Low-cost strategy developed for curbing computer worms

January 13, 2009

Thanks to an ingenious new strategy devised by researchers at University of California, Davis and Intel Corporation, computer network administrators might soon be able to mount effective, low-cost defenses against self-propagating infectious programs known as worms.

Many computers are already equipped with software that can detect when another computer is attempting to attack it. Yet the software usually cannot identify newly-minted worms that do not share features with earlier marauders. When network managers detect suspicious activity, they face a major dilemma, said Senthil Cheetancheri, who led efforts to develop the strategy. "The question is, 'Should I shut down the network and risk losing business for a couple of hours for what could be a false alarm, or should I keep it running and risk getting infected?'"

Cheetancheri, a graduate student in the Computer Security Laboratory at UC Davis when he did the work, has shown that the conundrum can be overcome by enabling computers to share information about anomalous activity. As signals come in from other machines in the network, each computer compiles the data to continually calculate the probability that a worm attack is underway. "One suspicious activity in a network with 100 computers can't tell you much," he said. "But when you see half a dozen activities and counting, you know that something's happening."

The second part of the strategy is an algorithm that weighs the cost of a computer being disconnected from the network against the cost of it being infected by a worm. Results of this ongoing process depend on the calculated probability of an attack, and vary from computer to computer depending on what the machine is used for. The algorithm triggers a toggle to disconnect the computer whenever the cost of infection outweighs the benefit of staying online, and vice versa.

The computer used by a person working with online sales, for example, might be disconnected only when the threat of an attack is virtually certain; the benefit she provides by continuing to work during false alarms far outweighs the cost of infection. On the other hand, a computer used by a copy writer who can complete various tasks offline might disconnect whenever the probability of an attack rises above even a very low level.

The study is published in "Recent Advances in Intrusion Detection, 2008," the proceedings of a symposium that was held in Cambridge, Mass., in September, 2008.

Source: University of California - Davis

view popular send feedback to editors
4.4 /5 (5 votes)  

Filter


Move the slider to adjust rank threshold, so that you can hide some of the comments.


Display comments: newest first

physpuppy
Jan 13, 2009

Rank: 5 / 5 (1)
he conundrum can be overcome by enabling computers to share information about anomalous activity. As signals come in from other machines in the network, each computer compiles the data to continually calculate the probability that a worm attack is underway.

...
The algorithm triggers a toggle to disconnect the computer whenever the cost of infection outweighs the benefit of staying online, and vice versa


If implemented, who wants to bet that someone will come up with malicious code that causes false positives and triggers this protection code to pull machines off the network.

Corban
Jan 13, 2009

Rank: not rated yet
The worm would no longer deal damage to computers, but Physpuppy's got the right idea: what about a DDOS?
physpuppy
Jan 13, 2009

Rank: not rated yet
If you're interested in this sort of thing - security and computer risks, this is an interesting forum with lots of good information:

http://catless.ncl.ac.uk/risks

(Forum On Risks To The Public In Computers And Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator)

NeilFarbstein
Jan 13, 2009

Rank: not rated yet
you can run but you cant hide
superhuman
Jan 14, 2009

Rank: not rated yet
The proper solution is to develop an open source standardized operating system and programming software designed with security in mind from the start. Computers are fast enough today to dedicate quite a lot of computing resources to security so a modular simple system with transparent logic capable of being validated with mathematical proofs and tested by everyone is the way to go.

Once governments realize national security depends on software they will hopefully realize it's the way to go and will fund academic efforts aimed at reaching that goal. Don't count on software industry it's not in their interest to produce safe software that lasts.

Current computer technology is mature enough and there is no longer any need for operating system and software to change every few years despite what micro$oft and others who profit on this wants you to think. Current OSes provide everything applications need expect for one thing - security, frequent changes of software is one of the primary reason for poor security.

A properly written OS for business and government applications can easily last decades with only hardware, drivers and applications need to be updated if needed.

The world desperately needs an open, standardized, transparent and safe software platform and it will be developed sooner or later, its inevitable, but the likes of Microsoft will do everything to postpone it.
Rank 4.4 /5 (5 votes)
Tags

computer, network, attack, computer security, computer worms, algorithm, network administrators
Related Stories
more news
Relevant PhysicsForums posts

More news stories

Google might launch Drive for cloud storage soon

(PhysOrg.com) -- Google's next big move, according to the Wall Street Journal, is a cloud storage service called Drive. Hardly first to the plate, Google is simply catching up to introducing its cloud reposi ...

Technology / Internet

created 4 hours ago | popularity 4.5 / 5 (2) | comments 3 | with audio podcast report

Love a click away in Indonesia's Twitter Republic

He was a geeky kid from Yogyakarta, she a glamorous city girl in Jakarta. In a country with one of the world's most vibrant social networking scenes they fell in love on Twitter.

Technology / Internet

created 5 hours ago | popularity not rated yet | comments 0

Europeans protest controversial Internet pact

Tens of thousands of people marched in protests in more than a dozen European cities Saturday against a controversial anti-online piracy pact that critics say could curtail Internet freedom.

Technology / Internet

created 21 hours ago | popularity 4.6 / 5 (9) | comments 0

Walney offshore wind farm is world's biggest (for now)

(PhysOrg.com) -- The Walney wind farm on the Irish Sea--characterized by high tides, waves and windy weather--officially opened this week. The farm is treated in the press as a very big deal as the Walney ...

Technology / Energy & Green Tech

created Feb 11, 2012 | popularity 4 / 5 (11) | comments 34 | with audio podcast weblog

Navy to begin tests on electromagnetic railgun prototype launcher

The Office of Naval Research (ONR)'s Electromagnetic (EM) Railgun program will take an important step forward in the coming weeks when the first industry railgun prototype launcher is tested at a facility ...

Technology / Engineering

created Feb 06, 2012 | popularity 4.7 / 5 (16) | comments 92 | with audio podcast


Latin America mining boom clashes with conservation

Latin America is experiencing a mining boom as prices rise fuelled by a hike in global demand, but the region is also being hit by a wave of violent protests, strikes and rallies by environmentalists.

Explained: Sigma

It's a question that arises with virtually every major new finding in science or medicine: What makes a result reliable enough to be taken seriously? The answer has to do with statistical significance -- but ...

Political leaders play key role in how worried Americans are by climate change: study

More than extreme weather events and the work of scientists, it is national political leaders who influence how much Americans worry about the threat of climate change, new research finds.

NASA budget will axe Mars deal with Europe: scientists

US President Barack Obama's budget proposal to be submitted next week for 2013 will cut NASA's budget by 20 percent and eliminate a major partnership with Europe on Mars exploration, scientists said Thursday.

New power source discovered

(PhysOrg.com) -- Researchers at the Massachusetts Institute of Technology (MIT) and RMIT University have made a breakthrough in energy storage and power generation.

Entire genome of extinct human decoded from fossil

(PhysOrg.com) -- In 2010, Svante Pääbo and his colleagues presented a draft version of the genome from a small fragment of a human finger bone discovered in Denisova Cave in southern Siberia. The ...