Mr. Craig Shue, a cyber security research scientist at the Oak Ridge National Lab, said that it is clear that a large fraction of Internet address ranges at many ISPs engaged in malicious activity.He added “these [networks] may harbor malicious activity and should be investigated.”

This statement can be set as the abstract of a new research being carried out on data mining. According to this new research , by researchers from Indiana University at Bloomington and the Oak Ridge National Laboratory in Oak Ridge, TN,  tracking of organized criminal activities across the web by the cyber gangs will be much easier now.

This Research identifies dense clusters of ISPs that appear to be overly tolerant of malicious activity from anti-malware, anti-spam companies and phishing blacklists. They state that such patterns were particularly evident in Eastern Europe and the Middle East after comparing data from variety of services that Measure ISPs. Acording to them an ISP is classified as malicious if it harbored at least 2.5 percent of the malicious Internet addresses for a given data set, such as the list of phishing sites or malware-laced sites. They found 58 networks that each had more than 100,000 compromised hosts in their Internet address space ranges, while another 255 networks had between 10,000 and 100,000 systems blacklisted.

Measuring online threats largely depends on their geographic location and focus. The study includes information on phishing websites from Phishtank.com and the Anti-Phishing Working Group; botnet data from the Shadowserver Foundation; spam data from Indiana University, Spamhaus, SURBL, and Support Intelligence; malware hosting stats from organizations such as CleanMX, eSoft, and Malware Patrol.

Ukraine, Iran and Belarus were found to be in an alarming stage as they had more than 80 percent of their Internet address ranges blacklisted for a combination of spam, phishing, and hosting malicious software. Their ISP count were two, one and one respectively. On the other hand Turkey captured the limelight while analyzing (mining) the data on prevalence of servers that criminals use to control botnets. They covered almost 9.11% of the total internet  addresses  listed through a large broadband ISP.

Another strategy, that brought United States into notice, which identifies problem networks based on the number of blacklisted addresses for a given ISP. This method usually points to the world’s largest ISPs.

One more approach was quite successful in identifying zombie systems. It was to identify ISPs and hosting providers that had a disproportionate number of network peers that were malicious. With the help of this approach 22 networks were found to be purely malicious, while some 194 networks were found to be partially malicious.

This research will definately be of great help and development of  internet security and law enforcements in this field.

For more details : http://www.csiir.ornl.gov/shue/research/infocommini10.pdf

Tags: Data Mining, Market Research, news

This entry was posted on Friday, March 19th, 2010 at 7:11 AM and is filed under Data Mining, Research, Technology. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.