oct 2012.

Digital Library

[4]

D. Bizeul. Russian business network study, 2007.

[5]

Brett Stone-Gross et al. FIRE: Finding rogue networks. In Annual Computer Security Applications Conference (ACSAC), Honolulu, HI, Dec 2009.

Digital Library

[6]

J. Burrell. Invisible users: youth in the Internet cafes of urban Ghana. Acting with technology. MIT Press, Cambridge, Mass, 2012.

[7]

J. Caballero, C. Grier, C. Kreibich, and V. Paxson. Measuring pay-per-install: The commoditization of malware distribution. In USENIX Security Symposium, San Francisco, CA, Aug 2011.

Digital Library

[8]

D. Canali, L. Bilge, and D. Balzarotti. On the effectiveness of risk prediction based on users browsing behavior. In ACM symposium on Information, computer and communications security (ASIA CCS), 2014.

Digital Library

[9]

Center for International Development and Conflict Management. International crisis behavior project. http://www.cidcm.umd.edu/icb/, 2010.

[10]

Central Intelligence Agency. The World Factbook. https://www.cia.gov/library/publications/the-world-factbook/, 2011.

[11]

CERT. National computer security incident response teams. http://www.cert.org/csirts/national/contact.html, 2014.

[12]

J.-j. Chang, C.-c. Lai, and C. Yang. Casual police corruption and the economics of crime: Further results. International Review of Law and Economics, 20(1):35--51, Mar. 2000.

[13]

Chris Grier et al. Manufacturing compromise: The emergence of exploit-as-a-service. In Proceedings of the Conference on Computer and communications Security (CCS), Raleigh, NC, Oct 2012.

Digital Library

[14]

CNET. EU increases penalties for cybercriminals and hackers. http://www.cnet.com/news/eu-increases-penalties-for-cybercriminals-and-hackers/, 2013.

[15]

L. E. Cohen, J. R. Kluegel, and K. C. Land. Social inequality and predatory criminal victimization: An exposition and test of a formal theory. American Sociological Review, 44(5):505--524, 1981.

[16]

Correlates of War Project. Alliances v3.03. http://www.correlatesofwar.org/.

[17]

M. Cova, C. Leita, O. Thonnard, A. D. Keromytis, and M. Dacier. An analysis of rogue AV compaigns. In International Symposium on Research in Attacks, Instrusions and Defenses (RAID), Ottawa, Ontario, Canada, Sep 2010.

Digital Library

[18]

Department of Peace and Conflict Research. Uppsala University. UCDP dyadic dataset. http://www.pcr.uu.se/research/ucdp/datasets/ucdp_dyadic_dataset/, 2011.

[19]

T. Dumitras and D. Shou. Toward a standard benchmark for computer security research. The worldwide intelligence network environment (WINE). In Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), Salzburg, Austria, Apr 2011.

Digital Library

[20]

M. V. Eeten, Johannes, M. Bauer, H. Asghari, S. Tabatabaie, and D. Rand. The role of internet service providers in botnet mitigation. An empirical analysis based on spam data. In Workshop on the Economics of Information Security, Arlington, VA, June 2010.

[21]

F. Eicker. Limit theorems for regressions with unequal and dependent errors. In Fifth Berkeley Symposium on Mathematical Statistics and Probability, 1967.

[22]

V. Garg, L. J. Camp, and C. Kanich. Analysis of Ecrime in Crowd-Sourced Labor Markets: Mechanical Turk vs. Freelancer. In The Economics of Information Security and Privacy, pages 301--321. Springer Berlin Heidelberg, Berlin, Heidelberg, 2013.

[23]

V. Garg, T. Koster, and L. Camp. Cross-country analysis of spambots. EURASIP Journal on Information Security, 2013(1):3, 2013.

Digital Library

[24]

P. Huber. The behavior of maximum likelihood estimates under nonstandard conditions. In Fifth Berkeley Symposium on Mathematical Statistics and Probability, 1967.

[25]

International Cyber Center. George Mason University. CERTICC home. http://internationalcybercenter.org/certicc, 2014.

[26]

International Telecommunication Union. Measuring the information society. http://www.itu.int/en/ITU-D/Statistics/Documents/publications/mis2012/MIS2012\_without\_Annex\_4.pdf, 2012.

[27]

H. Jahankhani. Developing a model to reduce and or prevent cyber crime victimization among the user individuals. In Exploiting Intelligence for National Security. 2013.

[28]

H. Jahankhani and A. Al-Nemrat. Cybercrime Profiling and Trend Analysis. In B. Akhgar and S. Yates, editors, Intelligence Management, pages 181--197. Springer London, London, 2011.

[29]

B. Johnson, J. Chuang, J. Grossklags, and N. Christin. Metrics for measuring ISP badness: The case of spam (short paper). In Proceedings of the International Conference on Financial Cryptography and Data Security, Bonaire, Feb 2012.

[30]

A. J. Kalafut, C. A. Shue, and M. Gupta. Malicious hubs: Detecting abnormally malicious autonomous systems. In Proceedings of the Conference on Information Communications (INFOCOM), San Diego, CA, Mar 2010.

Digital Library

[31]

C. Kang, N. Park, B. A. Prakash, E. Serra, and V. S. Subrahmanian. Ensemble Models for Data-driven Prediction of Malware Infections. pages 583--592. ACM Press, 2016.

Digital Library

[32]

A. Kleiner, P. Nicolas, and K. Sullivan. Linking cybersecurity policy and performance. Technical report, Microsoft, 2014.

[33]

M. Kugler, T. Verdier, and Y. Zenou. Organized crime, corruption and punishment. Journal of Public Economics, 89(9-10):1639--1663, Sept. 2005.

[34]

F. Lalonde Levesque, J. Nsiempba, J. M. Fernandez, S. Chiasson, and A. Somayaji. A clinical study of risk factors related to malware infections. In ACM SIGSAC conference on Computer and communications security (CCS), Berlin, Germany, Nov 2013.

Digital Library

[35]

C. Landwehr. Cybersecurity: From engineering to science. The Next Wave. The National Security Agency's review of Emerging Technologies, 19(2), 2012.

[36]

N. Leontiadis, T. Moore, and N. Christin. Measuring and analyzing search-redirection attacks in the illicit online prescription drug trade. In USENIX Security Symposium, San Francisco, CA, Aug 2011.

Digital Library

[37]

N. Leontiadis, T. Moore, and N. Christin. A Nearly Four-Year Longitudinal Study of Search-Engine Poisoning. In Computer and Communication Security Conference (CCS), 2014.

Digital Library

[38]

L. Levesque, J. Fernandez, A. Somayaji, and D. Batchelder. National-level risk assessment: A multi-country study of malware infections. In The Workshop on the Economics of Information Security (WEIS), Berkeley, CA, June 2016.

[39]

J. A. Lewis and K. Timlin. Cybersecurity and cyberwarfare. Preliminary assessment of national doctrine and organization. Technical report, Center for Strategic and International Studies, 2011.

[40]

Maier et al. An assessment of overt malicious activity manifest in residential networks. In Detection of Intrusions and Malware, and Vulnerability Assessment, volume 6739. Springer Berlin Heidelberg, Berlin, Heidelberg, 2011.

Digital Library

[41]

S. Marjit and H. Shi. On controlling crime with corrupt officials. Journal of Economic Behavior & Organization, 34(1):163--172, Jan. 1998.

[42]

Maxmind. Geolite free downloadable databases. Geolite country. http://dev.maxmind.com/geoip/legacy/geolite/, November 2012.

[43]

McAfree. Mcafee labs threats report. http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q1-2014.pdf, June 2014.

[44]

G. Mezzour, K. M. Carley, and L. R. Carley. An empirical study of global malware encounters. In Symposium and Bootcamp on the Science of Security (HotSoS), Urbana, IL, Apr 2015.

Digital Library

[45]

G. Mezzour, L. R. Carley, and K. M. Carley. Longitudinal analysis of a large corpus of cyber threat descriptions. Journal of Computer Virology and Hacking Techniques, June 2014.

[46]

H. J. Morgenthau, K. Thompson, and D. Clinton. A realist theory of international politics. McGraw-Hill Publishing Company, New York, 2005.

[47]

G. Moura. Internet Bad Neighborhoods. Phd thesis, Centre for Telematics and Information Technology, 2013.

[48]

New York Times. Obama calls for new law to bolster cybersecurity. http://www.nytimes.com/2015/01/14/us/obama-to-announce-new-cyberattack-protections.html, 2015.

[49]

OPSWAT. Windows antivirus. worldwide market share analysis. https://www.opswat.com/sites/default/files/antivirus-report-june-2010.pdf, 2010.

[50]

O. Ovelgonner, T. Dumitras, A. Prakash, V. Subrahmanian, and B. Wang. Understanding the relationship between human behavior and susceptibility to cyber attacks: A data driven approach. ACM Transactions on Intelligent Systems and Technology, February 2016.

Digital Library

[51]

J. R. Platt. Strong Inference: Certain systematic methods of scientific thinking may produce much more rapid progress than others. Science, 146(3642):347--353, Oct. 1964.

[52]

N. Provos, P. Mavrommatis, M. A. Rajab, and F. Monrose. All your iFRAMEs point to us. In Usenix Security Symposium, San Jose, CA, July 2008.

Digital Library

[53]

P. Rosenzweig. Cyber warfare: how conflicts in cyberspace are challenging America and changing the world. The changing face of war. Praeger, S. Barbara, CA, 2013.

[54]

S. Sheng, M. Holbrook, P. Kumaraguru, L. F. Cranor, and J. Downs. Who falls for phish?: A demographic analysis of phishing susceptibility and effectiveness of interventions. In SIGCHI Conference on Human Factors in Computing Systems (CHI), Atlanta, GA, Apr 2010.

Digital Library

[55]

A. Shostack. The evolution of information security. The Next Wave. The National Security Agency's review of Emerging Technologies, 19(2), 2012.

[56]

J. Stock and M. Watson. Introduction to Econometrics. Addison-Wesley, 2010.

[57]

V. S. Subrahmanian, M. Ovelgonne, T. Dumitras, and B. A. Prakash. The Global Cyber-Vulnerability Report. Springer International Publishing, Cham, 2015. OCLC: 935176588.

Digital Library

[58]

Symantec. Symantec attack signatures. http://www.symantec.com/security_response/attacksignatures/, 2011.

[59]

The World Bank. The little data book on information and communication technology. http://data.worldbank.org/products/data-books/little-data-book-on-info-communication-tech, 2011.

Digital Library

[60]

O. Thonnard, L. Bilge, G. O'Gorman, S. Kiernan, and M. Lee. Industrial espionage and targeted attacks: Understanding the characteristics of an escalating threat. In International Symposium on Research in Attacks, Instrusions and Defenses (RAID), Sep 2012.

Digital Library

[61]

H. White. A heteroskedasticity-consistent covariance matrix estimator and a direct test for heteroskedasticity. Econometrica, 48:827--838, 1980.

[62]

World Economic Forum. The global competitiveness report. http://www3.weforum.org/docs/WEF_GlobalCompetitivenessReport_2012-13.pdf, 2012-2013.

[63]

T.-F. Yen, V. Heorhiadi, A. Oprea, M. K. Reiter, and A. Juels. An epidemiological study of malware encounters in a large enterprise. In ACM conference on Computer and communications security (CCS), 2014.

Digital Library

Cited By

Alqadhi MMohaisen D(2024)The Infrastructure Utilization of Free Contents Websites Reveal Their Security CharacteristicsComputational Data and Social Networks10.1007/978-981-97-0669-3_24(255-267)Online publication date: 29-Feb-2024
https://doi.org/10.1007/978-981-97-0669-3_24
Hammouchi HNejjari NMezzour GGhogho MBenbrahim H(2023)STRisk: A Socio-Technical Approach to Assess Hacking Breaches RiskIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.314920820:2(1074-1087)Online publication date: 1-Mar-2023
https://doi.org/10.1109/TDSC.2022.3149208
Faulkenberry AAvgetidis AMa ZAlrawi OLever CKintis PMonrose FKeromytis AAntonakakis M(2022)View from Above: Exploring the Malware Ecosystem from the Upper DNS HierarchyProceedings of the 38th Annual Computer Security Applications Conference10.1145/3564625.3564646(240-250)Online publication date: 5-Dec-2022
https://dl.acm.org/doi/10.1145/3564625.3564646
Show More Cited By

Recommendations

An empirical study of global malware encounters
HotSoS '15: Proceedings of the 2015 Symposium and Bootcamp on the Science of Security

The number of trojans, worms, and viruses that computers encounter varies greatly across countries. Empirically identifying factors behind such variation can provide a scientific empirical basis to policy actions to reduce malware encounters in the most ...
Towards a Theory of Moving Target Defense
MTD '14: Proceedings of the First ACM Workshop on Moving Target Defense

The static nature of cyber systems gives attackers the advantage of time. Fortunately, a new approach, called the Moving Target Defense (MTD) has emerged as a potential solution to this problem. While promising, there is currently little research to ...
Chinese Attack Tools: Chinese cyber-attack tools continue to evolve

Cyber-attacks from China are on the rise. In September 2008, SecureWorks, a leading security services provider, published a report citing the locations of the computers from which the greatest number of cyber attacks were attempted against its clients. ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

HoTSoS: Proceedings of the Hot Topics in Science of Security: Symposium and Bootcamp

April 2017

99 pages

ISBN:9781450352741

DOI:10.1145/3055305

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

National Security Agency: National Security Agency
Vanderbilt University: Vanderbilt University
University of Maryland: University of Maryland

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 April 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

Defense Threat Reduction Agency
Army Research Office

Conference

HoTSoS '17

HoTSoS '17: Symposium and Bootcamp

April 4 - 5, 2017

MD, Hanover, USA

Acceptance Rates

HoTSoS Paper Acceptance Rate 9 of 17 submissions, 53%;

Overall Acceptance Rate 34 of 60 submissions, 57%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
166
Total Downloads

Downloads (Last 12 months)40
Downloads (Last 6 weeks)11

Reflects downloads up to 25 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Alqadhi MMohaisen D(2024)The Infrastructure Utilization of Free Contents Websites Reveal Their Security CharacteristicsComputational Data and Social Networks10.1007/978-981-97-0669-3_24(255-267)Online publication date: 29-Feb-2024
https://doi.org/10.1007/978-981-97-0669-3_24
Hammouchi HNejjari NMezzour GGhogho MBenbrahim H(2023)STRisk: A Socio-Technical Approach to Assess Hacking Breaches RiskIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.314920820:2(1074-1087)Online publication date: 1-Mar-2023
https://doi.org/10.1109/TDSC.2022.3149208
Faulkenberry AAvgetidis AMa ZAlrawi OLever CKintis PMonrose FKeromytis AAntonakakis M(2022)View from Above: Exploring the Malware Ecosystem from the Upper DNS HierarchyProceedings of the 38th Annual Computer Security Applications Conference10.1145/3564625.3564646(240-250)Online publication date: 5-Dec-2022
https://dl.acm.org/doi/10.1145/3564625.3564646
Mezzour GCarley KCarley L(2018)Remote assessment of countries’ cyber weapon capabilitiesSocial Network Analysis and Mining10.1007/s13278-018-0539-58:1Online publication date: 9-Oct-2018
https://doi.org/10.1007/s13278-018-0539-5

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten