Student devises novel way to detect hackers

Apr 08, 2014 by Todd R. Mcadam

Patricia Moat gets a thrill from protecting people. As a youngster, she trained in martial arts. Later, she ran into burning buildings as a volunteer firefighter. Now she's finding new ways to protect American computer networks.

"This is like catching an intruder coming into your house," Moat says. "And it excites me to do something most people have never done."

Moat, a doctoral student in electrical and , is part of a Binghamton University team working to create a real-time monitor that can spot intrusions into .

The project, funded by the Air Force Office of Scientific Research, connects several threads in Moat's life. She's an electrician's daughter who was as interested in coding as wiring. Her brother is a career soldier. And she survived a house fire when she was a child.

Her work is critical to every nation and most corporations. Already, South Korea has found North Korea hacking its networks. Saudi Arabia and Israel have weathered from Iran.

Now imagine an attack that causes planes to land short of the runway, says Victor Skormin, a distinguished service professor and Moat's advisor. Imagine shutting down or overheating. How about power grids misdirecting electricity? It's not just some amateur hacker against a national or corporate network; many attacks are sponsored by other nations or large criminal organizations. And they can target computer-controlled machinery.

"Actually, it's a war taking place in cyberspace, and it requires many different weapons and defenses," Skormin says. "There are many existing attacks that our application works against very successfully."

So what are Moat and her teammates doing? Instead of reviewing all programs run by a network to find the signature of one of millions of known malware programs—some of which mutate to avoid detection—they have developed a technology to assess behavior of individual computers. This is done by monitoring system calls, the internal signals that accompany every computer operation and can reveal every function performed by the computer.

First, they create a profile of the network's normal operation. When a network is attacked, a review of system calls can reveal functionality that does not match this "normalcy profile." This approach can address the most advanced attacks, some of which are skillfully designed to corrupt just one strategically chosen system.

Think of it this way: Instead of looking for an intruder in your home by checking every room to see if anything has been taken or left behind, the Binghamton algorithm checks to see if anyone opened a door or window.

Explore further: S. Korea detects suspected N. Korea hacking attempt

add to favorites email to friend print save as pdf

Related Stories

Spot a bot to stop a botnet

May 01, 2012

Computer scientists in India have developed a two-pronged algorithm that can detect the presence of a botnet on a computer network and block its malicious activities before it causes too much harm. The team ...

Official describes rampant computer hacking at VA

Jun 04, 2013

(AP)—A former computer security chief at the Department of Veterans Affairs is telling lawmakers that at least eight foreign-sponsored organizations have hacked into the department's computer networks in recent years or ...

Recommended for you

What's causing the recent string of data breaches?

19 hours ago

It's Cyber Security Awareness month, which has me wondering: are we doing all we can to protect our data? To help answer this question, I sat down with Girish Bhat of Wave Systems—an important collaborator of Micron's—to ...

Court: UK spies get bulk access to NSA data

Oct 29, 2014

The British government's insistence that its spies don't use the vast espionage powers of the U.S. National Security Agency to sidestep U.K. restrictions on domestic eavesdropping was called into question by a court document ...

Georgia Tech releases 2015 Emerging Cyber Threats Report

Oct 29, 2014

In its latest Emerging Cyber Threats Report, Georgia Tech warns about loss of privacy; abuse of trust between users and machines; attacks against the mobile ecosystem; rogue insiders; and the increasing involvement of cyberspac ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.