Swarm Intelligence Fights Worms with Ants

By Cara Garretson, Veteran Business and Technology Journalist

A professor and two graduate students from Wake Forest University spent the summer at a federal computer lab developing digital ants that proactively search networks for signs of computer worms and other security threats.

These digital ants in many ways act like their real-life counterparts, according to an article about the research posted on the Wake Forest Web site.

Once they detect a worm — malware that self-replicates to spread itself to as many PCs as possible and then infect them — or similar security threats, ants converge at that location on the network to attract the attention of a human who can step in and thwart the threat.

Ants are known to be able to ramp up their defense mechanisms rapidly when an intruder is detected, then resume their normal workload.

The researchers decided to see if a similar approach would work on a cyber threat.

Currently most security technology is reactive, taking action only against known threats that have been defined and can therefore be found. Researchers are hoping that by proactively scanning a network for unusual behavior these digital ants can discover so-called zero-day threats before they do harm.

The concept, called “swarm intelligence,” is being pioneered by Glenn Fink, a research scientist at Pacific Northwest National Laboratory (PNNL) in Richland, Wash.

PNNL is one of ten Department of Energy labs in the country and researches new methods in cybersecurity.

Fink was familiar with work being done at Wake Forest under Errin Fulp, a computer science professor and network security expert, who has been working on faster security scanning by leveraging parallel processing techniques.

Fink invited Fulp and two graduate students, Wes Featherstun and Brian Williams, to combine swarm intelligence with parallel processing in a test to see how quickly the digital ants could swarm on security threats.

Over the summer the researchers built a 64-node network and deployed 3,000 different types of digital ants charged with looking for evidence of worms and other threats.

As the ants moved through the network, they would leave digital trails, much like the scent trails that real-life ants leave to guide other ants.

Each time a digital ant identified a sign of a threat, it would leave behind a bigger trail, or stronger scent.

The stronger scent would then attract more ants, quickly creating a swarm to warn researchers of a possible security concern.

As a control measure, the researchers installed “sentinels” at each machine, reporting to network “sergeants” that are monitored by humans who supervise the “colony.”

The humans ultimately control the ants so that they can’t infiltrate PCs without authorization, the researchers say.

In the researchers’ test the ants were successfully able to find a worm released on the test network, says the Wake Forest article.

PNNL has extended the research project and will continue working on swarm intelligence.

There are hopes that this approach will eventually help production networks prevent threats, although the researchers say that the digital ants work best in large networks that have many identically configured machines on them, such as those in governments, enterprises and universities.

* * *

Stay Informed With ISR News Alerts:

Email:

by FeedBurner

* * *

Cara Garretson is a veteran business and technology journalist with over 15 years experience writing and editing for print and online publications, including a position as Senior Editor for Buyer’s Guides at Network World and as a Senior Writer at Red Herring. Cara contributes regularly to CIOZone.com.

CIOZone.com is the first of its kind online meeting place for CIOs. It is built upon the foundation of social networking and combines user generated content and expert editorial together around an open source platform.

The Publisher gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author and to Information-Security-Resources.com

Filed under: Breach, CIOZone, Cara Garretson, Class Action Lawsuit, D&O Liability, FEATURE ARTICLE, Financial, Insider Threat, Sarbanes-Oxley, Uncategorized, due diligence, hackers, malware, national security, privacy 

Comments

• ISR Headline Index

  • Hackers Lurking in Hotel Networks
  • 7 Month Vulnerability in Windows Virtual PC
  • How to Secure a Cisco Router
  • On HTML Insecurities…
  • When Social Networking Clashes with Security
  • Spam Block: Public Servants or Vigilantes?
  • Sticky Situations in Social Media
  • Quick Tips for Using Secure Shell
  • Consolidate Compliance With Open Source
  • DoS Attack Reveals Widespread Vulnerabilities
  • Study Shows Employees Put Data at Risk
  • Tracking Google’s Script Kiddie Hackers
  • Newbie Introduction to Digital Forensics Part 2
  • Simple Log Review Checklist Released
  • Press F1 for Help? Microsoft Zero Day Threat!

• Recent Comments

  • Ryan Aslett on Data Loss Prevention Has Jumped the Shark
  • Tom on (Lack Of) Encryption and The HITECH Act
  • ADMIN on Patriot Hacker Hits Jihad With DDoS Attacks
  • Robert Siciliano on Data Loss Prevention Has Jumped the Shark
  • Karen J. Cox on Data Loss Prevention Has Jumped the Shark
  • Scot McLeod on Outsourcing Breach Response Lowers Costs
  • John Marke on Gartner Tells CIOs to Embrace Social Media
  • Social Engineering and Enterprise Security | CIO – Blogs and … | Enterprise Engineering Addict on Gartner Tells CIOs to Embrace Social Media
  • From Russia, With Smartphones on Top 8 Social Media Security Threats
  • Judith Hoffman on Scam Alert: Rogue Gmail Account Phishing
• 
  

  Information Security Resources

  Top network security blogs

• Categories

  • Anthony M. Freed (26)
  • Bill Brenner (2)
  • Bob Violino (1)
  • Bozidar Spirovski (23)
  • Breach (540)
  • Britt Womelsdorf (5)
  • By Dr. InfoSec (2)
  • Cara Garretson (7)
  • CCCNews (1)
  • Chorey Taylor & Feil (8)
  • Christophe Veltsos (2)
  • Christopher Burgess (7)
  • CIOZone (26)
  • Class Action Lawsuit (111)
  • Cloud computing (113)
  • Coby Royer (5)
  • CTO Forum (9)
  • D&O Liability (601)
  • Daniel Wallace (5)
  • Danny Lieberman (11)
  • DataLine (10)
  • David Alexander (2)
  • Derek Crawford (1)
  • Doug Pollack (7)
  • due diligence (310)
  • Fame Foundry (1)
  • FEATURE ARTICLE (428)
  • Financial (587)
  • Fred Leland (7)
  • Gene Kim (3)
  • Government (373)
  • Greg George (5)
  • H1N1 (15)
  • hackers (539)
  • healthcare (134)
  • Heather Bourgoin (1)
  • HomeATM (8)
  • identity-theft (535)
  • IDExperts (17)
  • Ike Z. Devji (1)
  • Infosec Island Network (38)
  • Insider Threat (490)
  • Internet Crime Complaint Center (1)
  • Internet Security Alliance (71)
  • ISR News (321)
  • Jacqueline Herships (2)
  • Jenni Hesterman (3)
  • John M. Salomon (2)
  • John Watkins (7)
  • John-Patrick Skaar (2)
  • Kaliber Data Security and Compliance Consultants (3)
  • Kat Sanders (2)
  • Ken Leeser (3)
  • Kevin L. Jackson (10)
  • Kevin M. Nixon (21)
  • Larry Ketchersid (1)
  • Laton McCartney (7)
  • Lauren Taylor (1)
  • Linda McGlasson (1)
  • malware (501)
  • Mark Smail (1)
  • Mark Wright (1)
  • Mel Duvall (3)
  • Michael Eggebrecht (3)
  • Michael Lohr (1)
  • Michael O'Conner (4)
  • MicroSolved (1)
  • Mike Duncan (3)
  • Mike Meikle (4)
  • Mike Spinney (1)
  • Military (211)
  • national security (453)
  • PCI (308)
  • PCI Security Standards Council (32)
  • Physical Security (11)
  • privacy (552)
  • Rachel James (10)
  • reach (11)
  • Rebecca Herold (16)
  • Richard Stiennon (44)
  • Robert Siciliano (34)
  • Sarbanes-Oxley (502)
  • ScamStop (2)
  • Sean Wilkins (2)
  • Semyon Dukach (1)
  • Simon Heron (14)
  • Software Associates (11)
  • Steven Fox (19)
  • SUPERAntiSpyware (3)
  • Sybase (6)
  • Symplified (5)
  • The Jester (8)
  • The Privacy Professor (16)
  • Thomas R. Fox (8)
  • Tom Groenfeldt (2)
  • Tom McLain (2)
  • Trefis (14)
  • Tripwire (18)
  • Uncategorized (621)
  • virtualization (101)
  • Webcast (49)