Slashdot Mirror

← Back to Stories (view on slashdot.org)

Predicting Malicious Web Attacks

Posted by kdawson on from the you-will-begin-ddosing-me-in-three-two-one dept.

KentuckyFC writes "Recommendation systems attempt to guess what books, movies, or news people are likely to be interested in. Companies such as Amazon, Google, and Netflix have developed algorithms to mine vast databases looking for correlations that they then use to recommend new items. Now a team of computer scientists has used some of the same filtering techniques to predict the origin of malicious Web attacks so that they can be blacklisted in advance. The team mined a database of hundreds of millions of security logs looking for correlations between victims. The correlations were then used to produce a predictive blacklist of potential attackers. The team says its algorithm is up to 70 per cent more successful at predicting the origin of attacks than current state-of-the-art predictive blacklisting."

9 of 82 comments (clear)

  1. No doubt useful by Enderandrew · · Score: 3, Insightful

    But this is still treating the symptom as opposed to the core problem, which is poor security in OS and app design.

    Microsoft is starting to come around on this to an extent (not running as administrator), but shouldn't we be more concerned about true security?

    --
    http://blindscribblings.com - Tasty pop-culture in conceptual fashion.
    1. Re:No doubt useful by dyingtolive · · Score: 3, Insightful

      Why do both have to be mutually exclusive? Why can't the problem be approached from both sides by different groups whose skillsets are appropriate for what they're doing?

      --
      Support the EFF and Creative Commons. The war is coming, and they're supporting you...
    2. Re:No doubt useful by Shakrai · · Score: 4, Insightful

      but shouldn't we be more concerned about true security?

      What is "true security" against the main threat of the modern era: social engineering? How does your operating system protect you from from responding to that e-mail you've just received from your long lost uncle in Nigeria? How do you protect a user that will click on the user account control pop-up as many times as is required to install that cool "weather forecasting" program that sits in his task tray?

      Or were you referring to "true security" in the context of firearms, expendable redshirts and moats filled with laser wielding sharks? ;)

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
    3. Re:No doubt useful by Lord+Ender · · Score: 3, Insightful

      "True security" is a fantasy. No such thing exists, nor will it ever.

      We should be concerned with balancing risk reduction with its cost. We should not be concerned with your silly fantasy.

      --
      A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
    4. Re:No doubt useful by dave562 · · Score: 2, Insightful

      I think the underlying issue has come from the fact that people have been more focused on making computers do what they want them to do, and not focused on making them do it securely. It's great to sit on the sidelines and talk about how it should have been done better/smarter/more securely in the first place. That perspective does not take into account the reality that computers are relatively new and new functionality comes out almost every day. To consider another aspect of security, we've been living in buildings for over two thousand years and we're still finding ways to make buildings more secure, and dealing with robberies and other similar breaches of security. If, as a species we haven't perfected securing our living spaces in over two millenia, how can we expect ourselves to secure our computer systems in the space of a couple of decades?

  2. The Article is obviously a fake by Tekfactory · · Score: 3, Insightful

    Or greatly exaggerated...

    "The team mined a database of hundreds of millions of security logs"

    Nobody actually keeps security logs, certainly not hundreds of millions of somebodies.

    The kind of people that DO keep security logs probably wouldn't hand them over either.

    I call shenanigans

    1. Re:The Article is obviously a fake by Red+Flayer · · Score: 2, Insightful
      Yes, they worded that poorly.

      Fixed:

      The team mined a database of hundreds of millions of security log entries

      Now it makes more sense, and is quite believable, no?

      --
      "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
  3. Meatware needed by pheared · · Score: 4, Insightful

    This sounds great, but only if it requires human intervention to implement the block. I used to work in a NOC, and we would have loved to throw up a warning on the big screens that an attack is 80% likely from the following netblocks in the next N hours. That way we would have a strategy developed for defending before it even started and would be able to minimize downtime.

    On the other hand, if you make this automatic you're going to piss off a lot of people very quickly because it's going to be wrong more often than you want.

    1. Re:Meatware needed by twisteddk · · Score: 2, Insightful

      Exactly. Because even if it's true, and it's 70% more accurate... I've yet to see a predictive system that's even remotely accurate. It may predict say... 50% of the sources of an ongoing attack (assuming a collaborative effort to determine when attacks are happening, and that you're not the first one hit), but that's far from enough to prevent a DDoS attack. And if you "accidentally" block... Say Canada (which I've seen before), then that's a LOT of costumers you just pissed off, but hey... Doesn't matter, that DDoS attack would have blocked access anyway, so how would they notice ;)

      --
      --- To err is human... Am I more human than most ?