[ISN] Teiresias on the Hacker Trail

From: mea culpa (jerichot_private)
Date: Thu Oct 29 1998 - 15:10:47 PST

  • Next message: mea culpa: "[ISN] Re: Byte is worse than the bullet (infowar)"

    Forwarded From: phreak moi <hackerelitet_private>
    Teiresias on the Hacker Trail
    By Karlin Lillington
    4:00 a.m.  29.Oct.98.PST
    A computer algorithm used by scientists to unlock information from complex
    DNA strands has a new, more mundane role:  detecting hackers as they try
    to penetrate networks. 
    Developed at IBMís Watson Research Laboratory in New York, the algorithm
    looks for repetitive patterns in sets of data, such as a network's server
    logs.  Dubbed Teiresias, after the blind seer in Greek mythology, it
    imposes no restrictions on searches and will spot any pattern that occurs
    two or more times, even those that are very faint. 
    Teiresias carries out what computational biologists refer to as pattern
    discovery, as opposed to pattern matching, which is used when researchers
    know what they are seeking and tell a computer to find a specific string
    of information. Geneticists use pattern discovery on DNA data, for
    instance, to uncover repetitive patterns that help to explain why humans
    develop diseases and acquire specific characteristics or birth defects. 
    In earlier decades, when computers were slower, analyzing the detailed
    construction of DNA would have been prohibitively time-consuming. But
    recent leaps in the speed and analytical power of computers make it
    feasible to search massive chunks of data for patterns.  Applying
    computers to the task of seeking patterns in biological information is
    called biological sequence analysis. 
    Now, IBM says the same concept can be applied on computers. As a result,
    says Philippe Janson, research manager for IBMís Zurich Research
    Laboratory, Teiresias can be used to detect the presence of hackers on
    Teiresias analyzes the reams of data produced by a running computer to
    reveal what it does when operating normally. All computers work through
    instructions given by a software program in a predictable way, determined
    by the original designers of the computer system. As it runs, a computer
    produces bitstreams, or strings of 0s and 1s, which are the most primitive
    language of computers. 
    Teiresias examines bitstreams produced from hundreds of hours of operation
    by a given computer and seeks out the strings that keep repeating
    themselves. Those echoing bitstreams define the computer. 
    "Those hundreds of strings are like a little dictionary for that system,"
    says Janson.  An attempted break-in would disrupt the flow of normal
    patterns, he says, and throw off the sequence of repetitions. "If you then
    teach the system, 'These are the good patterns; let me know about those
    that arenít,' the system itself can raise the alarm." 
    To test whether such an application would actually work, researchers used
    IBMís database of all known system attacks in the world, says Janson. They
    bombarded a network with real hacks from the real world, which Teiresias
    successfully sensed. 
    IBM researchers have a proof of concept, he says, and a software
    application has been designed and placed in a trial setting on a network
    to see how it functions outside the artificial confines of a lab. If it
    performs well, Janson guesses it will take from two to five years for the
    concept to become a generally available tool for combating system attacks. 
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:09:18 PDT