Backbone is about business, technology, lifestyle, innovation, bold ideas, trends and events
 
Go to the New Site

A more organic approach to computer security  |  February 15, 2010  

I was catching up on my reading the other day and I came across an article on using Swarm Intelligence techniques to identify computer malware, describing research from Wake Forest University and the Pacific Northwest National Laboratory (PNNL). In my predictions for 2010 I listed security as one of the areas where significantly different techniques are going to be required. This article reinforced that perspective.

The article talks about using a detection approach that had different kinds of assessments moving around the corporate network looking for anomalies. Once an unusual situation is found they leave a trail (like an ant) back from the central security site. Other assessment techniques can follow the trail and look at the issue from other perspectives and develop a better understanding of the issue. This new approach to security minimizes false positives, since the report of unusual events are more thoroughly analyzed before a treat signal is raised.

"The system comprises a hierarchy of agents that run in specially designed swarm software deployed on all the hosts in a protected network. At the bottom of the hierarchy, the ants are simple programs that look for a particular statistic as they travel from host to host. Each ant has a memory of what it finds to be normal across the previous five hosts it visits.

One level up, a sentinel agent runs on each host. On the basis of information it collects from the ants, the sentinel forms an idea of the host's normal state. When an ant finds something unusual, it reports this to the host sentinel. For example, if the ant reported 8,000 connections per minute, the sentinel might see this as an anomaly. In that case, it would reward the ant by raising its pheromone value. The ant stores this information. As it moves on to other hosts, its high pheromone value attracts other ants and communicates the information about the host that raised its pheromone value. This encourages the other ants to investigate that host as well.

If these additional ants find other anomalies, they would also be rewarded, which would attract ants from other hosts. A certain threshold of messages triggers a threat signal. 

Sergeant ants haven't yet been implemented in the prototype system, but they will sit between the computing ecosystem and human analysts. When a threat signal is triggered, the sergeants will report it to a human for further action. The sergeants also let humans specify what types of behavior the system allows. For example, a system administrator could tell the sergeant not to allow peer-to-peer file sharing, and the sergeant would create agents to disable this on all the hosts."

Although it is still a prototype:

"The researchers created four digital ants of the 64 types then eventually want. To test their effectiveness, they set up a bank of computers and released three worms into the ant-infested Linux-based computers. The four digital ants in the computers had never seen the viruses before, yet identified the virus by only monitoring."

Charlie Bess
The Next Big Thing blog

Posted February 15, 2010
Categories: General Security

Comments

Add Your Comment
 
Backbone magazine Speakers' Corner 

Insightful business speaker Jim Harris talks innovation in 
Speaker's Corner 

Start Me Up Innovation Campaign

Backbone magazine latest digital issue

Backbone's Cloud Portal

Backbone's Digital Economy Acceleration Committee

Backbonemag on Twitter

Magazine  |  Events  |  Careers  |  Backblog  |  Press Releases  |  Book Reviews  |  About Us  |  Media Kit
© 2006-2012 Backbone Magazine. All Rights Reserved. Privacy Policy | Terms of Use.   ___
Made by Marqui