By Cara Garretson
A professor and two graduate students from Wake Forest
University spent the summer at a federal computer lab developing
digital ants that proactively search networks for signs of computer
worms and other security threats.
These digital ants in many ways act like their real-life
counterparts, according to an article about the research posted on the
Wake Forest Web site. Once they detect a worm -- malware that
self-replicates to spread itself to as many PCs as possible and then
infect them -- or similar security threats, ants converge at that
location on the network to attract the attention of a human who can
step in and thwart the threat.
Ants are known to be able to ramp up their defense mechanisms
rapidly when an intruder is detected, then resume their normal
workload. The researchers decided to see if a similar approach would
work on a cyber threat.
Currently most security technology is reactive, taking action
only against known threats that have been defined and can therefore be
found. Researchers are hoping that by proactively scanning a network
for unusual behavior these digital ants can discover so-called zero-day
threats before they do harm.
The concept, called "swarm intelligence," is being pioneered
by Glenn Fink, a research scientist at Pacific Northwest National
Laboratory (PNNL) in Richland, Wash. PNNL is one of ten Department of
Energy labs in the country and researches new methods in cybersecurity.
Fink was familiar with work being done at Wake Forest under
Errin Fulp, a computer science professor and network security expert,
who has been working on faster security scanning by leveraging parallel
processing techniques. Fink invited Fulp and two graduate students, Wes
Featherstun and Brian Williams, to combine swarm intelligence with
parallel processing in a test to see how quickly the digital ants could
swarm on security threats.
Over the summer the researchers built a 64-node network and
deployed 3,000 different types of digital ants charged with looking for
evidence of worms and other threats. As the ants moved through the
network, they would leave digital trails, much like the scent trails
that real-life ants leave to guide other ants. Each time a digital ant
identified a sign of a threat, it would leave behind a bigger trail, or
stronger scent. The stronger scent would then attract more ants,
quickly creating a swarm to warn researchers of a possible security
As a control measure, the researchers installed "sentinels" at
each machine, reporting to network "sergeants" that are monitored by
humans who supervise the "colony." The humans ultimately control the
ants so that they can't infiltrate PCs without authorization, the
In the researchers' test the ants were successfully able to
find a worm released on the test network, says the Wake Forest article.
PNNL has extended the research project and will continue working on
There are hopes that this approach will eventually help
production networks prevent threats, although the researchers say that
the digital ants work best in large networks that have many identically
configured machines on them, such as those in governments, enterprises
Only registered users can write comments.
Please login or register.