Researchers Develop Algorithm To Trace Malware, Epidemics, More 47
hypnosec writes "Want to trace the source of a virus that has infected your computer? Researchers at the Federal Institute of Technology in Lausanne in Switzerland have the answer. The scientists have devised software capable of tracing computer viruses back to their source. Beyond computer viruses, the software can also trace terror suspects, rumor-mongering and even infectious diseases back to their source. Pedro Pinto, one of the researchers, explained that the algorithm works by going through information in a reverse direction back to the original source. He said, 'Using our method, we can find the source of all kinds of things circulating in a network just by "listening" to a limited number of members of that network.' The team tested their software on a known data maze to check if their research actually pinpoints the individuals behind the 9/11 attacks and they were able to pin-point three suspects, out of which one was the mastermind behind the attacks."
Truly astounding detective work (Score:3)
From TFA:
Taking social networking sites as another example, Pinto said individuals could use the algorithm to find out who had started a rumour posted to 500 contacts by looking at posts received by just 15 to 20 of them.
In other words, after creating a mathematical model of the right 500 people, and after planting 15 or 20 agents inside that 500 person network and monitoring their network traffic for a while, they were able to trace a rumor back to the originator.
The impressed button, I will not be pushing it tonight.
Re: (Score:2)
The impressed button, I will not be pushing it tonight.
3 out of 20 terrorists using their algorithm.
A 15% success rate isn't anything to be crowing about, unless the false positive rate is near zero.
False positives? (Score:3)
A 15% success rate isn't anything to be crowing about, unless the false positive rate is near zero.
After reading TFS and the articles linked therein, I could find no mention of false positives. This is a critical issue for any classification system which is attempting to identify a small subset of a large population, especially when there are serious consequences for those identified. In fact, the articles did not even mention whether the classification was into positive-vs-unclassified, or positive-vs-unclassified-vs-negative. In the latter case, the rate of false negatives would also be of interest.
Re: (Score:2)
This is a critical issue for any classification system which is attempting to identify a small subset of a large population, especially when there are serious consequences for those identified.
In the lab perhaps this is true. In the field, or at least in the US, the critical issue seems to be whether there are serious consequences for those who are doing the identifying. If misidentification bear no consequences to the identifiers, then false positives are viewed as a minor issue at best.
Re: (Score:2)
In other words, after creating a mathematical model of the right 500 people, and after planting 15 or 20 agents inside that 500 person network and monitoring their network traffic for a while, they were able to trace a rumor back to the originator.
This is exactly the trap that AI programmers fell into in the 1970s. Hindsight is always 20:20.
Re:Truly astounding detective work (Score:5, Informative)
Hey guys I'm surprised to find that our paper showed up on slashdot! You can find the paper here: http://www.pedropinto.org (outside a paywall)
The media went a bit overboard with the coverage :) This is the most accurate article describing what the algorithm does: http://physics.aps.org/articles/v5/89
Hope this helps
Re: (Score:2)
Actually it helps a lot. Your paper is far more interesting than the news speculation, as it describes what you did and how to do it, as opposed to how it was applied through the lens of hindsight.
Unfortunately, too many "news" stories try to make their stories interesting by adding crazy speculation about hot topics. "This research uncovered 9/11 conspirators" is far too close to saying "Researchers built a terrorist detector!!!", which is completely untrue, as well as not the point. But it gets people
Re: (Score:1)
Re: (Score:1)
Pedro Pinto, you think he's fake?
Re: (Score:2)
not fake, just over hyping his product.
you need 20% of participants to be shills in the network. that's not terribly impressive at all. other than that it sounds just like normal logic and what I would have imagined to have been used to look for epidemics origins for maybe hundred years (say, you're monitoring cities a b c d and you know city e is between a and b, a and b get the outbreak simultaneously and c gets it after that and d gets it later, so you presume the outbreak broke out from city e - that's
Bad Summary, Slashdot. Here's more information. (Score:5, Informative)
More articles on the subject:
The Original Article: http://physics.aps.org/articles/v5/89 [aps.org]
A second article with different details: http://www.ibtimes.com/articles/372537/20120810/facebook-rumor-math-terrorism-algorithm.htm [ibtimes.com]
Re: (Score:2)
Pity they don't mention... (Score:2)
It's a pity neither of those editorial articles mentions what the false positive rate is. This is critical.
Actually, they don't even mention whether the algorithm identifies negatives as well as positives (i.e. those who can be ruled out of any follow-up investigations etc.), and if so, what the false negative rate is. This is also critical.
The article itself in Phys. Rev. Lett. [aps.org] is behind a paywall. Maybe it addresses the false positive issue, and the positive vs negative issue.
Good to see someone actually read the original (Score:2)
The article is indeed behind a paywall but one of the authors (Pinto) makes it available from his personal website.
Here is the link to the Physical Review Letters article: http://www.pedropinto.org.s3.amazonaws.com/publications/locating_source_diffusion_networks.pdf [amazonaws.com]
and here is the link to some supplemental material
Re: (Score:2)
Many antivirus companies have honeypots to detect new virii. It would be extremely interesting to independently trace the origin of things like Stuxnet.
Re: (Score:2)
Maybe with this technology we will finally find out who is Cartman's mom or dad (or both).
No, because the network is almost trivial, due to the large number of connections.
So George Bush, Dick Cheney and who? (Score:1)
As in the peeps behind 9/11. Sounds like wonderful research. Full scholarships for everybody!
Who gains the most? (Score:2)
GUI interface using Visual Basic? (Score:2, Funny)
Re: (Score:2)
Trace me. Send me my current whereabouts ftw. Bonus points for GPS coordinates. You have 1 hour. Go.
You are directly above the center of the Earth.
This representation of your whereabouts is accurate to millimeters. Now pay up...
master mind? (Score:1)
flawed flawed flawed (Score:1)
Too broke to purchase the original article but the free article says they deal with 'nodes in a plane' and the African example uses waterways so they are essentially using a tree there. These are npot the most complex data structures imaginable.
Also the means of defeating their algorithm is easy to figure out. Just make it look like the virus came from a well-connected user. These are likely pwned already, anyhow.