Intel working to more accurately detect infected computers based on users’ real behavior

The one-size-fits-all security software installed by IT departments is often not the best possible solution as it can produce false positives as well as miss actual attacks. Researchers at Intel Research Berkeley have recognized that problem and are working on laptop-based security software that adjusts to the way an individual uses the internet to better detect malicious activity.

“One reason security breaches are so rampant is that most of our machines look the same,” says Nina Taft, a researcher with the program. “When a hacker breaks into one machine, he can break into all of them… We’re trying to inject diversity into computers.”

Traditional security software has a preset threshold. When internet activity goes above that level, the software triggers an alarm suggesting that the computer might be infected. These kinds of infections are mainly due to botnets, which are enormous quantities of infected computers acting together to send out spam and do other malicious deeds. However, users who use the internet more than average could have to deal with frequent false alarms, and users who barely use their connection might never know if their computer got infected. Read more »