Security: Defending Laptops from Zombie Attacks

Defending Laptops from Zombie Attacks
Technology Review (03/21/08) Greene, Kate

Laptop-based security software that adjusts to how an individual utilizes the Internet so that the detection of malicious activity is more dynamic and personalized has been developed by Intel researchers. The software targets corporations that pass out laptops and mobile devices to workers, since IT departments typically install homogeneous security software on all their hardware, which partly explains why security breaches are so profuse, according to Intel Research Berkeley researcher Nina Taft. Most IT departments deploy security software with a component that analyzes the stream of Internet traffic flowing into and out of a computer, and that suggests infection when traffic exceeds a preset limit. However, this method can incorrectly target people who habitually send out large volumes of information while ignoring traffic that falls below the threshold that may harbor malevolent activity without the sender's knowledge. Intel researchers have devised algorithms capable of more subtle evaluations, including one that creates individualized traffic thresholds by monitoring a person's Internet use through standard statistical and machine-learning techniques, and another that assesses how people's Internet usage changes throughout the day. Another set of algorithms uses the same behavioral principles to study communication between laptops and other devices on the Internet to detect the presence of botnets. "I think the basic takeaway is, if you can be really precise in capturing user behavior, you can make the work of the attackers much harder," notes Taft. Georgia Institute of Technology professor Nick Feamster attributes the lack of application of the behavioral security strategy to laptops to the absence of an automated way to develop personalized rules.
Click Here to View Full Article