Industry News

Swiss Researchers on the Verge of Major Whodunnit Discovery; Sparse Observer Algorithm for Malware/Spam Source Detection

A team of Swiss researchers presented a new malware/spam source detection algorithm in a paper entitled “Locating the source of diffusion in large-scale networks” in the Physical Review Letters journal on August 10. The novelty consists of estimating the source of an outbreak within a network based on measurements applied to “sparsely placed observers or sensors” as opposed to all nodes of the network.

This discovery has huge potential benefits as it eliminates the considerable costs and resources behind monitoring countless focal points of the entire virtual space, for instance. “[…] our goal is to locate the source of diffusion under the practical constraint that only a small fraction of nodes can be observed. This is the case, for example, when locating a spammer who is sending undesired emails over the Internet, where it is clearly impossible to monitor all the nodes,” reads the introduction to the paper.

The researchers’ findings indicate it would be possible to determine the source of malware or spam based on the various connections within the network and on the speed of the transferred info. All it would take is an analysis of ten to twenty percent of the network’s nodes, if not less,  Pedro Pinto, postdoctoral researcher at the Audiovisual Communications Laboratory of the Swiss Federal Institute of Technology, told

The same model of analysis might be applicable to several other domains, from national security to social media dynamics.

Despite some challenges “a sparse deployment of observers may provide an effective alternative to the individual monitoring (either human or automatic) of all nodes in a network”, concludes the paper.

About the author

Ioana Jelea

Ioana Jelea has a disturbing (according to friendly reports) penchant for the dirty tricks of online socialization and for the pathologically mesmerizing news trivia. From gory, though sometimes fake, death reports to nip slips and other such blush-inducing accidents, her repertoire is an ever-expanding manifesto against any Victorian-like frame of thought that puts a strain on online creativity. She would like to keep things simple, but she never does.

1 Comment

Click here to post a comment
  • i read yesterday about this algorithm, you need 15-20 contacts to find original source, is useful in detection of worms spread source, messenger/e-mail viruses , etc

    but, what if an evil man have a botnet with 100-200.000 infected pc’s and launch a worm from all infected machines in the same time? who can track 100.000 sources? :)))