GCN Tech Blog

By GCN Staff

Blog archive

The reverse Turing Test

When Eric Cole, a head instructor for the SANS Institute, first brought up the idea of a reverse Turing Test, we thought he was mocking our cognitive capabilities. After all, we're not sure if we could even pass a Turing Test, not on our off-days anyway. But actually he was referring to a new way of thinking when it comes to network security.

This morning, Cole was the featured speaker on a GCN InSight eSeminar on securing data in a networked world. SANS experts always have plenty of interesting tidbits when it comes to security, and Cole was no exception.

So here is the problem: How can you tell if the traffic going through your Internet gateway is legitimate user-generated communiques? Well, if it is the real thing then it was probably created by humans--someone looking for a Web site, or sending an e-mail to a coworker.

Most malicious traffic, on the other hand, is usually generated by scripts, perhaps surreptitiously planted on your computers. They may be sending requests to Internet Protocol addresses, rather than domain name-based addresses. Also, a person would never send send simultaneous requests to 5,000 different ports.

In other words, machine-driven actions have different behavioral characteristics than actions initiated by humans.

What we need, Cole suggested, is some sort of technique to flag traffic on a network that is not generated by humans, or a sort of reverse Turing Test.

A Turing Test is, of course, a series of questions poised to determine if an unknown entity is a human or a computer. Mathematician Alan Turing devised this line of questioning as a way to judge if a computational system had truly achieved artificial intelligence.

To date, none has. Imitating a human being is hard, as it turns out. But Cole has reversed the concept. If we can more easily tell when a series of actions come from a machine, and not a human, we can flag those actions as possibly the work of some sort of malicious program, like a virus or worm.

Not much has been done in the way of adapting commercial tools for this task, Cole admitted, but the idea of coming up with reverse Turing Tests for networks seems like a good direction for future research. "You have to be creative" when confronting network threats, Cole told us afterwards.

Posted by Joab Jackson on May 15, 2008 at 9:39 AM


Featured

  • Acquisition
    Shutterstock ID 169474442 By Maxx-Studio

    The growing importance of GWACs

    One of the government's most popular methods for buying emerging technologies and critical IT services faces significant challenges in an ever-changing marketplace

  • Workforce
    Shutterstock image 1658927440 By Deliris masks in office coronavirus covid19

    White House orders federal contractors vaccinated by Dec. 8

    New COVID-19 guidance directs federal contractors and subcontractors to make sure their employees are vaccinated — the latest in a series of new vaccine requirements the White House has been rolling out in recent weeks.

Stay Connected