Software predicts user behaviour to stop attacks 14:55 11 October 02 NewScientist.com news service New computer-monitoring software designed to second-guess the intentions of individual system users could be close to perfect at preventing security breaches, say researchers. Existing systems usually monitor the data flowing through whole networks and are typically between 60 and 80 per cent reliable, the researchers say. Tests simulating inside attacks indicate that the new software would be up to 94 per cent reliable once implemented. The software generates a profile for each individual on a network by analysing the specific commands they enter at their terminal. It then monitors their activity and sounds the alarm on detecting suspicious behaviour. The finished product will do this in real time. Monitoring simple user commands rather than network traffic means alarm settings can be different for each user, increasing security. It also is much less computationally intensive, according to Ramkumar Chinchani at Buffalo University, who is developing the system with Shambhu Upadhyaya and colleagues. This means more data can be analysed, allowing larger systems to be monitored in real time. Shrinking boundary Whereas other real-time security systems define suspicious behaviour according to a fixed set of rules, Chinchani says the new system would continually adjust its view of normal and abnormal behaviour. Each time a user steps outside boundary of normal activity, the boundary would be drawn in for the next time, he says. "Once they step out of a region, it is either an intrusion or it is indeterminate," Chinchani told New Scientist. "We try to shrink this diffuse region as soon as possible." The researchers believe the system would work wherever user activity is fairly uniform, suggesting it would well suited to high security military installations. Bruce Schneier, head of US computer security firm Counterpane, says the research is interesting but warns that a 94 percent success rate would be useless at maintaining good security on its own. Chinchani admits that the real test will come when a fully functional system has been developed. This will take another five months, he thinks: "Preliminary experiments may not reflect any real world environment, so the success rate may end up being higher or lower." The new system was outlined in a research paper presented at the military conference MILCOM 2002, in California on 10 October. http://www.newscientist.com/news/news.jsp?id=ns99992913 ================================================ Jimmy Sadri CISSP, jimmys@private CCNP, CCDA, MCSA/MCSE Systems Administrator/Webmaster webmaster@private Network Engineer/Security Consultant 360-992-0525 Myesn.com
This archive was generated by hypermail 2b30 : Sat Oct 12 2002 - 11:10:47 PDT