Georgia Institute of Technology Georgia Institute of Technology

Research Horizons

Georgia Tech's Research Horizons Magazine
Menu
front office

Protect the Net

PROTECT THE NET

By John Toon

BlackForest system offers a recipe for predicting attacks

Coordinating distributed denial-of-service (DDoS) attacks, displaying new malware code, offering advice about network break-ins, and posting stolen information — these are just a few of the online activities of cyber criminals. Watching activities like these can provide security specialists with advance warning of pending attacks and information about what hackers are planning.

Gathering and understanding this cyber intelligence is the work of BlackForest, an intelligence gathering system developed at the Georgia Tech Research Institute (GTRI). By using such information to create a threat picture, BlackForest complements other GTRI systems designed to help corporations, government agencies, and nonprofit organizations battle increasingly sophisticated threats to their networks.

“BlackForest is on the cutting edge of anticipating attacks,” said Christopher Smoak, a GTRI research scientist. “We gather and connect information collected from a variety of sources to draw conclusions on how people are interacting. This can drive development of a threat picture that may provide pre-attack information to organizations that may not even know they are being targeted.”

The system collects information from the public Internet, including hacker forums and other sites where malware authors and others gather. Connecting the information and relating it to past activities can let organizations know they are being targeted and help them understand the nature of the threat, allowing them to prepare for specific types of attacks.

Detecting the organization of DDoS attacks is a good example of how the system can be helpful, Smoak noted. DDoS attacks typically involve thousands of people who use the same computer tool to flood websites with so much traffic that customers can’t get through. The attacks hurt business, harm the organization’s reputation, bring down servers — and can serve as a diversion for other nefarious activity.

But they have to be coordinated using social media and other means to enlist supporters. BlackForest can tap into that information to provide a warning that may allow an organization to, for example, ramp up its ability to handle large volumes of traffic.

“We want to provide something that is predictive for organizations,” said Ryan Spanier, a GTRI research engineer. “They will know that if they see certain things happening, they may need to take action to protect their networks.”

Factoid

In its latest Emerging Cyber Threats Report, Georgia Tech warns about loss of privacy, abuse of trust between users and machines, attacks against the mobile ecosystem, rogue insiders, and the increasing involvement of cyberspace in nation-state conflicts. The report is published annually by the Georgia Tech Information Security Center and the Georgia Tech Research Institute.

Contact

Georgia Tech is home to more than 2,500 faculty members who conduct scientific and engineering research in hundreds of different research areas.

Related Stories

Read More
Read More
Read More

Media Contacts

John Toon

John Toon

Director of Research News
Phone: 404.894.6986
photo - Jason Maderer

Jason Maderer

National Media Relations
Phone: 404.385.2966
photo - Ben Brumfield

Ben Brumfield

Senior Science Writer
Phone: 404.385.1933
Josh Brown

Josh Brown

Senior Science Writer
Phone: 404-385-0500

Subscribe & Connect

Follow Us on Twitter:

@gtresearchnews

RSS Feeds

Subscribe to our RSS Feeds with your favorite reader.

Email Newsletter

Sign up to receive our monthly email newsletter.

Research Horizons Magazine

Sign up for a free subscription to Research Horizons magazine.