backtop


Print


A new type of security software, developed by WFU and PNNL has digital "ants" swarm on malware threats, such as worms, to allow their detection and removal.   (Source: Serving Haus)
Ants may soon be defending your work computer against worms

Windows XP and Vista certainly has them... even OS X has them.  Computer "worms" capable of replicating and spreading over networks and removable media are a perennial security headache.  Now researchers are turning to an exotic scheme to help stomp out pesky malware like worms.

Security researchers found inspiration in the common ant.  Describes Wake Forest University Professor of Computer Science Errin Fulp, "In nature, we know that ants defend against threats very successfully.  They can ramp up their defense rapidly, and then resume routine behavior quickly after an intruder has been stopped. We were trying to achieve that same framework in a computer system."

WFU created digital "ants" -- utilities that migrate from computer to computer over networks searching for threats.  When one locates a threat, others congregate on it, using so-called "swarm intelligence".  The approach allows human researchers to quickly identify and quarantine dangerous files by watching the activity of the ants.

The research could open up a new era of antivirus.  Typically, antivirus programs are large and require a lot of resources.  Slimmer programs, like Microsoft's upcoming antivirus freeware, are in the works, but resource consumption remains a significant issue.

The WFU approach is decidedly different as instead of having a monolithic AV program running on every network computer, the plan is to have 3,000 types of ants, each capable of detecting a specific malware signature.  The ants drop logs akin to real world ants' scent trails.  "Stronger" log scents indicate a detected threat and clue ants (of any type) to swarm on the infected machine.

To prevent accidental spread of the ants, the ants require a "sentinel" utility program to be running on the computer to keep them alive.  Another "sergeant" program allows administrators to monitor the colony, tweak levels of certain ants, and perform other monitoring and maintenance functions.

The system has successfully detected a worm introduced by researchers onto a computer network.  Glenn Fink, a research scientist at Pacific Northwest National Laboratory (PNNL) who coauthored the study and first dreamed up the idea of emulating ants and Professor Fulp are both using the results in their master theses.  Additionally, a larger trial of the system is currently in process.

The researchers say that the approach shows the greatest promise for large homogenous networks (with similar hardware and software on each workstation) such as governments, large corporations and universities.





"Well, we didn't have anyone in line that got shot waiting for our system." -- Nintendo of America Vice President Perrin Kaplan






Most Popular Articles







botimage
Copyright 2018 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki