GCN Tech Blog

By GCN Staff

Blog archive

The reverse Turing Test

When Eric Cole, a head instructor for the SANS Institute, first brought up the idea of a reverse Turing Test, we thought he was mocking our cognitive capabilities. After all, we're not sure if we could even pass a Turing Test, not on our off-days anyway. But actually he was referring to a new way of thinking when it comes to network security.

This morning, Cole was the featured speaker on a GCN InSight eSeminar on securing data in a networked world. SANS experts always have plenty of interesting tidbits when it comes to security, and Cole was no exception.

So here is the problem: How can you tell if the traffic going through your Internet gateway is legitimate user-generated communiques? Well, if it is the real thing then it was probably created by humans--someone looking for a Web site, or sending an e-mail to a coworker.

Most malicious traffic, on the other hand, is usually generated by scripts, perhaps surreptitiously planted on your computers. They may be sending requests to Internet Protocol addresses, rather than domain name-based addresses. Also, a person would never send send simultaneous requests to 5,000 different ports.

In other words, machine-driven actions have different behavioral characteristics than actions initiated by humans.

What we need, Cole suggested, is some sort of technique to flag traffic on a network that is not generated by humans, or a sort of reverse Turing Test.

A Turing Test is, of course, a series of questions poised to determine if an unknown entity is a human or a computer. Mathematician Alan Turing devised this line of questioning as a way to judge if a computational system had truly achieved artificial intelligence.

To date, none has. Imitating a human being is hard, as it turns out. But Cole has reversed the concept. If we can more easily tell when a series of actions come from a machine, and not a human, we can flag those actions as possibly the work of some sort of malicious program, like a virus or worm.

Not much has been done in the way of adapting commercial tools for this task, Cole admitted, but the idea of coming up with reverse Turing Tests for networks seems like a good direction for future research. "You have to be creative" when confronting network threats, Cole told us afterwards.

Posted by Joab Jackson on May 15, 2008 at 9:39 AM


inside gcn

  • prisoner using a cellphone (FBI)

    Cellphone jammer targets illicit calls by prisoners

Reader Comments

Fri, May 16, 2008 Joab Jackson

Hahaha--Very true!

Fri, May 16, 2008 MARK ROSS WASHINGTON STATE PATROL WA

If there is a Turing test that can tell the difference between the responses of a person and a computer, then doesn't that test serve in this arena? If the individual being tested passes the Turing test, they're human, if not, they're a computer. It's a binary choice, one test can (and does) make both determinations. I really see NO logical difference between a Turing test or a 'reverse' Turing test. Both will make exactly the same determinations, therefore they are equivalent.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

resources

HTML - No Current Item Deck
  • Transforming Constituent Services with Business Process Management
  • Improving Performance in Hybrid Clouds
  • Data Center Consolidation & Energy Efficiency in Federal Facilities

More from 1105 Public Sector Media Group