Featured Research

from universities, journals, and other organizations

Could Have Stopped The I-Love-You Virus: Intelligent Agents Challenge Computer Intruders

Date:
May 19, 2000
Source:
Sandia National Laboratories
Summary:
In the movie "The Matrix," malevolent but intelligent security agents -- personifications of computer programs able to learn -- defend an evil worldwide web. Now an intelligent software agent wearing a white hat and able to defend itself alone and in groups on today's Worldwide Web has been created at the Department of Energy's Sandia National Laboratories.

In the movie "The Matrix," malevolent but intelligent security agents -- personifications of computer programs able to learn -- defend an evil worldwide web.

Related Articles


Now an intelligent software agent wearing a white hat and able to defend itself alone and in groups on today's Worldwide Web has been created at the Department of Energy's Sandia National Laboratories, which counts among its credentials the fastest computer in the world (ASCI Red) and the fastest 'home-assembled' computer in the world (C-Plant).

"If every node on the Internet was run by one of these agents, the I-Love-You virus would not have got beyond the first machine," says Steve Goldsmith, lead scientist on the project.

In March, a coalition of these Sandia cyberagents successfully protected five network-linked computers over two full working days of concentrated attack by a four-person hacker force called the Red Team -- an expert hacker group, also at Sandia, whose purpose is to test the defenses of government and corporate computer systems.

The cyberagent, still in the laboratory stage, actually functions as a multiagent collective -- a distributed program that runs on multiple computers in a network. These could range from artists' collectives to international corporate computer systems, and from neighborhood shopping groups to an armada of computer-coordinated Abrams tanks.

"We're less concerned with the teen-aged kid and more with the serious agents from foreign governments or foreign corporations who may take a long time, very gently probing to understand where computers are that they can take over or compromise," says Goldsmith. "On command, they can be made to act as a supercomputer to attack a target, as happened recently, or crack a privacy code intended to protect financial, medical, or other critical data."

The program reacts with suspicion to "port scans" that scan all ports -- net addresses on a computer that allow entry to different functions -- even if the scan takes place over a long period of time, like a year.

The "agent" program works by setting up a supra-net collective that constantly compares notes to determine what unusual requests or commands have been received from external or internal sources. Because of this, the system response is not limited to waiting till someone has figured out a defense and put it into a virus checker.

Says Ray Parks, leader of the Sandia Red team, "The biggest problem in the computer world is that new stuff is coming along that you don't even know exists. Your software doesn't recognize it. Current defenses work as virus checkers; they recognize only specific virus patterns. But this software will recognize odd attacks. It will turn off services, close ports, go to alternate means of communication, and tighten firewalls."

What distinguishes the Sandia agent programs from others is that they integrate security functions with normal services -- 'ftp', 'WWW,' and browsers. "They're all in each agent. This provides intrinsic security to each user," says Goldsmith.

The multiagent program is sensitive enough to pick up and store the memory of very faint probes almost indistinguishable from system noise as hackers try to learn enough to take over the computers in a group. Using a sophisticated pattern-recognition system, it can shut down computers in which "Trojan Horses" (secret programs to be operated at a later date by external hostile control) have been installed. It can remove from the network a computer taken over by a hostile insider. And against a runaway barrage of incoming network requests, as recently closed the cyber doors of several American corporations, it can close the gates of the system to prevent it from being flooded with repetitive requests. Among the wary agent's cybertools are prohibitions on 'live' programs such as the I-Love-You virus entering an email system.

No central authority operates the agent. Instead, decentralized control of the algorithm operating each agent makes each autonomous yet cooperative. So, no single point of attack can bring down the collective.

Release of the program for consumer use, Goldsmith estimates, is three years away. "The basic agent program will be ready for specific applications in security-critical businesses and government next year, but the agent must be trained to protect a wider variety of services before it can be used by the average household."

"Never send a human to do a machine's job: the cyberagent is a program acting under its own recognizance, and not under the direct control of an operator,' says researcher Laurence Phillips, a member of the group. "Humans aren't fast enough. A person sitting at a terminal cannot protect you from Internet attack that is coming from everywhere in large masses of data."

More futuristic uses of intelligent agents involve protecting interplanetary missions that one day may operate robot swarms -- cheap multiple robots whose members are expendable -- rather than one expensive robot that could render useless the entire mission if it malfunctions. Swarm robots have a vulnerable point: they could be the targets of long-distance hackers. In the case of joint missions, the weakness could make them prey of a nation that might desire failure of the mission for political reasons of its own.

The Worldwide Web will be particularly vulnerable to countries that do not have adequate on-line protection programs, says Goldsmith. "Computers in such countries will become a resource for hackers. If hackers can take up enough nodes, they will have a supercomputer at their disposal that can break commercial codes or mount attacks before people can respond."

Such laggard countries, says Goldsmith, "may not be popular with other countries and may be pressured by the international community to secure -- i.e., inoculate -- their systems.

"Ultimately, consumer-level deployment of intelligent-agent programs will replace other programs," predicts Goldsmith. "Interested consumers or businesses could form secure coalitions against hackers, and they will need to. The home computer is going to be connected to the Internet 24 hours a day, seven days a week with high-speed systems like DSL or cable modem. People will become the target of attacks."

The multiagent program can also send out probes to locate and figure out the operating system of the attacking force.

"It's a sophisticated program," says Goldsmith. "For example, it replaces old agents by fresh agents periodically. This ensures that hacked systems are flushed eventually and must be re-hacked to be compromised."

A kind of artificial life on the Internet, an agent's entire structure is described by a program 'genome.' "Download a genome and it grows a new agent from scratch. Once it's born, it connects immediately to other agents and becomes a member of the security community. This makes the agent programs easy to deploy in large numbers on the Internet."

###

Other members of the Sandia team include Shannon Spires, Hamilton Link, Brian Murphy-Dye, Brad Nation, Pat Gilfeather, and Gabi Istrail. Work on the program was initially funded by Sandia's Laboratory-Directed Research and Development program in its "Grand Challenge" called Engineered Collectives. Current funding is from DOE Defense Programs.

Sandia is a multiprogram DOE laboratory, operated by a subsidiary of Lockheed Martin Corp. With main facilities in Albuquerque, N.M., and Livermore, Calif., Sandia has major research and development responsibilities in national security, energy, and environmental technologies.


Story Source:

The above story is based on materials provided by Sandia National Laboratories. Note: Materials may be edited for content and length.


Cite This Page:

Sandia National Laboratories. "Could Have Stopped The I-Love-You Virus: Intelligent Agents Challenge Computer Intruders." ScienceDaily. ScienceDaily, 19 May 2000. <www.sciencedaily.com/releases/2000/05/000519065848.htm>.
Sandia National Laboratories. (2000, May 19). Could Have Stopped The I-Love-You Virus: Intelligent Agents Challenge Computer Intruders. ScienceDaily. Retrieved December 19, 2014 from www.sciencedaily.com/releases/2000/05/000519065848.htm
Sandia National Laboratories. "Could Have Stopped The I-Love-You Virus: Intelligent Agents Challenge Computer Intruders." ScienceDaily. www.sciencedaily.com/releases/2000/05/000519065848.htm (accessed December 19, 2014).

Share This


More From ScienceDaily



More Computers & Math News

Friday, December 19, 2014

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

Navy Unveils Robot Fish

Navy Unveils Robot Fish

Reuters - Light News Video Online (Dec. 18, 2014) The U.S. Navy unveils an underwater device that mimics the movement of a fish. Tara Cleary reports. Video provided by Reuters
Powered by NewsLook.com
How 2014 Shaped The Future Of The Internet

How 2014 Shaped The Future Of The Internet

Newsy (Dec. 18, 2014) It has been a long, busy year for Net Neutrality. The stage is set for an expected landmark FCC decision sometime in 2015. Video provided by Newsy
Powered by NewsLook.com
White House: Sony Hack a 'serious National Security Matter'

White House: Sony Hack a 'serious National Security Matter'

AFP (Dec. 18, 2014) White House spokesperson Josh Earnest says cyber attacks that ultimately prompted Sony Pictures to scrap the release of a madcap comedy about North Korea are a "serious national security matter." Duration: 00:35 Video provided by AFP
Powered by NewsLook.com
Google Maps Lets You Tour Street View in Virtual Reality

Google Maps Lets You Tour Street View in Virtual Reality

Buzz60 (Dec. 18, 2014) Google Maps now lets Android users see cities on Street View in virtual reality with the special Cardboard feature. Sean Dowling (@Seandowlingtv) has the details. Video provided by Buzz60
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:

Breaking News:

Strange & Offbeat Stories


Space & Time

Matter & Energy

Computers & Math

In Other News

... from NewsDaily.com

Science News

Health News

Environment News

Technology News



Save/Print:
Share:

Free Subscriptions


Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

Get Social & Mobile


Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

Have Feedback?


Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
Mobile: iPhone Android Web
Follow: Facebook Twitter Google+
Subscribe: RSS Feeds Email Newsletters
Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins