[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Microsoft working to eliminate Internet anonymity



Microsoft working to eliminate Internet anonymity
http://gcn.com/articles/2009/08/19/microsoft-internet-anonymity.aspx?s=gcndaily_200809?cid=nl_DR_DAILY_T
By Jabulani Leffall
Aug 19, 2009

Microsoft researchers have unveiled an anti-hacking concept that can help
track hackers or malicious content to origin servers.

The Host Tracker program's goal is to "de-anonymize the Internet" through
the ability to host servers with 99 percent accuracy.

Host Tracker is designed to unmask would-be hackers who take
advantage of anonymizing techniques by cross-referencing Internet
protocol traffic data to identify the true origin. Microsoft's
representatives said the Host Tracker system relies on
application-level events -- in this case, Internet Explorer browser
sessions -- to automatically infer host-IP bindings.

Researchers Yinglian Xie, Fang Yu and Martin Abadi ran
some initial tests by analyzing a month's worth of data from an e-mail
server, roughly 330 GB, to ascertain from the samples who may have been
responsible for sending out certain types of spam. They studied some
550 million user IDs and 220 million IP addresses, and matched time
stamps for message transmission or e-mail log-ons.

"The fact that we are able to trace malicious traffic to the proxy
itself is an improvement because we are able to pinpoint the exact
origin," Xie said (a PDF of the study can be found at
http://research.microsoft.com/pubs/80964/sigcomm09.pdf ).

From a practical perspective, the researchers said they hope that
the program will result in better defenses against server-bound online
attacks, spam campaigns, adware and other malware that is dependent on
HTML code to execute properly. Further, Microsoft thinks this could be
a boon for third-party security firms and security administrators at
the enterprise level by giving them the ability to block certain hosts
from sending messages as well as the ability to use this data as a
basis for IT auditing and forensic analysis of messaging and network
systems.

"In the next-generation Internet, anonymity and traceability should
be offered and reconciled by design rather than by accident," the
researchers added.

About the Author

Jabulani Leffall is a journalist whose work has appeared in the
Financial Times of London, Investor's Business Daily, The Economist and
CFO Magazine, among others.