Intel working to more accurately detect infected computers based on users’ real behavior

Posted in Tech/Sci News by Alex on March 22nd, 2008

The one-size-fits-all security software installed by IT departments is often not the best possible solution as it can produce false positives as well as miss actual attacks. Researchers at Intel Research Berkeley have recognized that problem and are working on laptop-based security software that adjusts to the way an individual uses the internet to better detect malicious activity.

“One reason security breaches are so rampant is that most of our machines look the same,” says Nina Taft, a researcher with the program. “When a hacker breaks into one machine, he can break into all of them… We’re trying to inject diversity into computers.”

Traditional security software has a preset threshold. When internet activity goes above that level, the software triggers an alarm suggesting that the computer might be infected. These kinds of infections are mainly due to botnets, which are enormous quantities of infected computers acting together to send out spam and do other malicious deeds. However, users who use the internet more than average could have to deal with frequent false alarms, and users who barely use their connection might never know if their computer got infected.

The project, called Proteus, seeks to fix this problem by being able to adjust to an individual user’s usage habits. The software uses several algorithms that allow it to make better judgements. One algorithm uses standard statistical and machine-learning techniques to create individualized internet traffic thresholds. A second tracks usage patterns at different times of the day. A third monitors communication between laptops and other machines on the internet to check for “calling home” activity at regular intervals, which is the way botnets are coordinated.

Using all of these methods, Proteus will be able to more accurately detect malicious attacks on computers. The software has already been tested with 350 people and a wider deployment is in the works.

Intel is even considering hardwiring some of Proteus into their processors. “Intel is interested in getting as much [security] into hardware as possible,” Taft says. “It’s a good use of [processor] cores, and when things are in hardware, they’re harder to tamper with.”

Proteus is very good at what it does, but the team acknowledges that it will not be enough to protect all computers all the time. Nonetheless, it is a huge improvement to today’s security software, so we hope to see this out on the market soon to help curb botnet and other security attacks.

[via Technology Review]

Be Sociable, Share!