Forgot your password?
typodupeerror
Communications Science

Researchers Develop Algorithm To Trace Malware, Epidemics, More 47

Posted by timothy
from the you-can-observe-a-lot-just-by-looking dept.
hypnosec writes "Want to trace the source of a virus that has infected your computer? Researchers at the Federal Institute of Technology in Lausanne in Switzerland have the answer. The scientists have devised software capable of tracing computer viruses back to their source. Beyond computer viruses, the software can also trace terror suspects, rumor-mongering and even infectious diseases back to their source. Pedro Pinto, one of the researchers, explained that the algorithm works by going through information in a reverse direction back to the original source. He said, 'Using our method, we can find the source of all kinds of things circulating in a network just by "listening" to a limited number of members of that network.' The team tested their software on a known data maze to check if their research actually pinpoints the individuals behind the 9/11 attacks and they were able to pin-point three suspects, out of which one was the mastermind behind the attacks."
This discussion has been archived. No new comments can be posted.

Researchers Develop Algorithm To Trace Malware, Epidemics, More

Comments Filter:
  • by plover (150551) * on Sunday August 12, 2012 @02:21AM (#40962517) Homepage Journal

    From TFA:

    Taking social networking sites as another example, Pinto said individuals could use the algorithm to find out who had started a rumour posted to 500 contacts by looking at posts received by just 15 to 20 of them.

    In other words, after creating a mathematical model of the right 500 people, and after planting 15 or 20 agents inside that 500 person network and monitoring their network traffic for a while, they were able to trace a rumor back to the originator.

    The impressed button, I will not be pushing it tonight.

    • by TubeSteak (669689)

      The impressed button, I will not be pushing it tonight.

      3 out of 20 terrorists using their algorithm.
      A 15% success rate isn't anything to be crowing about, unless the false positive rate is near zero.

      • A 15% success rate isn't anything to be crowing about, unless the false positive rate is near zero.

        After reading TFS and the articles linked therein, I could find no mention of false positives. This is a critical issue for any classification system which is attempting to identify a small subset of a large population, especially when there are serious consequences for those identified. In fact, the articles did not even mention whether the classification was into positive-vs-unclassified, or positive-vs-unclassified-vs-negative. In the latter case, the rate of false negatives would also be of interest.

        • by Fnord666 (889225)

          This is a critical issue for any classification system which is attempting to identify a small subset of a large population, especially when there are serious consequences for those identified.

          In the lab perhaps this is true. In the field, or at least in the US, the critical issue seems to be whether there are serious consequences for those who are doing the identifying. If misidentification bear no consequences to the identifiers, then false positives are viewed as a minor issue at best.

    • by Joce640k (829181)

      In other words, after creating a mathematical model of the right 500 people, and after planting 15 or 20 agents inside that 500 person network and monitoring their network traffic for a while, they were able to trace a rumor back to the originator.

      This is exactly the trap that AI programmers fell into in the 1970s. Hindsight is always 20:20.

    • by Anonymous Coward on Sunday August 12, 2012 @07:18AM (#40963355)

      Hey guys I'm surprised to find that our paper showed up on slashdot! You can find the paper here: http://www.pedropinto.org (outside a paywall)

      The media went a bit overboard with the coverage :) This is the most accurate article describing what the algorithm does: http://physics.aps.org/articles/v5/89

      Hope this helps

      • by plover (150551) *

        Actually it helps a lot. Your paper is far more interesting than the news speculation, as it describes what you did and how to do it, as opposed to how it was applied through the lens of hindsight.

        Unfortunately, too many "news" stories try to make their stories interesting by adding crazy speculation about hot topics. "This research uncovered 9/11 conspirators" is far too close to saying "Researchers built a terrorist detector!!!", which is completely untrue, as well as not the point. But it gets people

  • I don't believe this story, I think these kids are fake.
    • Pedro Pinto, you think he's fake?

      • by gl4ss (559668)

        not fake, just over hyping his product.

        you need 20% of participants to be shills in the network. that's not terribly impressive at all. other than that it sounds just like normal logic and what I would have imagined to have been used to look for epidemics origins for maybe hundred years (say, you're monitoring cities a b c d and you know city e is between a and b, a and b get the outbreak simultaneously and c gets it after that and d gets it later, so you presume the outbreak broke out from city e - that's

  • by brit74 (831798) on Sunday August 12, 2012 @02:49AM (#40962603)
    The articles seem rather scant on details, and the second link seems to be a repost of the same information in the first article. My first inclination was that the story was BS - I couldn't see any way that they can accomplish what they claim to accomplish, so perhaps the news agency just really screwed up the story. After researching a few other articles about this, my judgement is that they're tracing this stuff back to the source based on listening in on messages being sent around a bunch of connected nodes. A number of nodes would need to be monitored in advance (or at least have relatively good time-frames for when it arrived at various nodes) before the information could be traced back.

    More articles on the subject:
    The Original Article: http://physics.aps.org/articles/v5/89 [aps.org]
    A second article with different details: http://www.ibtimes.com/articles/372537/20120810/facebook-rumor-math-terrorism-algorithm.htm [ibtimes.com]
    • Not that serious a limitation. The governements of many countries already store a detailed description of all of internet traffic for a period of years. A few of them even admit to doing so.
    • It's a pity neither of those editorial articles mentions what the false positive rate is. This is critical.

      Actually, they don't even mention whether the algorithm identifies negatives as well as positives (i.e. those who can be ruled out of any follow-up investigations etc.), and if so, what the false negative rate is. This is also critical.

      The article itself in Phys. Rev. Lett. [aps.org] is behind a paywall. Maybe it addresses the false positive issue, and the positive vs negative issue.

    • by fa2k (881632)

      Many antivirus companies have honeypots to detect new virii. It would be extremely interesting to independently trace the origin of things like Stuxnet.

  • by Anonymous Coward

    As in the peeps behind 9/11. Sounds like wonderful research. Full scholarships for everybody!

    • I have considered this problem previously and what looks to be between doable and feasible quickly falls away in the chaotic face of reality. I believe AC has hit this one right on the head - the quest for grants and scholarships is the only basis for these claims.
  • If the software was able to detect Dick Cheney et al as the master minds behind 9/11, I'll be impressed. Otherwise massive fail.
  • Too broke to purchase the original article but the free article says they deal with 'nodes in a plane' and the African example uses waterways so they are essentially using a tree there. These are npot the most complex data structures imaginable.

    Also the means of defeating their algorithm is easy to figure out. Just make it look like the virus came from a well-connected user. These are likely pwned already, anyhow.

The sooner you fall behind, the more time you have to catch up.

Working...