GCN Tech Blog

By GCN Staff

Blog archive

The reverse Turing Test

When Eric Cole, a head instructor for the SANS Institute, first brought up the idea of a reverse Turing Test, we thought he was mocking our cognitive capabilities. After all, we're not sure if we could even pass a Turing Test, not on our off-days anyway. But actually he was referring to a new way of thinking when it comes to network security.

This morning, Cole was the featured speaker on a GCN InSight eSeminar on securing data in a networked world. SANS experts always have plenty of interesting tidbits when it comes to security, and Cole was no exception.

So here is the problem: How can you tell if the traffic going through your Internet gateway is legitimate user-generated communiques? Well, if it is the real thing then it was probably created by humans--someone looking for a Web site, or sending an e-mail to a coworker.

Most malicious traffic, on the other hand, is usually generated by scripts, perhaps surreptitiously planted on your computers. They may be sending requests to Internet Protocol addresses, rather than domain name-based addresses. Also, a person would never send send simultaneous requests to 5,000 different ports.

In other words, machine-driven actions have different behavioral characteristics than actions initiated by humans.

What we need, Cole suggested, is some sort of technique to flag traffic on a network that is not generated by humans, or a sort of reverse Turing Test.

A Turing Test is, of course, a series of questions poised to determine if an unknown entity is a human or a computer. Mathematician Alan Turing devised this line of questioning as a way to judge if a computational system had truly achieved artificial intelligence.

To date, none has. Imitating a human being is hard, as it turns out. But Cole has reversed the concept. If we can more easily tell when a series of actions come from a machine, and not a human, we can flag those actions as possibly the work of some sort of malicious program, like a virus or worm.

Not much has been done in the way of adapting commercial tools for this task, Cole admitted, but the idea of coming up with reverse Turing Tests for networks seems like a good direction for future research. "You have to be creative" when confronting network threats, Cole told us afterwards.

Posted by Joab Jackson on May 15, 2008 at 9:39 AM


Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected