topleft
topright
Fighting Worms With Ants Print E-mail
Share This -
Digg
Delicious
Slashdot
Furl it!
Reddit
Spurl
Technorati
YahooMyWeb
Tuesday, 29 September 2009

By Cara Garretson

A professor and two graduate students from Wake Forest University spent the summer at a federal computer lab developing digital ants that proactively search networks for signs of computer worms and other security threats.

These digital ants in many ways act like their real-life counterparts, according to an article about the research posted on the Wake Forest Web site. Once they detect a worm -- malware that self-replicates to spread itself to as many PCs as possible and then infect them -- or similar security threats, ants converge at that location on the network to attract the attention of a human who can step in and thwart the threat.

Ants are known to be able to ramp up their defense mechanisms rapidly when an intruder is detected, then resume their normal workload. The researchers decided to see if a similar approach would work on a cyber threat.

Currently most security technology is reactive, taking action only against known threats that have been defined and can therefore be found. Researchers are hoping that by proactively scanning a network for unusual behavior these digital ants can discover so-called zero-day threats before they do harm.

The concept, called "swarm intelligence," is being pioneered by Glenn Fink, a research scientist at Pacific Northwest National Laboratory (PNNL) in Richland, Wash. PNNL is one of ten Department of Energy labs in the country and researches new methods in cybersecurity.

Fink was familiar with work being done at Wake Forest under Errin Fulp, a computer science professor and network security expert, who has been working on faster security scanning by leveraging parallel processing techniques. Fink invited Fulp and two graduate students, Wes Featherstun and Brian Williams, to combine swarm intelligence with parallel processing in a test to see how quickly the digital ants could swarm on security threats.

Over the summer the researchers built a 64-node network and deployed 3,000 different types of digital ants charged with looking for evidence of worms and other threats. As the ants moved through the network, they would leave digital trails, much like the scent trails that real-life ants leave to guide other ants. Each time a digital ant identified a sign of a threat, it would leave behind a bigger trail, or stronger scent. The stronger scent would then attract more ants, quickly creating a swarm to warn researchers of a possible security concern.

As a control measure, the researchers installed "sentinels" at each machine, reporting to network "sergeants" that are monitored by humans who supervise the "colony." The humans ultimately control the ants so that they can't infiltrate PCs without authorization, the researchers say.

In the researchers' test the ants were successfully able to find a worm released on the test network, says the Wake Forest article. PNNL has extended the research project and will continue working on swarm intelligence.

There are hopes that this approach will eventually help production networks prevent threats, although the researchers say that the digital ants work best in large networks that have many identically configured machines on them, such as those in governments, enterprises and universities.




Comment on this article
RSS comments

Only registered users can write comments.
Please login or register.

 
Share This -
Digg
Delicious
Slashdot
Furl it!
Reddit
Spurl
Technorati
YahooMyWeb
< Previous   Next >




White Paper Library

Copyright © 2007-2014 CIOZones. All Rights Reserved. CIOZone is a property of MMINC Digital Inc.