Your Ad Here
 

What's Next In Science & Technology

Today's Research, Tomorrow's Reality
NEW! - SCIENCE & TECHNOLOGY PODCASTS

"Proactive Worm Containment" - Works milliseconds after cyber attack

02/12/07

"Proactive Worm Containment" - Works milliseconds after cyber attackPermalink

Categories: Safety & Security, Computing, Internet 06:22:38 am
  • Currently 2.98/5
  • 1
  • 2
  • 3
  • 4
  • 5
    • i

A new anti-worm technology developed by Penn State researchers can not only identify and contain worms milliseconds after a cyber attack, but can also release the information if the quarantine turns out to be unwarranted.

Because many current security technologies focus on signature or pattern identification for blocking worms, they cannot respond to attacks fast enough, allowing worms to exploit network vulnerabilities, according to the researchers. As a result, several minutes can elapse between when a signature-based system first recognizes that a packet or datagram is a worm and when it creates a new signature to block further spread.

[More:]

But when signature-based systems shorten the signature-generation time, they often miss those worms capable of mutating automatically.

The researchers' new technology -- Proactive Worm Containment (PWC) -- doesn't rely on signature generation. Instead it targets a packet's rate or frequency of connections and the diversity of connections to other networks -- which allows PWC to react far more quickly than other technologies.

"A lot of worms need to spread quickly in order to do the most damage, so our software looks for anomalies in the rate and diversity of connection requests going out of hosts," said Peng Liu, associate professor of information sciences and technology at Penn State and lead researcher on the PWC system.

When a host with a high rate is identified, then PWC contains that host so that no packets with the worm code can be sent out.

Liu estimates that only a few dozen infected packets may be sent out to other networks before PWC can quarantine the attack. In contrast, the Slammer worm, which attacked Microsoft SQL Server, on average sent out 4,000 infected packets every second, Liu said.

Because high connection rate transmissions do not always indicate worms, PWC includes two novel techniques that can verify that suspect hosts are clean or not infected. These techniques use vulnerability-window and relaxation analyses to overcome the denial-of-service effect that could be caused by false positives, he added.

"PWC can quickly unblock any mistakenly blocked hosts," Liu said.

The PWC software can be integrated seamlessly with existing signature-based worm filtering systems. The researchers are currently beta testing PWC. Because PWC targets connection rates to identify worms, it may miss slow-spreading worms. But current technologies already can pick those up, Liu said. Worms pose a serious threat to networks, compromising network performance and even leading to denial of services. SQL Slammer, for instance, not only slowed Internet traffic but also disrupted thousands of A.T.M. machines. Additionally, worms can open the door for attackers to machines within infected networks.

Source: Penn State

1 comment
Your Ad Here

Comments, Pingbacks:

Comment from: Tony [Visitor] Email · http://www.cactuscomputer.com
As an ISP who has studied the matter, if you look only at the number of connections, you will be blocking BitTorrent users in the matter of a few minutes. Not that that is bad, mind you :->
PermalinkPermalink 06/04/08 @ 16:39

Leave a comment:

Your email address will not be displayed on this site.
Your URL will be displayed.

Allowed XHTML tags: <p, ul, ol, li, dl, dt, dd, address, blockquote, ins, del, span, bdo, br, em, strong, dfn, code, samp, kdb, var, cite, abbr, acronym, q, sub, sup, tt, i, b, big, small>
(Line breaks become <br />)
(Set cookies for name, email and url)
(Allow users to contact you through a message form (your email will NOT be displayed.))
This is a captcha-picture. It is used to prevent mass-access by robots.

Please enter the characters from the image above. (case insensitive)

   

   (Subscribe by Email)

What's Next In Science & Technology

Today's Research, Tomorrow's Reality. No gadgets and gizmos in this science and technology news blog. Only important scientific innovations which will drastically change our lives.

Top Stories

  1. Scientists Image 'Magnetic Semiconductors' On The Nanoscale - One step closer to very advanced semiconductors (4.4) 23 votes
  2. Two new planets outside our solar system discovered - Hottest ever found (4.2) 27 votes
  3. Gold nanoparticles can heat by tens of degrees in just a few nanoseconds (4.2) 55 votes
  4. Researchers Make Long DNA "Wires" For Future Medical And Electronic Devices (3.9) 15 votes
  5. "Metamaterial" Could Lead To Better Optics, Communications (3.9) 11 votes

Linkblog

What's Next In...

Podcasts

  • Desi - Indian Stand Up Comedy Video Podcast!

    http://feeds.blastpodcast.com/indianinvasioncomedy/index.xml

    A Wrench In The Works Entertainment is proud to present five of the most talented Indian stand up comedians in North America, taped live, in High Definition, before a sold out audience in Hollywood, California.

    Blowing aside political correctness, these five hilarious comics masterfully break down every imaginable stereotype. With no topic off-limits, the result is pure comedy: raw, revealing, and wildly entertaining.

    Indian Invasion Comedy brings these enormously talented comedians together for two hours of nonstop, side-splitting entertainment you can't see anywhere else.

    Bonus features include exclusive backstage interviews, and widescreen format.

    Permalink

Quotes

Indian Stand Up Comedy

Living Warbirds

November 2008
Sun Mon Tue Wed Thu Fri Sat
 << <   > >>
            1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30            

Search




Categories

Your Ad Here

Misc

Subscribe

powered by
b2Evolution

Copyright
A Wrench In The Works Entertainment Inc.