New algorithm tracks down the origins of internet attacks

Using the Sparse Interference algorithm to track down the source of a cholera epidemic that affected the Tugela river network in South Africa in 2000
Source: physics.aps.org Swiss researcher Pedro Pinto and his colleagues at École Polytechnique Fédérale de Lausanne suggest using the Sparse Interference algorithm to make tracking down the origins of internet threats more efficient. Until now, institutions such as the US National Security Agency (NSA) have used brute force methods to search for the sources of epidemic threats (malware, worms, trojans, internet rumours) in complex networks – but scanning all potentially affected network nodes or address spaces requires a lot of time and resources.

Sparse Interference takes into consideration such factors as time when examining information that spreads in an avalanche-like manner. The researchers say that the algorithm only needs a few clues to confidently identify the origin of, for example, a bogus email or a terrorist posting. According to their study, monitoring only a few chat room participants or social network members, or a limited number of telephones, is sufficient to reliably pinpoint the originator. The researchers say that by monitoring a randomly selected 25% of nodes they managed to achieve an accuracy of 90%, and that the same result is achievable with only 5% of nodes when targeting a specific selection.

Pinto explained that to test the program they fed it information from the 9/11 terrorists' publicly released data communications and arrived at three suspects – one of whom turned out to be the mastermind of the attack. The researchers say that the algorithm can even be used to predict the origin and potential proliferation of a biological weapon or an infectious disease using existing data and potential distribution pathways. Their study was published in the Physical Review Letters journal in early August.

(djwm)