Coding Humans Into Your Security Apps
Nicholas Carr’s blog alerted me to a fascinating new service from Amazon called Mechanical Turk. It is named after the mechanical chess-playing automaton with a human hid inside from the late 1700s. The basic idea is through a web-services API you can code humans into applications so that when the code gets to a step that a human would be best at performing, a registered and qualified user at Amazon’s site is asked to answer the question.
The implications for security applications are interesting. To date, network security has been very good at identifying packets that match predefined bit patterns but generally quite bad at spotting a false positive (for example within an IDS system). Attempts at anomaly detection and event correlation have existed in the market for a while now but none have yet delivered on the promise of an intelligent system. The basic idea of such systems is that a low priority event seen at a firewall, combined with a low priority event seen at a WLAN AP, could be correlated into a high priority event if the system decided to do so.
So could the mechanical turk perform such a service? Integration via an API seems much more tight than popping up a dialogue box on a management console or firing off an email alert. Taking into account the base-rate fallacy in IDS combined with a human’s tolerance for boys crying wolf, this has been a tough problem to crack so far. Of course the mechanical turk just foists the problem back to the humans but in a seemingly scalable way. This could be an interesting model for managed security providers to take in the future.