GCN Tech Blog

By GCN Staff

Blog archive

The reverse Turing Test

When Eric Cole, a head instructor for the SANS Institute, first brought up the idea of a reverse Turing Test, we thought he was mocking our cognitive capabilities. After all, we're not sure if we could even pass a Turing Test, not on our off-days anyway. But actually he was referring to a new way of thinking when it comes to network security.

This morning, Cole was the featured speaker on a GCN InSight eSeminar on securing data in a networked world. SANS experts always have plenty of interesting tidbits when it comes to security, and Cole was no exception.

So here is the problem: How can you tell if the traffic going through your Internet gateway is legitimate user-generated communiques? Well, if it is the real thing then it was probably created by humans--someone looking for a Web site, or sending an e-mail to a coworker.

Most malicious traffic, on the other hand, is usually generated by scripts, perhaps surreptitiously planted on your computers. They may be sending requests to Internet Protocol addresses, rather than domain name-based addresses. Also, a person would never send send simultaneous requests to 5,000 different ports.

In other words, machine-driven actions have different behavioral characteristics than actions initiated by humans.

What we need, Cole suggested, is some sort of technique to flag traffic on a network that is not generated by humans, or a sort of reverse Turing Test.

A Turing Test is, of course, a series of questions poised to determine if an unknown entity is a human or a computer. Mathematician Alan Turing devised this line of questioning as a way to judge if a computational system had truly achieved artificial intelligence.

To date, none has. Imitating a human being is hard, as it turns out. But Cole has reversed the concept. If we can more easily tell when a series of actions come from a machine, and not a human, we can flag those actions as possibly the work of some sort of malicious program, like a virus or worm.

Not much has been done in the way of adapting commercial tools for this task, Cole admitted, but the idea of coming up with reverse Turing Tests for networks seems like a good direction for future research. "You have to be creative" when confronting network threats, Cole told us afterwards.

Posted by Joab Jackson on May 15, 2008 at 9:39 AM


Featured

  • People
    Federal CIO Suzette Kent

    Federal CIO Kent to exit in July

    During her tenure, Suzette Kent pushed on policies including Trusted Internet Connection, identity management and the creation of the Chief Data Officers Council

  • Defense
    Essye Miller, Director at Defense Information Management, speaks during the Breaking the Gender Barrier panel at the Air Space, Cyber Conference in National Harbor, Md., Sept. 19, 2017. (U.S. Air Force photo/Staff Sgt. Chad Trujillo)

    Essye Miller: The exit interview

    Essye Miller, DOD's outgoing principal deputy CIO, talks about COVID, the state of the tech workforce and the hard conversations DOD has to have to prepare personnel for the future.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.