Related Links

  • Krebs on Security
  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Related Stories

Top 5 Stories


Coming soon: Security predictions engine powered by expert crowdsourcing

06 July 2011

Leading security researcher Brian Krebs says that IT security researchers from academia, industry, and the US intelligence community are working on a pilot 'prediction market' that is designed to anticipate major information security events before they occur.

This is not as bizarre as it might sound, Infosecurity notes, as a crowdsourcing model is something that the US and UK intelligence services have reportedly been using amongst their own staff in countering terrorist attacks.

The prediction engine, however, is on a larger scale and effectively collates data from interested parties to develop a percentage risk of a specific event taking place.

Using a prediction market means that the percentage risks will rise and fall depending on the intelligence gathered and collated.

According to Krebs, some of the 'stocks' in the security predictions market that have been considered for the exchange include:`The volume of spam email will increase by 10% in the third quarter of 2011.'

Other stocks ask participants to gauge the likelihood of far-off events, such as the chance that the US House of Representatives will pass a bill with 'cyber' and `security’ in its title in the first session of the 112th Congress, or whether broadly used encryption algorithms will be defeated within the next 24 months.

This is no 'pie in the sky' project, as Krebs quotes Greg Shannon, chief scientist of the CERT program at Carnegie Mellon's Software Engineering Institute, as being involved with the project.

The aim, says Shannon, is to develop actionable data.

"If you're Verizon, and you're trying to pre-position resources, you might want to have some visibility over the horizon about the projected prevalence of mobile malware", Shannon told Krebs.

"That's something they'd like to have an informed opinion about by leveraging the wisdom of the security community", he adds.

This form of crowdsourcing is far from perfect, however, and the security researcher goes on to quote Robin Hanson, chief scientists with Consensus Point, an enterprise prediction software specialist.

Hanson says that prediction markets aren't just surveys that ask everyone to speak up. People, he told Krebs, tend to only speak up when they're reasonably sure they know the answer.

Hanson's CEO Linda Rebrovick also told the researcher about the project, saying that its goal is to attract a network of 250 experts in their respective fields, adding that the organisers are still working on the best way of compensating members for correct answers.

This article is featured in:
Business Continuity and Disaster Recovery  •  Compliance and Policy  •  Data Loss  •  Internet and Network Security  •  Malware and Hardware Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×