WP4 Public Statistics

WP4: Clearinghouse Function - public statistics - type 2 - 01/2003 -

Last update: Tue Dec 30 13:34:17 2003

On this page the eCSIRT.net type 2 statistics are shown. These data provide information about incidents handled by the participating teams. During the collection of the data the different incidents types (i.e. "virus", "worm", "trojan") are assigned to incident categories (i.e. "malicious code"). Each incident is assigned exactly to one incident class (called "primary incident type"). A detailed description of the used incident classes is given in the "Clearinghouse Policy (Appendix C)".

Please take into account that the basis for the data collection has changed after August 2003. During a peer review of WP4 it was generally agreed that "policy violation" was to ambiguous and not really relevant to the current working of the teams. It was therefore decided that this incident class should be deleted. Furthermore the incident classes "abusive content" and "other" were established. All incidents which don't fit in one of the given categories should be put to the class "other". If the number of incidents in the category "other" increases, it is an indicator that the classification scheme must be revised.

Since the predominant part of the categories hasn't been changed all available data from January to August 2003 can still be used for creating the type 2 statistics presented on this page. For this purpose the following mapping is used for data originating prior to September 2003:

• Policy Violations:
  No mapping possible, data will not be used
• Information Gathering:
  The incident types "scanning" and "probing" that were used before are merged in the type "scanning"

In the following charts the average values are shown as in the case of type 1 statistics.

Incidents

This chart shows the development of the average number of incidents handled by a team in the respective time period. The value for "Incidents" is the sum of all registered incidents of the different categories.

Top

Number of incidents in the given categories

The following charts show respectively the average number of incidents in the given categories ("abusive content", "malicious code", "information gathering", "intrusion attempts", "intrusions", availability", information security", "fraud" and "other"). Every value is the sum of the given incident types of each incident category.

Incident class "abusive content"

Top

Incident class "malicious code"

Top

Incident class "information gathering"

Top

Incident class "intrusion attempts"

Top

Incident class "intrusions"

Top

Incident class "availabitity"

Top

Incident class "information security"

Top

Incident class "fraud"

Top

Incident class "other"

Top

Number and distribution of incident types

The following charts show respectively the number and the distribution of each incident type within the given categories (In each case average values related to a team are used).

Please note that starting from September the declaration of the incident type is optional. Not all teams have supplied values for the incident types. Therefore the sum of the incident types per incident category can differ from the charts shown before.

Incident types of the incident class "abusive content"

This chart shows the number and the distribution of the incident types "spam", "harassment", and "child/sexual/violence/... content" within the incident category "abusive content".

Top

Incident types of the incident class "malicious code"

This chart shows the number and the distribution of the incident types "virus", "worm", "trojan", "spyware" and "dialer" within the incident category "malicious code".

Top

Incident types of the incident class "information gathering"

This chart shows the number and the distribution of the incident types "scanning", "sniffing" and "social engineering" within the incident category "information gathering".

Top

Incident types of the incident class "intrusion attempts"

This chart shows the number and the distribution of the incident types "known vulnerabilities", "login attempts" and "new attack signatures" within the incident category "intrusion attempts".

Top

Incident types of the inciedent class "intrusions"

This chart shows the number and the distribution of the incident types "privileged account compromise", "unprivileged account compromise" and "application compromise" within the incident category "intrusions".

Top

Incident types of the incident class "availability"

This chart shows the number and the distribution of the incident types "dos", "ddos" and "sabotage" within the incident category "availability".

Top

Incident types of the incident class "information security"

This chart shows the number and the distribution of the incident types "unauthorized access" and "unauthorized modification" within the incident category "information security".

Top

Incident types of the incident class "fraud"

This chart shows the number and the distribution of the incident types "unauthorized use", "copyright" and "masquerade" within the incident category "fraud".

Top

eCSIRT.net The European Computer Security Incident Response Team Network News | Sitemap | Imprint | Privacy Statement | Contact | Top Last changed: December 19, 2003 / OG Copyright © 2002-2003 by PRESECURE Consulting GmbH, Germany