Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

Researchers at Intel have developed laptop-based security software that adjusts to the way an individual uses the Internet, providing a more dynamic and personalized approach to detecting malicious activity. The software is aimed at corporations that pass out laptops and mobile devices to employees, since IT departments usually install the same one-size-fits-all security software on all their hardware. The homogenous security approach is quick and easy, says Nina Taft, a researcher at Intel Research Berkeley, but because standard software doesn’t take into account different people’s patterns of computer use, it can produce false positives and entirely miss some attacks.

“One reason security breaches are so rampant is that most of our machines look the same,” says Taft. They have the same operating systems, same applications, same protocols, and same Internet traffic thresholds in the security settings, she says. “When a hacker breaks into one machine, he can break into all of them … We’re trying to inject diversity into computers.”

The type of security software deployed by most IT departments has a component that looks at Internet traffic coming in and out of a computer. When traffic exceeds a preset threshold, the software suggests that the computer is infected. It might, for instance, have been recruited as part of a “botnet,” in which it is remotely controlled by a malicious computer that instructs it to communicate with other infected machines. (Much spam is sent from botnets.) Some people, however, habitually send out large amounts of information, which can trigger the security alarm, while others who stay well below the threshold can unknowingly harbor malicious activity.

As part of a project called Proteus, Intel researchers have developed several algorithms that can make more nuanced judgments. One algorithm uses standard statistical and machine-learning techniques to monitor a person’s Internet use and create individualized traffic thresholds. A second algorithm gauges how people’s Internet use changes throughout the day. Taft has found that people’s habits are significantly different when they use company laptops to log in to networks other than the company’s. “Ninety percent of people have quite a different behavior when they’re at work than when they’re at home,” she says. Tying different traffic thresholds to different location profiles could improve security software’s ability to detect compromised machines.

“I think the basic takeaway is, if you can be really precise in capturing user behavior, you can make the work of the attackers much harder,” Taft says. In order to successfully infect a machine that maintained a number of different usage profiles, a malicious hacker would need to know when each applied and what its traffic threshold was. “You limit the range of possibilities they have for succeeding,” Taft says.

0 comments about this story. Start the discussion »

Credit: Technology Review

Tagged: Computing, security, machine learning, botnet

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me