Subrahmanian discussed the findings at a panel discussion hosted by the Foundation for Defense of Democracies in Washington on Wednesday.
The authors conducted a two-year study that analysed more than 20 billion automatically generated reports, collected from four million machines per year worldwide. The researchers based their rankings, in part, on the number of machines attacked in a given country and the number of times each machine was attacked. Machines using Symantec anti-virus software automatically generated these reports, but only when a machine's user opted in to provide the data. Trojans, followed by viruses and worms, posed the principal threats to machines in the US. However, misleading software (fake anti-virus programmes and disk cleanup utilities) was far more prevalent in the US compared with other nations that have a similar gross domestic product, the authors noted.
The results suggest that US efforts to reduce cyber threats should focus on education to recognise and avoid misleading software.
“People - even experts - often have gross misconceptions about the relative vulnerability (to cyber attack) of certain countries. The authors of this book succeed in empirically refuting many of those wrong beliefs,” said Isaac Ben-Israel, chair of the Israeli Space Agency and former head of that nation's National Cyber Bureau, in a foreword to the book. The co-authors on the book are Michael Ovelgonne, a former UMIACS postdoctoral researcher; Tudor Dumitras, assistant professor of electrical and computer engineering in the Maryland Cybersecurity Centre; and B. Aditya Prakash, assistant professor of computer science at Virginia Tech. A related research paper was presented at the 9th ACM International Conference of Web Search and Data Mining in February this year.