Global Mapping of Cyber Attacks

Identifying factors behind countries’ weakness to cyber-attacks is an important step towards addressing these weaknesses at the root level. For example, identifying factors why some countries become cyber-crime safe heavens can inform policy actions about how to reduce the attractiveness of these countries to cyber-criminals. Currently, however, identifying these factors is mostly based on expert opinions and speculations. In this work, we perform an empirical study to statistically test the validity of these opinions and speculations. In our analysis, we use Symantec’s World Intelligence Network Environment (WINE) Intrusion Prevention System (IPS) telemetry data which contain attack reports from more than 10 million customer computers worldwide. We use regression analysis to test for the relevance of multiple factors including monetary and computing resources, cyber-security research and institutions, and corruption.Our analysis confirms some hypotheses and disproves others. We find that many countries in Eastern Europe extensively host attacking computers because of a combination of good computing infrastructure and high corruption rate. We also find that web attacks and fake applications are most prevalent in rich countries because attacks on these countries are more lucrative. Finally, we find that computers in Africa launch the lowest rates of cyber-attacks. This is surprising given the bad cyber reputation of some African countries such as Nigeria. Our research has many policy implications.

[1]  Stefan Savage,et al.  Manufacturing compromise: the emergence of exploit-as-a-service , 2012, CCS.

[2]  Lada A. Adamic,et al.  Zipf's law and the Internet , 2002, Glottometrics.

[3]  James Andrew Lewis,et al.  Cyber security : turning national solutions into international cooperation , 2003 .

[4]  Nicolas Christin,et al.  Metrics for Measuring ISP Badness: The Case of Spam - (Short Paper) , 2012, Financial Cryptography.

[5]  Leyla Bilge,et al.  Industrial Espionage and Targeted Attacks: Understanding the Characteristics of an Escalating Threat , 2012, RAID.

[6]  Kathleen M. Carley,et al.  Longitudinal analysis of a large corpus of cyber threat descriptions , 2016, Journal of Computer Virology and Hacking Techniques.

[7]  Julio Canto,et al.  Large scale malware collection : lessons learned , 2008 .

[8]  Franci Pivec,et al.  Measuring the information society , 2003 .

[9]  Stuart E. Madnick,et al.  Institutions for Cyber Security: International Responses and Global Imperatives , 2014, Inf. Technol. Dev..

[10]  Craig A. Shue,et al.  Malicious Hubs: Detecting Abnormally Malicious Autonomous Systems , 2010, 2010 Proceedings IEEE INFOCOM.

[11]  MadnickStuart,et al.  Institutions for Cyber Security , 2014 .

[12]  Stefan Savage,et al.  Inside the Slammer Worm , 2003, IEEE Secur. Priv..

[13]  Carsten Willems,et al.  Learning and Classification of Malware Behavior , 2008, DIMVA.

[14]  Stefan Savage,et al.  Inferring Internet denial-of-service activity , 2001, TOCS.

[15]  Kevin C. Almeroth,et al.  FIRE: FInding Rogue nEtworks , 2009, 2009 Annual Computer Security Applications Conference.

[16]  D. Sanger Obama Order Sped Up Wave of Cyberattacks Against Iran , 2012 .

[17]  Stuart E. Madnick,et al.  Experiences and Challenges with using CERT Data to Analyze International Cyber Security , 2009 .

[18]  Frank Stajano,et al.  Understanding scam victims , 2011, Commun. ACM.

[19]  Christopher Krügel,et al.  Scalable, Behavior-Based Malware Clustering , 2009, NDSS.

[20]  Vern Paxson,et al.  Measuring Pay-per-Install: The Commoditization of Malware Distribution , 2011, USENIX Security Symposium.

[21]  Nick Feamster,et al.  Understanding the network-level behavior of spammers , 2006, SIGCOMM.

[22]  Leyla Bilge,et al.  Before we knew it: an empirical study of zero-day attacks in the real world , 2012, CCS.

[23]  David Krackhardt,et al.  PREDICTING WITH NETWORKS: NONPARAMETRIC MULTIPLE REGRESSION ANALYSIS OF DYADIC DATA * , 1988 .

[24]  Kang G. Shin,et al.  Large-scale malware indexing using function-call graphs , 2009, CCS.

[25]  Zhuoqing Morley Mao,et al.  Automated Classification and Analysis of Internet Malware , 2007, RAID.

[26]  Seymour E. Goodman,et al.  Global Initiatives to Secure Cyberspace - An Emerging Landscape , 2008, Advances in Information Security.

[27]  Wolfgang John,et al.  Analysis of internet backbone traffic and header anomalies observed , 2007, IMC '07.