fupids?
Fuzzy User Profiling
I think the idea of applying statistical methods (think Bayesian spam filters) to implement intrusion detection in desktop computers is overdue. There was a Waltham-based startup called Okena that had been doing this for several years, but I haven't really heard much about the product category since Cisco acquired them.
Credit card company fraud detection is a good model for what I'd like to see. "Dear John, I noticed that you ( sent out 300 emails | polled 2000 IP addresses of nearby cable modem users ). Did you mean to do that?" While I acknowledge the possibilities for a Bob- or Clippy-like annoying system, with lots of false positives making your computer useless, I think limiting the nagging to the few types of behaviors that virii take most advantage of would be a workable trade-off. (Again, credit card companies deal with the same trade-off ).
A related effort, mynetwatchman - has been doing something like this for a few years now -- its agent runs on your firewall and sends traffic info to a centralized computer. These aggregate logs are polled for suspicious traffic that originates from the same source IP address, and use this to identify compromised computers. What I envision would not have to be similarly rolled up to a central source to be useful, but it would definitely benefit from that type of architecture (rolled up either at the lan or 'net wide level to someone you trust).
I hope we can get past the rules- and checksum- based systems we use to fight a reactive battle against virii, in the same way we've evolved our spam filters to, well, evolve themselves at the desktop. I think evolving defenses in real time, and uniquely on each computer, is the only way to escape the failings of the monoculture that we have today.
12:55:39 PM 
|
