Figure 1

The frequency of security events on a typical genomics server. (a) A plot of daily security-event counts for the first 198 days of 2002; the expanded region had a large increase in daily counts. Attack attempts are an everyday occurrence and there can be large spikes in attack activity. (b,c) Aggregate breakdown and relative proportions of the most common security events for, (b) days with small, regular event counts or (c) two days showing a massive spike in events as evident on the graph in (a). For the two days with the massive spike a single event type "SHELLCODE x86 inc ebx NOOP", which is used in buffer overflow attacks (attacks that attempt to write past the legal boundaries of allocated computer memory) and thus is likely to represent real and serious attack attempts, accounts for over 90% of events. For the more regular days there is no single dominating event, and it is not clear whether these events are genuine attack attempts.