Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Develop Algorithm To Trace Malware, Epidemics, More

Posted by timothy on from the you-can-observe-a-lot-just-by-looking dept.

hypnosec writes "Want to trace the source of a virus that has infected your computer? Researchers at the Federal Institute of Technology in Lausanne in Switzerland have the answer. The scientists have devised software capable of tracing computer viruses back to their source. Beyond computer viruses, the software can also trace terror suspects, rumor-mongering and even infectious diseases back to their source. Pedro Pinto, one of the researchers, explained that the algorithm works by going through information in a reverse direction back to the original source. He said, 'Using our method, we can find the source of all kinds of things circulating in a network just by "listening" to a limited number of members of that network.' The team tested their software on a known data maze to check if their research actually pinpoints the individuals behind the 9/11 attacks and they were able to pin-point three suspects, out of which one was the mastermind behind the attacks."

47 comments

  1. Truly astounding detective work by plover · · Score: 2

    From TFA:

    Taking social networking sites as another example, Pinto said individuals could use the algorithm to find out who had started a rumour posted to 500 contacts by looking at posts received by just 15 to 20 of them.

    In other words, after creating a mathematical model of the right 500 people, and after planting 15 or 20 agents inside that 500 person network and monitoring their network traffic for a while, they were able to trace a rumor back to the originator.

    The impressed button, I will not be pushing it tonight.

    --
    John
    1. Re:Truly astounding detective work by TubeSteak · · Score: 1

      The impressed button, I will not be pushing it tonight.

      3 out of 20 terrorists using their algorithm.
      A 15% success rate isn't anything to be crowing about, unless the false positive rate is near zero.

      --
      [Fuck Beta]
      o0t!
    2. Re:Truly astounding detective work by Anonymous Coward · · Score: 0

      Not all of them would have been writing about it. It's not magic.

    3. Re:Truly astounding detective work by Anonymous Coward · · Score: 0

      In other words, after creating a mathematical model of the right 500 people, and after planting 15 or 20 agents inside that 500 person network and monitoring their network traffic for a while, they were able to trace a rumor back to the originator.

      The impressed button, I will not be pushing it tonight.

      That's basically why the paper didn't manage to land on Nature/Science/PNAS-like journals -- I can tell you.

    4. Re:Truly astounding detective work by Joce640k · · Score: 1

      In other words, after creating a mathematical model of the right 500 people, and after planting 15 or 20 agents inside that 500 person network and monitoring their network traffic for a while, they were able to trace a rumor back to the originator.

      This is exactly the trap that AI programmers fell into in the 1970s. Hindsight is always 20:20.

      --
      No sig today...
    5. Re:Truly astounding detective work by Anonymous Coward · · Score: 0

      Since it's scientists it carries an official air and will be greedily accepted by the masses*. It is by it's nature trivial to game and it will be enjoyable to point it at those I deem worthy of scorn.

      *global warming scientists have shown the way.

    6. Re:Truly astounding detective work by Anonymous Coward · · Score: 5, Informative

      Hey guys I'm surprised to find that our paper showed up on slashdot! You can find the paper here: http://www.pedropinto.org (outside a paywall)

      The media went a bit overboard with the coverage :) This is the most accurate article describing what the algorithm does: http://physics.aps.org/articles/v5/89

      Hope this helps

    7. Re:Truly astounding detective work by Anonymous Coward · · Score: 0

      pedropinto.org also has the supplemental material needed in detail. Unfortunately this supplemental material is not available from APS if you aren't associated with a subscribing institution.

    8. Re:Truly astounding detective work by plover · · Score: 1

      Actually it helps a lot. Your paper is far more interesting than the news speculation, as it describes what you did and how to do it, as opposed to how it was applied through the lens of hindsight.

      Unfortunately, too many "news" stories try to make their stories interesting by adding crazy speculation about hot topics. "This research uncovered 9/11 conspirators" is far too close to saying "Researchers built a terrorist detector!!!", which is completely untrue, as well as not the point. But it gets people reading their stories.

      It seems the hardest part would be testing equality of messages at the nodes. Unless a message was a word-for-word copy, or a "forward" of the original, how would you know that "plane crashes into building", "airliner crashed into skyscraper", and "commercial flight flown into World Trade Center" were all equal messages? It's probably much easier with universally agreed upon topics like "typhoid" or "H5N1".

      Anyway, the impressed button, now I will push it.

      --
      John
  2. I don't believe it! by Grindalf · · Score: 1

    I don't believe this story, I think these kids are fake.

    --
    The purpose of existence is to make money.
    1. Re:I don't believe it! by benjamindees · · Score: 1

      Pedro Pinto, you think he's fake?

      --
      "I assumed blithely that there were no elves out there in the darkness"
    2. Re:I don't believe it! by gl4ss · · Score: 1

      not fake, just over hyping his product.

      you need 20% of participants to be shills in the network. that's not terribly impressive at all. other than that it sounds just like normal logic and what I would have imagined to have been used to look for epidemics origins for maybe hundred years (say, you're monitoring cities a b c d and you know city e is between a and b, a and b get the outbreak simultaneously and c gets it after that and d gets it later, so you presume the outbreak broke out from city e - that's pretty much everything there sounds to be to this).

      what I wonder is does it work for tor, probably not, it needs assurance that b received thing from a.

      --
      world was created 5 seconds before this post as it is.
  3. Bad Summary, Slashdot. Here's more information. by brit74 · · Score: 4, Informative

    The articles seem rather scant on details, and the second link seems to be a repost of the same information in the first article. My first inclination was that the story was BS - I couldn't see any way that they can accomplish what they claim to accomplish, so perhaps the news agency just really screwed up the story. After researching a few other articles about this, my judgement is that they're tracing this stuff back to the source based on listening in on messages being sent around a bunch of connected nodes. A number of nodes would need to be monitored in advance (or at least have relatively good time-frames for when it arrived at various nodes) before the information could be traced back.

    More articles on the subject:
    The Original Article: http://physics.aps.org/articles/v5/89
    A second article with different details: http://www.ibtimes.com/articles/372537/20120810/facebook-rumor-math-terrorism-algorithm.htm

  4. Apple support? by Anonymous Coward · · Score: 0

    Will this work on my iPad?

  5. Cartman's Mom/Dad by Anonymous Coward · · Score: 0

    Maybe with this technology we will finally find out who is Cartman's mom or dad (or both).

    1. Re:Cartman's Mom/Dad by wisty · · Score: 1

      Maybe with this technology we will finally find out who is Cartman's mom or dad (or both).

      No, because the network is almost trivial, due to the large number of connections.

  6. So George Bush, Dick Cheney and who? by Anonymous Coward · · Score: 1

    As in the peeps behind 9/11. Sounds like wonderful research. Full scholarships for everybody!

    1. Re:So George Bush, Dick Cheney and who? by Anonymous Coward · · Score: 0

      More like Cheney, Rumsfeld and maybe Rove? Bush might be an evil douchebag but brilliant strategist he is not!

    2. Re:So George Bush, Dick Cheney and who? by Anonymous Coward · · Score: 0

      Rove was a political strategist, not a hawk. Rabbi Dov Zakheim -- wrote the PNAC document, Pentagon controller on 9/11 (when 2.3 trillion was found "missing"), CEO of defense contractor that built remote aircraft control systems, forced to resign in 2004 after giving Israel another trillion worth of advanced military aircraft.

    3. Re:So George Bush, Dick Cheney and who? by Anonymous Coward · · Score: 0

      Not to forget Paul Wolfowitz

  7. GUI interface using Visual Basic? by NettiWelho · · Score: 1, Funny

    Old News.

  8. They can also ... by Anonymous Coward · · Score: 0

    They can also stand on a street corner and by just asking people a simple question they can figure out where they came from, and whether they might be terrorists. Truly brilliant!

  9. Easy to prove if it works by Anonymous Coward · · Score: 0

    Trace me. Send me my current whereabouts ftw. Bonus points for GPS coordinates. You have 1 hour. Go.

    1. Re:Easy to prove if it works by AliasMarlowe · · Score: 1

      Trace me. Send me my current whereabouts ftw. Bonus points for GPS coordinates. You have 1 hour. Go.

      You are directly above the center of the Earth.
      This representation of your whereabouts is accurate to millimeters. Now pay up...

      --
      Those who can make you believe absurdities can make you commit atrocities. - Voltaire
    2. Re:Easy to prove if it works by Anonymous Coward · · Score: 0

      You are directly above the center of the Earth.

      Now see, if you'd stopped there you might have raised at least a snigger. +1 internets

      This representation of your whereabouts is accurate to millimeters. Now pay up...

      But, considering the earth isn't a sphere you displayed at least -2 internets worth of duh, so now you owe me 1 internets.

  10. Who gains the most? by Sussurros · · Score: 1

    I have considered this problem previously and what looks to be between doable and feasible quickly falls away in the chaotic face of reality. I believe AC has hit this one right on the head - the quest for grants and scholarships is the only basis for these claims.

    --
    I said - don't look Ethel!..., but it was too late..., she'd already looked.
  11. Re:Bad Summary, Slashdot. Here's more information. by SuricouRaven · · Score: 1

    Not that serious a limitation. The governements of many countries already store a detailed description of all of internet traffic for a period of years. A few of them even admit to doing so.

  12. Those two links. by Anonymous Coward · · Score: 0

    The skynews article is horribly had ("The program, also known as an algorithm [...]") and the other link is a poorly done copy/paste of the former on a painfully slow, abusive, and generally bad site.

    Where's the research? Papers? Source? Anything? Hello?

    Shit, you'd almost get better coverage on faux news. Almost. Can't slashdot do any better?

  13. Move beyond the files - scan/checksum EVERYTHING! by Anonymous Coward · · Score: 0

    Nobody Seems To Notice and Nobody Seems To Care - Government & Stealth Malware

    In Response To Slashdot Article: Former Pentagon Analyst: China Has Backdoors To 80% of Telecoms 87

    How many rootkits does the US[2] use officially or unofficially?

    How much of the free but proprietary software in the US spies on you?

    Which software would that be?

    Visit any of the top freeware sites in the US, count the number of thousands or millions of downloads of free but proprietary software, much of it works, again on a proprietary Operating System, with files stored or in transit.

    How many free but proprietary programs have you downloaded and scanned entire hard drives, flash drives, and other media? Do you realize you are giving these types of proprietary programs complete access to all of your computer's files on the basis of faith alone?

    If you are an atheist, the comparison is that you believe in code you cannot see to detect and contain malware on the basis of faith! So you do believe in something invisible to you, don't you?

    I'm now going to touch on a subject most anti-malware, commercial or free, developers will DELETE on most of their forums or mailing lists:

    APT malware infecting and remaining in BIOS, on PCI and AGP devices, in firmware, your router (many routers are forced to place backdoors in their firmware for their government) your NIC, and many other devices.

    Where are the commercial or free anti-malware organizations and individual's products which hash and compare in the cloud and scan for malware for these vectors? If you post on mailing lists or forums of most anti-malware organizations about this threat, one of the following actions will apply: your post will be deleted and/or moved to a hard to find or 'deleted/junk posts' forum section, someone or a team of individuals will mock you in various forms 'tin foil hat', 'conspiracy nut', and my favorite, 'where is the proof of these infections?' One only needs to search Google for these threats and they will open your malware world view to a much larger arena of malware on devices not scanned/supported by the scanners from these freeware sites. This point assumed you're using the proprietary Microsoft Windows OS. Now, let's move on to Linux.

    The rootkit scanners for Linux are few and poor. If you're lucky, you'll know how to use chkrootkit (but you can use strings and other tools for analysis) and show the strings of binaries on your installation, but the results are dependent on your capability of deciphering the output and performing further analysis with various tools or in an environment such as Remnux Linux. None of these free scanners scan the earlier mentioned areas of your PC, either! Nor do they detect many of the hundreds of trojans and rootkits easily available on popular websites and the dark/deep web.

    Compromised defenders of Linux will look down their nose at you (unless they are into reverse engineering malware/bad binaries, Google for this and Linux and begin a valuable education!) and respond with a similar tone, if they don't call you a noob or point to verifying/downloading packages in a signed repo/original/secure source or checking hashes, they will jump to conspiracy type labels, ignore you, lock and/or shuffle the thread, or otherwise lead you astray from learning how to examine bad binaries. The world of Linux is funny in this way, and I've been a part of it for many years. The majority of Linux users, like the Windows users, will go out of their way to lead you and say anything other than pointing you to information readily available on detailed binary file analysis.

    Don't let them get you down, the information is plenty and out there, some from some well known publishers of Linux/Unix books. Search, learn, and share the information on detecting and picking through bad binaries. But this still will not touch the void of the APT malware described above which will survive any wipe of r/w media. I'm convinced, on both *nix and Windows, these pieces of APT malware

  14. master mind? by PieceOfShitAndroid · · Score: 1

    If the software was able to detect Dick Cheney et al as the master minds behind 9/11, I'll be impressed. Otherwise massive fail.

  15. More... by benjamindees · · Score: 0

    Bitcoins. Wikileaks.

    --
    "I assumed blithely that there were no elves out there in the darkness"
  16. False positives? by AliasMarlowe · · Score: 2

    A 15% success rate isn't anything to be crowing about, unless the false positive rate is near zero.

    After reading TFS and the articles linked therein, I could find no mention of false positives. This is a critical issue for any classification system which is attempting to identify a small subset of a large population, especially when there are serious consequences for those identified. In fact, the articles did not even mention whether the classification was into positive-vs-unclassified, or positive-vs-unclassified-vs-negative. In the latter case, the rate of false negatives would also be of interest.

    --
    Those who can make you believe absurdities can make you commit atrocities. - Voltaire
    1. Re:False positives? by Fnord666 · · Score: 1

      This is a critical issue for any classification system which is attempting to identify a small subset of a large population, especially when there are serious consequences for those identified.

      In the lab perhaps this is true. In the field, or at least in the US, the critical issue seems to be whether there are serious consequences for those who are doing the identifying. If misidentification bear no consequences to the identifiers, then false positives are viewed as a minor issue at best.

      --
      'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
  17. Pity they don't mention... by AliasMarlowe · · Score: 1

    It's a pity neither of those editorial articles mentions what the false positive rate is. This is critical.

    Actually, they don't even mention whether the algorithm identifies negatives as well as positives (i.e. those who can be ruled out of any follow-up investigations etc.), and if so, what the false negative rate is. This is also critical.

    The article itself in Phys. Rev. Lett. is behind a paywall. Maybe it addresses the false positive issue, and the positive vs negative issue.

    --
    Those who can make you believe absurdities can make you commit atrocities. - Voltaire
  18. Link to Paper by Anonymous Coward · · Score: 0

    http://www.pedropinto.org.s3.amazonaws.com/publications/locating_source_diffusion_networks.pdf

    Idiots at APS want $25.00 for something he puts on his own website for free.

  19. Good to see someone actually read the original by golodh · · Score: 1
    My compliments: you went back to the original (scientific) article, rather than the editorial articles everyone quotes from. People tend not to do that on Slashdot .. too much effort I fear.

    The article is indeed behind a paywall but one of the authors (Pinto) makes it available from his personal website.

    Here is the link to the Physical Review Letters article: http://www.pedropinto.org.s3.amazonaws.com/publications/locating_source_diffusion_networks.pdf

    and here is the link to some supplemental material like proofs, algorithm, complexity analysis, and application to a cholera outbreak in Kwazul-Natal to locate the source of the outbreak.

  20. Re:Bad Summary, Slashdot. Here's more information. by fa2k · · Score: 1

    Many antivirus companies have honeypots to detect new virii. It would be extremely interesting to independently trace the origin of things like Stuxnet.

  21. flawed flawed flawed by tbonefrog · · Score: 1

    Too broke to purchase the original article but the free article says they deal with 'nodes in a plane' and the African example uses waterways so they are essentially using a tree there. These are npot the most complex data structures imaginable.

    Also the means of defeating their algorithm is easy to figure out. Just make it look like the virus came from a well-connected user. These are likely pwned already, anyhow.

  22. Magic Algorithms ... by Anonymous Coward · · Score: 0

    I don't see how any such algorithm could do such a thing as the data set is incomplete and/or erroneous. Does anyone here remember what HFT and the Blackâ"Scholes model equation did for the world economy.

    "The team tested their software on a known data maze to check if their research actually pinpoints the individuals behind the 9/11 attacks and they were able to pin-point three suspects, out of which one was the master mind behind the attacks".

  23. Applied Architectonics of Memetic Knowledge by Anonymous Coward · · Score: 0

    Cool. Foucault would be proud. Of obvious utility to historians as well.