Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

A third set of Proteus algorithms uses the same behavioral principles to examine communication between laptops and other machines on the Internet. Botnets are coordinated by a central host with which each infected machine communicates. One way to detect botnets is to eavesdrop on these communications. “We developed algorithms that check for this calling-home activity with some regularity,” Taft says. Infected machines usually call home at 6-, 12-, or 24-hour intervals. Taft’s team has shown that by listening for periodic calls to the same location, the software can determine whether a machine has been recruited by any of three different botnets, including Storm, a pervasive network that controls hundreds of thousands, and possibly millions, of machines worldwide.

Taft says that the idea of using behavioral data to make security software more accurate is not new, but that for the most part its application has been limited to routers that monitor network activity. Proteus is the first such system designed for laptops.

Taft isn’t yet sure how the final version of Proteus will affect the performance of the device it runs on. Initially, when the software is just monitoring behavior, it will run constantly in the background, she says. After that, it has a much lower level of activity. One possibility might be to hardwire Proteus into a computer’s circuitry. “Intel is interested in getting as much [security] into hardware as possible,” Taft says. “It’s a good use of [processing] cores, and when things are in hardware, they’re harder to tamper with.”

Nick Feamster, a professor of computer science at the Georgia Institute of Technology, says that the behavioral approach to security hasn’t been applied to laptops in the past because there wasn’t an automated way of developing personalized rules. But behavioral botnet protection is “very well suited for machine learning,” he says.

So far, the researchers have tested the system with 350 people and are in the middle of discussions with Intel’s IT department to do a wider deployment. In the end, however, Proteus won’t be enough to keep all computers safe all the time, according to Taft. “There are so many different ways to break in,” she says. “One will need many security checks on a computer.”

0 comments about this story. Start the discussion »

Credit: Technology Review

Tagged: Computing, security, machine learning, botnet

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me