Internet Bad Neighborhoods: India among countries with most malicious hosts

In his dissertation titled "Internet Bad Neighborhoods", researcher Giovane Cesar Moreira Moura shed light on the high crime areas in the wide, wide Internet, called the bad neighbourhoods. 


In his detailed paper, Moura explains that the concept of bad neighbourhoods is that the probability of a host's bad behaviour increases if its neighbouring hosts also has a bad behaviour. Interestingly, this same concept can be used to improve the existing security solutions on the Internet – an indirect approach that allows researchers to predict new sources of attacks. He writes, "In this context, the main contribution of this dissertation is to present the first systematic and multifaceted study on the concentration of malicious hosts on the Internet."


Moura, in his dissertation, tossed up some statistics he unearthed during the course of his research. He found state-owned telco BSNL to have topped the list of spam sources. BSNL featured in Moura's AS-based Spam BadHoods, wherein he listed the top 20 ASes according to the total number of spamming IP address. He notes that as far as spamming IP addresses go, the first AS is AS9829 that belongs to BSNL, to be followed by AS45595 that belongs to Pakistan Telecom Company Limited. Further, in the world percentage, Moure highlighted the percentage of malicious IPs that AS is responsible for in relation to all malicious IPs considered. AS9829 from India, according to Moura, is responsible for 7.39 percent of all malicious IPs taken into consideration. As per the report, these figures are big, considering "this is a very large number for a single ISP, considering thatthere were 42,201 active ASes at the moment of this analysis."

Internet turns U.N. telecoms talks into reality show

Rising economy and greater Internet access may aggravate the problem (Image credit: Getty Images)



The India-mention does not end here. As per Moura's findings, the BRIC countries, comprising Brazil, Russia, India and China were among the ones with most malicious hosts. Quoting a Boston Group report, Moura says that it is expected that the Internet penetration in the BRIC countries shoild increase between 9-15 percent. With a growing economy and large demand for Internet access, Moura expects the number of malicious hosts in these countries to rise with more users gaining Internet access (if necessary measures are not taken). In an attempt to explain it better, Moura writes, "To illustrate a bad scenario if India would have the same Internet penetration rate of a comparable large country – the United States (79 percent) – while keeping the same ratio of malicious hosts, it would have, alone, almost 20 million spammings hosts, which is more than twice the current number of spamming IP addresses we have observed in our datasets for the whole world."


In fact, Moura's paper lists India as the top spamming nation in a list of 20. India is the number one country and is followed by the likes of Vietnam and Brazil. In the list of 20, seventeen are classified as developing countries, while Germany, Spain and United States are the only developing nations. India, however, does not appear in the top 20 list in proportional terms. 


Moving further, Moura's paper states that 88 of the top 400 cities are located in India, followed by Brazil (46), Russia (34) and China (19). In the list showing the number of spamming host for the top 20 cities, six cities (New Delhi, Madras, Pune, Bengaluru, Calcutta and Hyderabad) are located in India, two in Saudi Arabia, two in Pakistan and two in Brazil.


Moura found that of the 229 countries found having spamming hosts, a single one (India) was found concentrating almost 20 percent of worldwide spamming IP addresses, followed by Vietnam and Brazil (7 percent each). In total, the top 20 countries were responsible for 76.31 percent of all the spamming IP addresses. It found that certain countries concentrate most on malicious spamming IP addresses.


Moure warns that they might be a "silent ticking spam bomb" in the BRIC countries. He points out that it may be a problem if the ratio of malicious IP addresses in these countries remain stable while the number of Internet users continue to grow. In that case, Moura expects that there can be a significant increase on the overall number of spam sources. To put this better, he says, "consider India, a country that ranks first in number of spamming IP addresses. If India would have the same Internet penetration rate as the United States (a developed country comparable in size) while keeping its current ratio of malicious IP addresses, that would cause an increase of 200% in the total number of malicious spamming addresses observed currently for the whole world."

Published Date: Mar 18, 2013 04:34 pm | Updated Date: Mar 18, 2013 04:34 pm