Software predicts user behaviour to stop attacks

Printable View

October 12th, 2002, 08:20 AM
powertoad5000

Software predicts user behaviour to stop attacks

An article courtesy of Slashdot about new network monitoring software. Interesting read, and hopefully this software will be functional and useful when it is finally completed.

Quote:

New computer-monitoring software designed to second-guess the intentions of individual system users could be close to perfect at preventing security breaches, say researchers.

Existing systems usually monitor the data flowing through whole networks and are typically between 60 and 80 per cent reliable, the researchers say. Tests simulating inside attacks indicate that the new software would be up to 94 per cent reliable once implemented.

The software generates a profile for each individual on a network by analysing the specific commands they enter at their terminal. It then monitors their activity and sounds the alarm on detecting suspicious behaviour. The finished product will do this in real time.

Monitoring simple user commands rather than network traffic means alarm settings can be different for each user, increasing security. It also is much less computationally intensive, according to Ramkumar Chinchani at Buffalo University, who is developing the system with Shambhu Upadhyaya and colleagues. This means more data can be analysed, allowing larger systems to be monitored in real time.

http://www.newscientist.com/news/news.jsp?id=ns99992913

-toad
October 12th, 2002, 08:46 AM
newbie

Hmmm. Interesting, but what about privacy? Is that the price one has to pay for security?
October 12th, 2002, 01:54 PM
the_JinX

I'll never go for that..

For me privacy is a BIG issue..

You can't just go sniffing thrue all the commands issued by all the users..

I think that it is even illegal in EU
October 13th, 2002, 12:01 AM
phishphreek

This is a very interesing article/idea. I do have a problem with the privacy though.

Security is very important, but so is privacy. We have several laws about privacy that we have to abide by. Most of them have to do with customers and not employees. Monitoring web usage is not one of them.

Privacy is very important to me and we are loosing our privacy more and more everyday.

How many times do you think you are on video a day? Whether buying something at the store, driving down the interstate or just walking down the street. There are the cameras. I like to waive at them, sometimes even give them the finger or even a nice mooning. I admit, its a little childish, but so is watching us all the time. Everyday we move closer and closer to 1984. I could go on and on about this forever, but I won't.

We (my work) are already using software that invades our privacy that I don't agree with.
I know the software means well, but what you do on the web is your own business.

I'm just a PeeOn where I work so my opinion doesn't even matter and I have to go by what they say (upper management). So fighting this would prolly just get me a nice kick in the ass and I'll have to find another job.

We already use software that tracks anything/everything you do on the web and decides based on a set of rules we created if the user should be reading/surfing about that subject at work. If the software wrongfully rejects their request, they have to call and I can manually give them access.

I think that our users should be able to read anything they want at lunch time or on break. With the exception of porn, gambling and illegal materials, I don't care who wants to read what.

I have setup a rule that will let them surf 1hr (lunch time length) worth of non work related materials... such as sports, games, cooking, etc. (No porn, gambling, or illegal content)
Another thing that we block think that I don't agree with is personal e mail. It like taking a personal phone call. Its ok if you take five minutes on your break to use the phone. The same with personal e mail. They have setup the software to block most popular web based e mails. Aol, hotmail, yahoo, and several more. I only have this restriction on between 830 and 430 which are our normal business hours. If a user wants to come in early or leave late because they don't have the internet at home, thats cool with me. They just can't download anything without permission. We had to put the download restriciton on becuase some users were downloading viruses putting us at risk and we know in the business world that a couple bad apples spoils the whole barrel.

If we suspect someone of doing stuff that is suspicious, we take a look at their web usage and files that they have on the network. We don't actually read documents, but we do look for programs and such they may have stored on the network. I have restriced the ability for non admins to save anything to the local drives or external media such as floppy, zip disk, and cdrw.

There are very few people who don't have to go through the filters and restrictions...
Like the president, some of the vice presidents and myself of course. :)
October 13th, 2002, 12:29 AM
Scorp666

I think that would be legal in a company. Let's say they wants to know if employees are hacking from within? I don't think it could be used legally by an ISP in Canada.