Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Develop Algorithm To Trace Malware, Epidemics, More

Posted by timothy on from the you-can-observe-a-lot-just-by-looking dept.

hypnosec writes "Want to trace the source of a virus that has infected your computer? Researchers at the Federal Institute of Technology in Lausanne in Switzerland have the answer. The scientists have devised software capable of tracing computer viruses back to their source. Beyond computer viruses, the software can also trace terror suspects, rumor-mongering and even infectious diseases back to their source. Pedro Pinto, one of the researchers, explained that the algorithm works by going through information in a reverse direction back to the original source. He said, 'Using our method, we can find the source of all kinds of things circulating in a network just by "listening" to a limited number of members of that network.' The team tested their software on a known data maze to check if their research actually pinpoints the individuals behind the 9/11 attacks and they were able to pin-point three suspects, out of which one was the mastermind behind the attacks."

22 of 47 comments (clear)

  1. Truly astounding detective work by plover · · Score: 2

    From TFA:

    Taking social networking sites as another example, Pinto said individuals could use the algorithm to find out who had started a rumour posted to 500 contacts by looking at posts received by just 15 to 20 of them.

    In other words, after creating a mathematical model of the right 500 people, and after planting 15 or 20 agents inside that 500 person network and monitoring their network traffic for a while, they were able to trace a rumor back to the originator.

    The impressed button, I will not be pushing it tonight.

    --
    John
    1. Re:Truly astounding detective work by TubeSteak · · Score: 1

      The impressed button, I will not be pushing it tonight.

      3 out of 20 terrorists using their algorithm.
      A 15% success rate isn't anything to be crowing about, unless the false positive rate is near zero.

      --
      [Fuck Beta]
      o0t!
    2. Re:Truly astounding detective work by Joce640k · · Score: 1

      In other words, after creating a mathematical model of the right 500 people, and after planting 15 or 20 agents inside that 500 person network and monitoring their network traffic for a while, they were able to trace a rumor back to the originator.

      This is exactly the trap that AI programmers fell into in the 1970s. Hindsight is always 20:20.

      --
      No sig today...
    3. Re:Truly astounding detective work by Anonymous Coward · · Score: 5, Informative

      Hey guys I'm surprised to find that our paper showed up on slashdot! You can find the paper here: http://www.pedropinto.org (outside a paywall)

      The media went a bit overboard with the coverage :) This is the most accurate article describing what the algorithm does: http://physics.aps.org/articles/v5/89

      Hope this helps

    4. Re:Truly astounding detective work by plover · · Score: 1

      Actually it helps a lot. Your paper is far more interesting than the news speculation, as it describes what you did and how to do it, as opposed to how it was applied through the lens of hindsight.

      Unfortunately, too many "news" stories try to make their stories interesting by adding crazy speculation about hot topics. "This research uncovered 9/11 conspirators" is far too close to saying "Researchers built a terrorist detector!!!", which is completely untrue, as well as not the point. But it gets people reading their stories.

      It seems the hardest part would be testing equality of messages at the nodes. Unless a message was a word-for-word copy, or a "forward" of the original, how would you know that "plane crashes into building", "airliner crashed into skyscraper", and "commercial flight flown into World Trade Center" were all equal messages? It's probably much easier with universally agreed upon topics like "typhoid" or "H5N1".

      Anyway, the impressed button, now I will push it.

      --
      John
  2. I don't believe it! by Grindalf · · Score: 1

    I don't believe this story, I think these kids are fake.

    --
    The purpose of existence is to make money.
    1. Re:I don't believe it! by benjamindees · · Score: 1

      Pedro Pinto, you think he's fake?

      --
      "I assumed blithely that there were no elves out there in the darkness"
    2. Re:I don't believe it! by gl4ss · · Score: 1

      not fake, just over hyping his product.

      you need 20% of participants to be shills in the network. that's not terribly impressive at all. other than that it sounds just like normal logic and what I would have imagined to have been used to look for epidemics origins for maybe hundred years (say, you're monitoring cities a b c d and you know city e is between a and b, a and b get the outbreak simultaneously and c gets it after that and d gets it later, so you presume the outbreak broke out from city e - that's pretty much everything there sounds to be to this).

      what I wonder is does it work for tor, probably not, it needs assurance that b received thing from a.

      --
      world was created 5 seconds before this post as it is.
  3. Bad Summary, Slashdot. Here's more information. by brit74 · · Score: 4, Informative

    The articles seem rather scant on details, and the second link seems to be a repost of the same information in the first article. My first inclination was that the story was BS - I couldn't see any way that they can accomplish what they claim to accomplish, so perhaps the news agency just really screwed up the story. After researching a few other articles about this, my judgement is that they're tracing this stuff back to the source based on listening in on messages being sent around a bunch of connected nodes. A number of nodes would need to be monitored in advance (or at least have relatively good time-frames for when it arrived at various nodes) before the information could be traced back.

    More articles on the subject:
    The Original Article: http://physics.aps.org/articles/v5/89
    A second article with different details: http://www.ibtimes.com/articles/372537/20120810/facebook-rumor-math-terrorism-algorithm.htm

  4. So George Bush, Dick Cheney and who? by Anonymous Coward · · Score: 1

    As in the peeps behind 9/11. Sounds like wonderful research. Full scholarships for everybody!

  5. GUI interface using Visual Basic? by NettiWelho · · Score: 1, Funny

    Old News.

  6. Who gains the most? by Sussurros · · Score: 1

    I have considered this problem previously and what looks to be between doable and feasible quickly falls away in the chaotic face of reality. I believe AC has hit this one right on the head - the quest for grants and scholarships is the only basis for these claims.

    --
    I said - don't look Ethel!..., but it was too late..., she'd already looked.
  7. Re:Bad Summary, Slashdot. Here's more information. by SuricouRaven · · Score: 1

    Not that serious a limitation. The governements of many countries already store a detailed description of all of internet traffic for a period of years. A few of them even admit to doing so.

  8. master mind? by PieceOfShitAndroid · · Score: 1

    If the software was able to detect Dick Cheney et al as the master minds behind 9/11, I'll be impressed. Otherwise massive fail.

  9. False positives? by AliasMarlowe · · Score: 2

    A 15% success rate isn't anything to be crowing about, unless the false positive rate is near zero.

    After reading TFS and the articles linked therein, I could find no mention of false positives. This is a critical issue for any classification system which is attempting to identify a small subset of a large population, especially when there are serious consequences for those identified. In fact, the articles did not even mention whether the classification was into positive-vs-unclassified, or positive-vs-unclassified-vs-negative. In the latter case, the rate of false negatives would also be of interest.

    --
    Those who can make you believe absurdities can make you commit atrocities. - Voltaire
    1. Re:False positives? by Fnord666 · · Score: 1

      This is a critical issue for any classification system which is attempting to identify a small subset of a large population, especially when there are serious consequences for those identified.

      In the lab perhaps this is true. In the field, or at least in the US, the critical issue seems to be whether there are serious consequences for those who are doing the identifying. If misidentification bear no consequences to the identifiers, then false positives are viewed as a minor issue at best.

      --
      'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
  10. Pity they don't mention... by AliasMarlowe · · Score: 1

    It's a pity neither of those editorial articles mentions what the false positive rate is. This is critical.

    Actually, they don't even mention whether the algorithm identifies negatives as well as positives (i.e. those who can be ruled out of any follow-up investigations etc.), and if so, what the false negative rate is. This is also critical.

    The article itself in Phys. Rev. Lett. is behind a paywall. Maybe it addresses the false positive issue, and the positive vs negative issue.

    --
    Those who can make you believe absurdities can make you commit atrocities. - Voltaire
  11. Re:Easy to prove if it works by AliasMarlowe · · Score: 1

    Trace me. Send me my current whereabouts ftw. Bonus points for GPS coordinates. You have 1 hour. Go.

    You are directly above the center of the Earth.
    This representation of your whereabouts is accurate to millimeters. Now pay up...

    --
    Those who can make you believe absurdities can make you commit atrocities. - Voltaire
  12. Good to see someone actually read the original by golodh · · Score: 1
    My compliments: you went back to the original (scientific) article, rather than the editorial articles everyone quotes from. People tend not to do that on Slashdot .. too much effort I fear.

    The article is indeed behind a paywall but one of the authors (Pinto) makes it available from his personal website.

    Here is the link to the Physical Review Letters article: http://www.pedropinto.org.s3.amazonaws.com/publications/locating_source_diffusion_networks.pdf

    and here is the link to some supplemental material like proofs, algorithm, complexity analysis, and application to a cholera outbreak in Kwazul-Natal to locate the source of the outbreak.

  13. Re:Cartman's Mom/Dad by wisty · · Score: 1

    Maybe with this technology we will finally find out who is Cartman's mom or dad (or both).

    No, because the network is almost trivial, due to the large number of connections.

  14. Re:Bad Summary, Slashdot. Here's more information. by fa2k · · Score: 1

    Many antivirus companies have honeypots to detect new virii. It would be extremely interesting to independently trace the origin of things like Stuxnet.

  15. flawed flawed flawed by tbonefrog · · Score: 1

    Too broke to purchase the original article but the free article says they deal with 'nodes in a plane' and the African example uses waterways so they are essentially using a tree there. These are npot the most complex data structures imaginable.

    Also the means of defeating their algorithm is easy to figure out. Just make it look like the virus came from a well-connected user. These are likely pwned already, anyhow.