GCN Tech Blog

By GCN Staff

Blog archive

The reverse Turing Test

When Eric Cole, a head instructor for the SANS Institute, first brought up the idea of a reverse Turing Test, we thought he was mocking our cognitive capabilities. After all, we're not sure if we could even pass a Turing Test, not on our off-days anyway. But actually he was referring to a new way of thinking when it comes to network security.

This morning, Cole was the featured speaker on a GCN InSight eSeminar on securing data in a networked world. SANS experts always have plenty of interesting tidbits when it comes to security, and Cole was no exception.

So here is the problem: How can you tell if the traffic going through your Internet gateway is legitimate user-generated communiques? Well, if it is the real thing then it was probably created by humans--someone looking for a Web site, or sending an e-mail to a coworker.

Most malicious traffic, on the other hand, is usually generated by scripts, perhaps surreptitiously planted on your computers. They may be sending requests to Internet Protocol addresses, rather than domain name-based addresses. Also, a person would never send send simultaneous requests to 5,000 different ports.

In other words, machine-driven actions have different behavioral characteristics than actions initiated by humans.

What we need, Cole suggested, is some sort of technique to flag traffic on a network that is not generated by humans, or a sort of reverse Turing Test.

A Turing Test is, of course, a series of questions poised to determine if an unknown entity is a human or a computer. Mathematician Alan Turing devised this line of questioning as a way to judge if a computational system had truly achieved artificial intelligence.

To date, none has. Imitating a human being is hard, as it turns out. But Cole has reversed the concept. If we can more easily tell when a series of actions come from a machine, and not a human, we can flag those actions as possibly the work of some sort of malicious program, like a virus or worm.

Not much has been done in the way of adapting commercial tools for this task, Cole admitted, but the idea of coming up with reverse Turing Tests for networks seems like a good direction for future research. "You have to be creative" when confronting network threats, Cole told us afterwards.

Posted by Joab Jackson on May 15, 2008 at 9:39 AM


Featured

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

  • Comment
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    Doing digital differently at VA

    The Department of Veterans Affairs CIO explains why digital transformation is not optional.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.