Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:

 

Intruder Alert: Method Provides Double Computer Crime-Solving Evidence

18.11.2004


Like an episode of "CSI: Computers," a UF researcher has developed a technique that gives digital detectives twice the forensic evidence they now have to catch all kinds of hackers, from curious teenagers to disgruntled employees to agents of foreign governments.



Writing in the current issue of the International Journal of Digital Evidence, UF doctoral student Mark Foster proposes a new and improved method of computer crime solving, called “process forensics.” “If a guy walks into a bank and robs it, leaving footprints behind or his fingerprints on the counter, the forensic analyst would come in and find those traces of what happened,” said Foster. In the same way, process forensics merges two existing types of digital evidence – intrusion-detection and checkpointing technology – to give an investigator the most possible information to crack a case, said Foster, a computer science and engineering student conducting the research for his dissertation with UF professor of computer science Joseph Wilson, who co-wrote the paper. “If you detect the intruder – or even if you’re just suspicious that an intruder’s around – you start creating checkpoints,” Foster said. “And then later, those checkpoints will serve to give us some forensics.”

Checkpoints are essentially periodic snapshots of a running computer program, or process. Programmers use them as a safety backup – if the power goes out while a program is still running, they can return to the most recent checkpoint rather than starting over from the beginning.


Many current programs don’t have built-in checkpointing technology, creating more work for programmers, Foster said. So he developed a technique that automatically creates checkpoints within a program. After working separately on computer security and intrusion-detection software, he realized that combining checkpoints with intrusion detection would create an efficient forensics tool, he said. “If the photographs are taken at the right times, then we can see how they got in, what was tampered with,” Foster said.

Foster targets intruders who want to break into systems that are host-based – or centrally located in one primary computer, which is then linked to numerous satellite workstations. “You can have a scenario where user Bob – he’s malicious, he’s tired of class, and he wants to try to mess with everybody. In a multiuser environment, you’ve got to have boundaries set up and once you have those, somebody wants to come along and get through them.”

One way for an evil-minded hacker to break into a host-based computer system is to sneak in through a “hole,” a flaw in a running program the hacker can exploit to take control of the program, run his own programs or generally gum up the works, Foster said. This type of attack is called a buffer overflow attack, he said.

Current intrusion-detection software helps an investigator find out if someone has broken into a system, identifies the intruder and prevents future attacks. However, the software first has to learn the computer system well enough to detect anything out of the ordinary, such as unexpected changes to files and suspicious programs. Detection also can require more steps, such as additional software, modification of current software or preparing a program ahead of time for monitoring.

Foster’s process-forensics method also includes an intrusion-detection system that improves on current software by streamlining detection and eliminating the training phase. “This is definitely an area that is up-and-coming in forensics,” said John Leeson, an associate professor of computer science at the University of Central Florida and an editor of the International Journal of Digital Evidence. “I like the fact that he’s taking a proactive approach – forensics for years has been a reactive field.

“The idea is that you kind of need to know when something is happening before you start collecting information, or it’ll be a lot of useless information,” Leeson said. “Mark’s proposing a tool that could be activated by an automatic intrusion-detection system. I think that’s going to definitely enhance the value of digital forensics, to be able to deal with incidents as they are occurring.”

Computer forensics is a broad field. “A lot of times it’s recovering deleted files or looking for hidden files,” Foster said. “You have a child stalker who’s on the Internet stalking children, and they track him down, they confiscate his computer, and they say to the forensic guy, ’What kind of evidence can you get from his computer?’”

Foster said his method targets a different kind of computer abuse – intruders who want to hijack a running program. ”This is definitely kind of a different angle than the traditional stuff,” he said.

| newswise
Further information:
http://www.ufl.edu

More articles from Information Technology:

nachricht 'Building up' stretchable electronics to be as multipurpose as your smartphone
14.08.2018 | University of California - San Diego

nachricht New interactive machine learning tool makes car designs more aerodynamic
14.08.2018 | Institute of Science and Technology Austria

All articles from Information Technology >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: New interactive machine learning tool makes car designs more aerodynamic

Scientists develop first tool to use machine learning methods to compute flow around interactively designable 3D objects. Tool will be presented at this year’s prestigious SIGGRAPH conference.

When engineers or designers want to test the aerodynamic properties of the newly designed shape of a car, airplane, or other object, they would normally model...

Im Focus: Robots as 'pump attendants': TU Graz develops robot-controlled rapid charging system for e-vehicles

Researchers from TU Graz and their industry partners have unveiled a world first: the prototype of a robot-controlled, high-speed combined charging system (CCS) for electric vehicles that enables series charging of cars in various parking positions.

Global demand for electric vehicles is forecast to rise sharply: by 2025, the number of new vehicle registrations is expected to reach 25 million per year....

Im Focus: The “TRiC” to folding actin

Proteins must be folded correctly to fulfill their molecular functions in cells. Molecular assistants called chaperones help proteins exploit their inbuilt folding potential and reach the correct three-dimensional structure. Researchers at the Max Planck Institute of Biochemistry (MPIB) have demonstrated that actin, the most abundant protein in higher developed cells, does not have the inbuilt potential to fold and instead requires special assistance to fold into its active state. The chaperone TRiC uses a previously undescribed mechanism to perform actin folding. The study was recently published in the journal Cell.

Actin is the most abundant protein in highly developed cells and has diverse functions in processes like cell stabilization, cell division and muscle...

Im Focus: Lining up surprising behaviors of superconductor with one of the world's strongest magnets

Scientists have discovered that the electrical resistance of a copper-oxide compound depends on the magnetic field in a very unusual way -- a finding that could help direct the search for materials that can perfectly conduct electricity at room temperatur

What happens when really powerful magnets--capable of producing magnetic fields nearly two million times stronger than Earth's--are applied to materials that...

Im Focus: World record: Fastest 3-D tomographic images at BESSY II

The quality of materials often depends on the manufacturing process. In casting and welding, for example, the rate at which melts solidify and the resulting microstructure of the alloy is important. With metallic foams as well, it depends on exactly how the foaming process takes place. To understand these processes fully requires fast sensing capability. The fastest 3D tomographic images to date have now been achieved at the BESSY II X-ray source operated by the Helmholtz-Zentrum Berlin.

Dr. Francisco Garcia-Moreno and his team have designed a turntable that rotates ultra-stably about its axis at a constant rotational speed. This really depends...

All Focus news of the innovation-report >>>

Anzeige

Anzeige

VideoLinks
Industry & Economy
Event News

Within reach of the Universe

08.08.2018 | Event News

A journey through the history of microscopy – new exhibition opens at the MDC

27.07.2018 | Event News

2018 Work Research Conference

25.07.2018 | Event News

 
Latest News

Early opaque universe linked to galaxy scarcity

15.08.2018 | Physics and Astronomy

Molecular switch detects metals in the environment

15.08.2018 | Materials Sciences

Seeing on the Quick: New Insights into Active Vision in the Brain

15.08.2018 | Life Sciences

VideoLinks
Science & Research
Overview of more VideoLinks >>>