{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,12]],"date-time":"2025-10-12T03:31:04Z","timestamp":1760239864226,"version":"build-2065373602"},"reference-count":31,"publisher":"MDPI AG","issue":"1","license":[{"start":{"date-parts":[[2020,12,22]],"date-time":"2020-12-22T00:00:00Z","timestamp":1608595200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Information"],"abstract":"In this study, we aimed to identify spatial clusters of countries with high rates of cyber attacks directed at other countries. The cyber attack dataset was obtained from Canadian Institute for Cybersecurity, with over 110,000 Uniform Resource Locators (URLs), which were classified into one of 5 categories: benign, phishing, malware, spam, or defacement. The disease surveillance software SaTScanTM was used to perform a spatial analysis of the country of origin for each cyber attack. It allowed the identification of spatial and space-time clusters of locations with unusually high counts or rates of cyber attacks. Number of internet users per country obtained from the 2016 CIA World Factbook was used as the population baseline for computing rates and Poisson analysis in SaTScanTM. The clusters were tested for significance with a Monte Carlo study within SaTScanTM, where any cluster with p < 0.05 was designated as a significant cyber attack cluster. Results using the rate of the different types of malicious URL cyber attacks are presented in this paper. This novel approach of studying cyber attacks from a spatial perspective provides an invaluable relative risk assessment for each type of cyber attack that originated from a particular country.<\/jats:p>","DOI":"10.3390\/info12010002","type":"journal-article","created":{"date-parts":[[2020,12,22]],"date-time":"2020-12-22T20:39:29Z","timestamp":1608669569000},"page":"2","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["The Spatial Analysis of the Malicious Uniform Resource Locators (URLs): 2016 Dataset Case Study"],"prefix":"10.3390","volume":"12","author":[{"given":"Raid W.","family":"Amin","sequence":"first","affiliation":[{"name":"Mathematics & Statistics, University of West Florida, Pensacola, FL 32514, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8333-342X","authenticated-orcid":false,"given":"Hakki Erhan","family":"Sevil","sequence":"additional","affiliation":[{"name":"Intelligent Systems & Robotics, University of West Florida, Pensacola, FL 32514, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6049-5266","authenticated-orcid":false,"given":"Salih","family":"Kocak","sequence":"additional","affiliation":[{"name":"Construction Management, University of West Florida, Pensacola, FL 32514, USA"}]},{"suffix":"III","given":"Guillermo","family":"Francia","sequence":"additional","affiliation":[{"name":"Center for Cybersecurity, University of West Florida, Pensacola, FL 32514, USA"}]},{"given":"Philip","family":"Hoover","sequence":"additional","affiliation":[{"name":"Mathematics & Statistics, University of West Florida, Pensacola, FL 32514, USA"}]}],"member":"1968","published-online":{"date-parts":[[2020,12,22]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Darling, M., Heileman, G., Gressel, G., Ashok, A., and Poornachandran, P. (2015, January 20\u201324). A lexical approach for classifying malicious URLs. Proceedings of the IEEE 2015 International Conference on High Performance Computing & Simulation (HPCS), Amsterdam, The Netherlands.","DOI":"10.1109\/HPCSim.2015.7237040"},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Lallie, H.S., Shepherd, L.A., Nurse, J.R., Erola, A., Epiphaniou, G., Maple, C., and Bellekens, X. (2020). Cyber security in the age of COVID-19: A timeline and analysis of cyber-crime and cyber-attacks during the pandemic. arXiv.","DOI":"10.1016\/j.cose.2021.102248"},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Abdalrahman, G.A., and Varol, H. (2019, January 10\u201312). Defending Against Cyber-Attacks on the Internet of Things. Proceedings of the IEEE 2019 7th International Symposium on Digital Forensics and Security (ISDFS), Barcelos, Portugal.","DOI":"10.1109\/ISDFS.2019.8757478"},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Pivarn\u00edkov\u00e1, M., Sokol, P., and Bajto\u0161, T. (2020). Early-Stage Detection of Cyber Attacks. Information, 11.","DOI":"10.3390\/info11120560"},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Hu, C., Yan, J., and Wang, C. (2019, January 4\u20138). Advanced cyber-physical attack classification with extreme gradient boosting for smart transmission grids. Proceedings of the 2019 IEEE Power & Energy Society General Meeting (PESGM), Atlanta, GA, USA.","DOI":"10.1109\/PESGM40551.2019.8973679"},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Doynikova, E., Novikova, E., and Kotenko, I. (2020). Attacker Behaviour Forecasting Using Methods of Intelligent Data Analysis: A Comparative Review and Prospects. Information, 11.","DOI":"10.3390\/info11030168"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Yao, Y., Su, L., Lu, Z., and Liu, B. (2019, January 5\u20138). STDeepGraph: Spatial-Temporal Deep Learning on Communication Graphs for Long-Term Network Attack Detection. Proceedings of the 2019 18th IEEE International Conference On Trust, Security and Privacy in Computing And Communications\/13th IEEE International Conference On Big Data Science And Engineering (TrustCom\/BigDataSE), Rotorua, New Zealand.","DOI":"10.1109\/TrustCom\/BigDataSE.2019.00025"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Mamun, M.S.I., Rathore, M.A., Lashkari, A.H., Stakhanova, N., and Ghorbani, A.A. (2016). Detecting malicious urls using lexical analysis. International Conference on Network and System Security, Springer.","DOI":"10.1007\/978-3-319-46298-1_30"},{"key":"ref_9","unstructured":"Bloedorn, E., Christiansen, A.D., Hill, W., Skorupka, C., Talbot, L.M., and Tivel, J. (2020, December 21). Data Mining for Network Intrusion Detection: How to Get Started. Available online: https:\/\/www.mitre.org\/sites\/default\/files\/pdf\/bloedorn_datamining.pdf."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"95","DOI":"10.1016\/j.cose.2014.11.008","article-title":"Detecting fake anti-virus software distribution webpages","volume":"49","author":"Kim","year":"2015","journal-title":"Comput. Secur."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"118","DOI":"10.1016\/j.ijcip.2012.08.002","article-title":"Modeling security in cyber\u2013physical systems","volume":"5","author":"Burmester","year":"2012","journal-title":"Int. J. Crit. Infrastruct. Prot."},{"key":"ref_12","unstructured":"Xie, P., Li, J.H., Ou, X., Liu, P., and Levy, R. (July, January 28). Using Bayesian networks for cyber security analysis. Proceedings of the 2010 IEEE\/IFIP International Conference on Dependable Systems & Networks (DSN), Chicago, IL, USA."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"3826","DOI":"10.1016\/j.comnet.2013.09.008","article-title":"A systematic approach for detecting and clustering distributed cyber scanning","volume":"57","author":"Debbabi","year":"2013","journal-title":"Comput. Netw."},{"key":"ref_14","unstructured":"Michael, J.B., Wingfield, T.C., and Wijesekera, D. (2003, January 3\u20136). Measured responses to cyber attacks using Schmitt analysis: A case study of attack scenarios for a software-intensive system. Proceedings of the 27th Annual International Computer Software and Applications Conference, Dallas, TX, USA."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"235","DOI":"10.1016\/j.istr.2007.10.002","article-title":"Immuno-inspired autonomic system for cyber defense","volume":"12","author":"Dasgupta","year":"2007","journal-title":"Inf. Secur. Tech. Rep."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"105","DOI":"10.3233\/JCS-2002-101-205","article-title":"Practical automated detection of stealthy portscans","volume":"10","author":"Staniford","year":"2002","journal-title":"J. Comput. Secur."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Neri, F. (2000). Mining TCP\/IP traffic for network intrusion detection by using a distributed genetic algorithm. European Conference on Machine Learning, Springer.","DOI":"10.1007\/3-540-45164-1_33"},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"15","DOI":"10.12720\/sgce.1.1.15-21","article-title":"Fuzzy-based optimization for effective detection of smart grid cyber-attacks","volume":"1","author":"Ahmad","year":"2012","journal-title":"Int. J. Smart Grid Clean Energy"},{"key":"ref_19","first-page":"1086","article-title":"Deep neural networks in cyber attack detection systems","volume":"8","author":"Bapiyev","year":"2017","journal-title":"Int. J. Civ. Eng. Technol. (IJCIET)"},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"80778","DOI":"10.1109\/ACCESS.2019.2920326","article-title":"A deep and scalable unsupervised machine learning system for cyber-attack detection in large-scale smart grids","volume":"7","author":"Karimipour","year":"2019","journal-title":"IEEE Access"},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"M\u00e9rien, T., Bellekens, X., Brosset, D., and Claramunt, C. (2018, January 6\u20139). A spatio-temporal entropy-based approach for the analysis of cyber attacks (demo paper). Proceedings of the 26th ACM SIGSPATIAL International Conference on Advances in Geographic Information Systems, Seattle, WA, USA.","DOI":"10.1145\/3274895.3274921"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Chen, Y.Z., Huang, Z.G., Xu, S., and Lai, Y.C. (2015). Spatiotemporal patterns and predictability of cyberattacks. PLoS ONE, 10.","DOI":"10.1371\/journal.pone.0131501"},{"key":"ref_23","unstructured":"Hu, Z., Baynard, C.W., Hu, H., and Fazio, M. (2015, January 19\u201321). GIS mapping and spatial analysis of cybersecurity attacks on a florida university. Proceedings of the IEEE 2015 23rd International Conference on Geoinformatics, Wuhan, China."},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Lin, M.S., Chiu, C.Y., Lee, Y.J., and Pao, H.K. (2013, January 6\u20139). Malicious URL filtering\u2014A big data application. Proceedings of the 2013 IEEE International Conference on Big Data, Santa Clara, CA, USA.","DOI":"10.1109\/BigData.2013.6691627"},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Feroz, M.N., and Mengel, S. (November, January 29). Phishing URL detection using URL ranking. Proceedings of the 2015 IEEE international Congress on Big Data, Santa Clara, CA, USA.","DOI":"10.1109\/BigDataCongress.2015.97"},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Du, H., and Yang, S.J. (2013). Temporal and spatial analyses for large-scale cyber attacks. Handbook of Computational Approaches to Counterterrorism, Springer.","DOI":"10.1007\/978-1-4614-5311-6_25"},{"key":"ref_27","unstructured":"Koike, H., Ohno, K., and Koizumi, K. (2005, January 26). Visualizing cyber attacks using IP matrix. Proceedings of the IEEE Workshop on Visualization for Computer Security (VizSEC 05), Minneapolis, MN, USA."},{"key":"ref_28","unstructured":"Canadian Institute for Cybersecurity (2020, April 28). URL Dataset (ISCX-URL2016). Available online: https:\/\/www.unb.ca\/cic\/datasets\/url-2016.html."},{"key":"ref_29","unstructured":"Central Intelligence Agency (2020, April 28). The World FactBook, Available online: https:\/\/www.cia.gov\/library\/publications\/the-world-factbook\/fields\/204rank.html."},{"key":"ref_30","unstructured":"Kulldorff, M. (2015). SaTScan\u2014Software for the Spatial, Temporal, and Space-Time Scan Statistics, Harvard Medical School and Harvard PilgrimHealth Care."},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Altman, D.G. (1991). Practical Statistics for Medical Research, Chapman and Hall.","DOI":"10.1201\/9780429258589"}],"container-title":["Information"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2078-2489\/12\/1\/2\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T10:48:12Z","timestamp":1760179692000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2078-2489\/12\/1\/2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,12,22]]},"references-count":31,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2021,1]]}},"alternative-id":["info12010002"],"URL":"https:\/\/doi.org\/10.3390\/info12010002","relation":{},"ISSN":["2078-2489"],"issn-type":[{"type":"electronic","value":"2078-2489"}],"subject":[],"published":{"date-parts":[[2020,12,22]]}}}