èƵ

Fake targets fool hackers

CROOKS who tamper with databases can wreak havoc with Internet banking, credit card accounts or utility billing. But by the time an initial breach has been spotted money may already have been debited from an account. To combat this, computer expert Peng Liu at Pennsylvania State University is developing an early-warning system that detects such activity and then neutralises it.

His “self-healing database” quarantines potential hackers by diverting them to a useless copy of the database where they can do no harm. In the meantime, his prototype software lets innocent operations proceed unhindered, while any damage to the main database from the attack is instantly repaired.

The system also aims to stop viruses like the “data diddlers” that multiply every number in a database by 1.2, say, which would be appalling enough in a bank or payroll database, but could threaten lives in a hospital, say.

Current recovery software may reset databases to how they were before a breach, but this throws out changes made by innocent users. And suspending a database for repair is unpopular if users need constant access, for example, in a cash machine network.

Liu and his team have written software that monitors user behaviour in real-time. When it identifies suspicious behaviour – such as a user operating at a strange hour or transferring money to a bank they have never dealt with before, or a country they have never transmitted cash to before – the program quietly redirects their operations to isolated “mirror” databases.

Any changes to the original database made by the user under suspicion are reversed. The operations of trustworthy users are untouched. Later, if the quarantined user is found to be innocent, their transactions in the dummy systems are preserved and merged back into the main database. The US Air Force is testing the system as a way to protect military data such as troop movements.

Computer scientist Sushil Jajodia at George Mason University in Fairfax, Virginia, says further tests are needed to recognise the wide range of possible hacker attacks. But Liu says running such tests could prove difficult, since it requires real-world attack data that “many companies are reluctant to release”.

More from èƵ

Explore the latest news, articles and features