Forwarded From: phreak moi <hackerelite@deathsdoor.com>
http://www.wired.com/news/news/technology/story/15905.html
Teiresias on the Hacker Trail
By Karlin Lillington
4:00 a.m. 29.Oct.98.PST
A computer algorithm used by scientists to unlock information from complex
DNA strands has a new, more mundane role: detecting hackers as they try
to penetrate networks.
Developed at IBM’s Watson Research Laboratory in New York, the algorithm
looks for repetitive patterns in sets of data, such as a network's server
logs. Dubbed Teiresias, after the blind seer in Greek mythology, it
imposes no restrictions on searches and will spot any pattern that occurs
two or more times, even those that are very faint.
Teiresias carries out what computational biologists refer to as pattern
discovery, as opposed to pattern matching, which is used when researchers
know what they are seeking and tell a computer to find a specific string
of information. Geneticists use pattern discovery on DNA data, for
instance, to uncover repetitive patterns that help to explain why humans
develop diseases and acquire specific characteristics or birth defects.
In earlier decades, when computers were slower, analyzing the detailed
construction of DNA would have been prohibitively time-consuming. But
recent leaps in the speed and analytical power of computers make it
feasible to search massive chunks of data for patterns. Applying
computers to the task of seeking patterns in biological information is
called biological sequence analysis.
Now, IBM says the same concept can be applied on computers. As a result,
says Philippe Janson, research manager for IBM’s Zurich Research
Laboratory, Teiresias can be used to detect the presence of hackers on
networks.
Teiresias analyzes the reams of data produced by a running computer to
reveal what it does when operating normally. All computers work through
instructions given by a software program in a predictable way, determined
by the original designers of the computer system. As it runs, a computer
produces bitstreams, or strings of 0s and 1s, which are the most primitive
language of computers.
Teiresias examines bitstreams produced from hundreds of hours of operation
by a given computer and seeks out the strings that keep repeating
themselves. Those echoing bitstreams define the computer.
"Those hundreds of strings are like a little dictionary for that system,"
says Janson. An attempted break-in would disrupt the flow of normal
patterns, he says, and throw off the sequence of repetitions. "If you then
teach the system, 'These are the good patterns; let me know about those
that aren’t,' the system itself can raise the alarm."
To test whether such an application would actually work, researchers used
IBM’s database of all known system attacks in the world, says Janson. They
bombarded a network with real hacks from the real world, which Teiresias
successfully sensed.
IBM researchers have a proof of concept, he says, and a software
application has been designed and placed in a trial setting on a network
to see how it functions outside the artificial confines of a lab. If it
performs well, Janson guesses it will take from two to five years for the
concept to become a generally available tool for combating system attacks.
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Sun Nov 1 21:13:59 1998