Swiss Researchers on the Verge of Major Whodunnit Discovery; Sparse Observer Algorithm for Malware/Spam Source Detection
A team of Swiss researchers presented a new malware/spam source detection algorithm in a paper entitled “Locating the source of diffusion in large-scale networks” in the Physical Review Letters journal on August 10. The novelty consists of estimating the source of an outbreak within a network based on measurements applied to “sparsely placed observers or sensors” as opposed to all nodes of the network.
This discovery has huge potential benefits as it eliminates the considerable costs and resources behind monitoring countless focal points of the entire virtual space, for instance. “[…] our goal is to locate the source of diffusion under the practical constraint that only a small fraction of nodes can be observed. This is the case, for example, when locating a spammer who is sending undesired emails over the Internet, where it is clearly impossible to monitor all the nodes,” reads the introduction to the paper.
The researchers’ findings indicate it would be possible to determine the source of malware or spam based on the various connections within the network and on the speed of the transferred info. All it would take is an analysis of ten to twenty percent of the network’s nodes, if not less, Pedro Pinto, postdoctoral researcher at the Audiovisual Communications Laboratory of the Swiss Federal Institute of Technology, told itworld.com.
The same model of analysis might be applicable to several other domains, from national security to social media dynamics.
Despite some challenges “a sparse deployment of observers may provide an effective alternative to the individual monitoring (either human or automatic) of all nodes in a network”, concludes the paper.