Researchers Develop Algorithm To Trace Malware, Epidemics, More

hypnosec writes "Want to trace the source of a virus that has infected your computer? Researchers at the Federal Institute of Technology in Lausanne in Switzerland have the answer. The scientists have devised software capable of tracing computer viruses back to their source. Beyond computer viruses, the software can also trace terror suspects, rumor-mongering and even infectious diseases back to their source. Pedro Pinto, one of the researchers, explained that the algorithm works by going through information in a reverse direction back to the original source. He said, 'Using our method, we can find the source of all kinds of things circulating in a network just by "listening" to a limited number of members of that network.' The team tested their software on a known data maze to check if their research actually pinpoints the individuals behind the 9/11 attacks and they were able to pin-point three suspects, out of which one was the mastermind behind the attacks."

Truly astounding detective work

[plover]

From TFA:

Taking social networking sites as another example, Pinto said individuals could use the algorithm to find out who had started a rumour posted to 500 contacts by looking at posts received by just 15 to 20 of them.

In other words, after creating a mathematical model of the right 500 people, and after planting 15 or 20 agents inside that 500 person network and monitoring their network traffic for a while, they were able to trace a rumor back to the originator.

The impressed button, I will not be pushing it tonight.

Re:Truly astounding detective work

Hey guys I'm surprised to find that our paper showed up on slashdot! You can find the paper here: http://www.pedropinto.org (outside a paywall)

The media went a bit overboard with the coverage :) This is the most accurate article describing what the algorithm does: http://physics.aps.org/articles/v5/89

Hope this helps

Bad Summary, Slashdot. Here's more information.

[brit74]

The articles seem rather scant on details, and the second link seems to be a repost of the same information in the first article. My first inclination was that the story was BS - I couldn't see any way that they can accomplish what they claim to accomplish, so perhaps the news agency just really screwed up the story. After researching a few other articles about this, my judgement is that they're tracing this stuff back to the source based on listening in on messages being sent around a bunch of connected nodes. A number of nodes would need to be monitored in advance (or at least have relatively good time-frames for when it arrived at various nodes) before the information could be traced back.

More articles on the subject:
The Original Article: http://physics.aps.org/articles/v5/89
A second article with different details: http://www.ibtimes.com/articles/372537/20120810/facebook-rumor-math-terrorism-algorithm.htm

False positives?

[AliasMarlowe]

A 15% success rate isn't anything to be crowing about, unless the false positive rate is near zero.

After reading TFS and the articles linked therein, I could find no mention of false positives. This is a critical issue for any classification system which is attempting to identify a small subset of a large population, especially when there are serious consequences for those identified. In fact, the articles did not even mention whether the classification was into positive-vs-unclassified, or positive-vs-unclassified-vs-negative. In the latter case, the rate of false negatives would also be of interest.