Computer network criminals can run, but ISU professors’ work on tracking software may make it harder for them to hide their identities.

ISU electrical and computer engineering professors received a $1.2 million contract for 30 months of work to develop the software.

Tom Daniels, assistant professor of electrical and computer engineering, is developing software to track network attacks and network thieves. Daniels and his team received the award from Advanced Research and Development Activity, which funds research for the intelligence community through the National Business Center.

Their research is in the area of attack attribution.

“When someone attacks a computer system, you want to find out how they got in and who they are,” Daniels said.

Attack attribution is finding out who attacked the system and how they did it, Daniels said. The software will be used as part of a larger software package.

The software would be a useful safeguard to any company using a large network to transfer and store information because the software would prevent the theft or altering of company information, Daniels said.

The software would also help companies pinpoint weaknesses in network security. Companies could also look at problems that arise from the software alerts and figure out how to protect themselves better, he said.

Daniels’ team is one of many working on a portion of this problem. All the teams are working toward a more secure information network. The area the software will deal with is identity laundering, which is currently easy for someone to do, Daniels said. This problem occurs when people hide their identities within or from the network when they are attacking or infiltrating.

Currently, Internet and network criminals are not prosecuted because there are so many steps involved in tracking an attacker, which takes a long time. Daniels said he hopes the software will serve as a deterrent to those who might commit these crimes.

The idea is to monitor and collect clues from what is happening within the network — essentially taking a picture of activities that are triggers. The software will be set up to detect patterns, or odd behaviors within the network.

If an attack occurs, the software would create an alert. The network manager would then be able to pull the collected data and put together a picture of how, when and where the attack might have occurred, Daniels said.

The software would enable companies to take action quickly, he said. If the attack occurred from the outside, a network administrator could call the FBI and take proper action to pursue and stop the attacker.

The software will be useful for organizations of all sizes with networks, Daniels said, but he said he is not sure how the software will be deployed. The companies will have to decide whether they need it and then adopt it into their system.