Swiss scientists develop algorithm to sniff out source of malware, spam attacks
The algorithm aims to determine the probable source of an online attack by analyzing about ten percent of the network connections
IDG News Service - Swiss scientists have developed an algorithm that can be used to locate spammers as well as the source of a computer virus or malware.
The algorithm finds the source by only checking a small percentage of the connections in a network, said Pedro Pinto, postdoctoral researcher at the Audiovisual Communications Laboratory of the Swiss Federal Institute of Technology (EPFL) on Monday.
If you would like to find the source of a virus, malware or spam-attack it is impossible to track the status of all nodes on the Internet, Pinto said in a telephone interview. "That would mean you would need about 1 billion sensors. And you don't want to monitor the entire Internet," he added.
Instead he and his colleagues devised an algorithm that shows that it is possible to estimate the location of the source from measurements collected by sparsely placed observers or sensors.
By using the algorithm the specific computer inA the network from which the spam mail is being sent can be found so that the network provider can shut it down for instance, said Pinto. Using the same method, the first computer where a virus was injected could be pinpointed, he added.
The location of the source is basically accomplished by using the network structure, looking at who is connected to whom, as well as determining the time of arrival of the virus to the sensors, Pinto said.
The algorithm only has to analyze ten to twenty percent of all the nodes in a network to determine what the likely source of an attack is, Pinto said. "Sometimes this is five percent," he added, pointing out that the number of nodes that need to be analyzed depends on the complexity of the network.
The workings of the algorithm were detailed in a paper entitled 'Locating the source of diffusion in large-scale networks' that was published in the Physical Review Letters journal on Friday.
In the paper, the scientists expect that the algorithm can be used for other things besides finding computer culprits. The method is for instance intended to find the source of biological viruses and epidemics like SARS -- the algorithm could be used to determine the city in which the virus appeared for the first time. But it could also be used to find the source of a rumor spreading on Facebook or sniff out the source of an airborne contaminant that was let loose by terrorists in a subway network, according to the scientists.
While the technique could have uses in many different industries, the first commercial interest in the algorithm has come from computer security companies, Pinto said. "Some companies emailed me after we published the paper last Friday," he said, adding that he did not want to disclose the names of the companies.
Another natural fit for the technology would be its use by public services like governments, Pinto said. Besides looking for ways to use the technology commercially, the scientists will also try to improve the results of the algorithm.
Loek covers all things tech for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to firstname.lastname@example.org
- Why Projects Fail CIOs are expected to deliver more projects that transform business, and do so on time, on budget and with limited resources.
- The New Business Case for Video Conferencing: 7 Real-World Benefits Beyond Cost-Savings This whitepaper provides insight into the value of video conferencing in today's business environment, and how organizations are using visual collaboration to find...
- Gartner Magic Quadrant for Client Management Tools The client management tool market is maturing and evolving to adapt to consumerization, desktop virtualization, and an ongoing need to improve efficiency.
- Audit Ready and Asset Optimized: The Solid Promise of an Intelligent Software Asset Management Solution In this paper Frost & Sullivan examines the benefits of enterprise-grade Software Asset Management solutions, and how these solutions serve as the convergence...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Cyberwarfare White Papers | Webcasts