COMPUTER experts can now predict when a malicious hacker is about to strike,
and sound the alarm days in advance. They are urging companies to use their
technique to stop hackers getting into networks.
鈥淩egardless of who you are, you are not safe,鈥 says Jeffery Stutzman, an
ex-naval intelligence officer now working as a security expert for Cisco Systems
in Chelmsford, Massachusetts. 鈥淐ompanies and governments have spent millions of
dollars working on the answer to this problem.鈥
Stutzman is a member of an international group of experts called the Honeynet
Project who devised the technique. They set up a decoy computer network to lure
in hackers, dubbed 鈥渂lack hats鈥 in the industry. The network was connected to
the Internet, but it was not advertised and didn鈥檛 contain anything worth
stealing.
Advertisement
However, black hats attacked as many as 14 times a day, with one hacker even
trying to gain access just 15 minutes after the network went online.
These fevered attempts to break into the system gave the Honeynet Project
just the information needed to repel future hackers. Before trying to gain
access to a network, black hats look for weaknesses by running programs that
scan and probe networks.
By analysing 11 months of surveillance data the Honeynet experts found a
strong statistical relationship between the timing of the scans and probes and
the ensuing hack, explains Stutzman. The information has now been turned into a
predictive model that security experts can use to spot an impending attack.
Peter Sommer, a computer security expert at the London School of Economics
says the work is an important development. 鈥淭he problem with intrusion detection
systems is how you set the threshold.鈥 You need to know when to ignore scans and
when to react to them.