Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

The researchers also created a way to automatically blacklist traffic from a particular IP address, once the HostTracker system has determined that the host at that address is compromised. Using this method in simulation, the researchers were able to block malicious traffic with an error rate of five percent–in other words, 5 out of 100 IP addresses classified as malicious were actually legitimate. Using additional information to identify good user behavior reduced that false-positive rate to less than one percent.

The results suggest that HostTracker would be a good way to refine the current way of defending against distributed denial-of-service attacks and spam campaigns, says Gunter Ollmann, vice president of research and development at Damballa, a firm that helps companies find and eliminate compromised hosts in a computer network.

“Using this technique will help find botnets that have a high frequency of traffic, such as spam campaigns, DDoS attacks, and maybe click-through attacks,” Ollmann says. “Other attacks, such as password-stealing and banking trojans, where the attack is more host-centric–this sort of technique would not be as effective.”

Xie acknowledges that while the technique is useful for creating lists of hosts to track, it may be less useful for law enforcement agencies attempting to identify the attackers behind online crime. “The accountability we are talking about is not court accountability,” she says. “We want to separate the two notions. The accountability that we are talking about is the ability to identify the hosts.”

2 comments. Share your thoughts »

Credit: Technology Review

Tagged: Computing, Web

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me