Posted on 02/12/2007 7:00:35 AM PST by nypokerface
STATE COLLEGE, Pa., Feb. 12 (UPI) -- U.S. scientists have created anti-worm computer technology that can identify and contain "worms" milliseconds after a cyberattack begins.
A worm is a type of computer virus that doesn't alter files but resides in active memory and can duplicate itself. Worms are not usually noticed until their uncontrolled replication begins to interfere with a computer's operation.
Penn State University scientists said current technologies focus mostly on signature or pattern identification. And that means they cannot respond to attacks fast enough, allowing worms to exploit network vulnerabilities.
The new technology instead targets a packet's rate or frequency of connections and the diversity of connections to other networks, allowing it to react far more quickly than other technologies.
"A lot of worms need to spread quickly in order to do the most damage, so our software looks for anomalies in the rate and diversity of connection requests going out of hosts," said Peng Liu, associate professor of information sciences and technology at Penn State and lead researcher on the PWC system.
Penn State has filed for a patent for the system invented by Liu and doctoral students Yoon-Chan Jhi and Lunquan Li.
bump for later
The arms race continues.
The de-Americanization of scientific academia is growing apace. Tough research, modest salaries and uncertain returns and future are turning US science into an increasingly Oriental-dominated field. I work amongst them.
This is not a criticism of the Chinese. They're simply filling a vacuum created by the American abandonment of science.
Sheesh. I wrote my own <1000 line program to do exactly this with Perl and libpcap years ago when Blaster, etc. hit. Amazing what can be patented -- and sadly they'll probably get it awarded.
When someone comes up with a new defense (in any field: sports, computers, law enforcement, military), WHY do they feel compelled to tell the enemy how it works? Sure, they might eventually figure it out on their own, but why help them? My advice would be STFU.
It's like a stupid baseball manager who says they always hit a certain pitcher because he holds his glove differently when he is going to throw a curve. So the pitcher says, "Hey, thanks!"
No doubt. The behavior of worms can be easily distinguished on networks, as can much other malicious behaviors. Whenever our internal security folks scan our subnets, I get an email from a process that runs on my computer(s) and watches for such things. I then send an email to NetSec, and verify that they were behind the scan. (Just in case baddies were at work.) That freaked out one of the NetSec guys the first time, but he was grateful that I was being vigalent.
Sounds like, as an added bonus, this technique would work equally well with spam!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.