Featured Research

from universities, journals, and other organizations

System Halts Computer Viruses, Worms, Before End-user Stage

Date:
November 12, 2003
Source:
Washington University In St. Louis
Summary:
A computer scientist at Washington University in St. Louis has developed technology to stop malicious software – malware – such as viruses and worms long before it even has a chance to reach computers in the home and office.

A computer scientist at Washington University in St. Louis has developed technology to stop malicious software – malware – such as viruses and worms long before it even has a chance to reach computers in the home and office.

Related Articles


John Lockwood, Ph.D., an assistant professor of computer science at Washington University, and the graduate students that work in his research laboratory have developed a hardware platform called the Field-programmable Port Extender (FPX) that scans for malware transmitted over a network and filters out unwanted data.

"The FPX uses several patented technologies in order to scan for the signatures of malware quickly," said Lockwood. "Unlike existing network intrusion systems, the FPX uses hardware, not software, to scan data quickly. The FPX can scan each and every byte of every data packet transmitted through a network at a rate of 2.4 billion bits per second. In other words, the FPX could scan every word in the entire works of Shakespeare in about 1/60th of a second."

Lockwood published his results in Military and Aerospace Programmable Logic Device (MALPD), Sept.,2003.

Computer virus and Internet worm attacks are aggravating, costly, and a threat to our homeland security. Recent attacks by Nimba, Code Red, Slammer, SoBigF, and MSBlast have infected computers globally, clogged large computer networks, and degraded corporate productivity.

It can take weeks to months for Information Technology staff to clean up all of the computers throughout a network after an outbreak. The direct cost to recover from just from the 'Code Red version two' worm alone was $2.6 billion.

The United States has come to depend on computers to support its critical infrastructure. The nation's power system, financial networks, and military infrastructure all rely on computers to operate. As a form of terrorism, a foreign agent could introduce a malignant worm or virus disguised as benign data to attack computers throughout a network. Once deployed, terrorists could use this malware to bring down crucial components of our corporate infrastructure and military.

In much the same way that a human virus spreads between people that come in contact, computer viruses and Internet worms spread when computers come in contact over the Internet. Viruses spread when a computer user downloads unsafe software, opens a malicious attachment, or exchanges infected computer programs over a network. An Internet Worm spreads over the network automatically when malicious software exploits one or more vulnerabilities in an operating systems, a web server, a database application, or an email exchange system.

Existing firewalls do little to protect against such attacks. Once a few systems are compromised, they proceed to infect other machines, which in turn quickly spread throughout a network.

"As is the case with the spread of a contagious disease like SARS, the number of infected computers will grow exponentially unless contained," Lockwood said. "The speed of today's computers and vast reach of the Internet, however, make a computer virus or Internet worm spread much faster than human diseases. In the case of SoBigF, over one million computers were infected within the first 24 hours and over 200 million computers were infected within a week."

Today, most Internet worms and viruses are not detected until after they reach an end-user's personal computer. It is difficult for companies, universities, and government agencies to maintain network-wide security.

"Placing the burden of detection on the end -user isn't efficient or trustworthy because individuals tend to ignore warnings about installing new protection software and the latest security updates, "Lockwood pointed out. "New vulnerabilities are discovered daily, but not all users take the time to download new patches the moment they are posted. It can take weeks for an IT department to eradicate old versions of vulnerable software running on end-system computers."

The high speed of the FPX is possible because the logic on the FPX is implemented as Field Programmable Gate Array (FPGA) circuits, Lockwood explained. These circuits are used to scan and filter Internet traffic for worms and viruses using FPGA circuits that operate in parallel. Lockwood's group has developed and implemented circuits that process the Internet protocol (IP) packets directly in hardware. They also have developed several circuits that rapidly scan streams of data for strings or regular expressions in order to find the signatures of malware carried within the payload of Internet packets.

"On the FPX, the reconfigurable hardware can be dynamically reconfigured over the network to search for new attack patterns," Lockwood said. "Should a new Internet worm or virus be detected, multiple FPX devices can be immediately programmed to search for their signatures. Each FPX device then filters traffic passing over the network, so that it can immediately quarantine a virus or Internet worms within sub networks (subnets). By just installing a few such devices between subnets, a single device can protect thousands of users. By installing multiple devices at key locations throughout a network, large networks can be protected."

A local St. Louis company, Global Velocity ,is building commercial systems that use the FPX technology. The company is working with local companies, international corporations, universities, and the government to make plans to install systems in both local-area and wide-area networks. The device itself integrates easily into existing Gigabit Ethernet or Asynchronous Transfer Mode (ATM) networks.

The FPX itself fits within a rack-mounted chassis that can be installed in any network closet. When a virus or worm is detected, the system can either silently drop the malicious traffic or generate a pop-up message on an end-user's computer. An administrator uses a simple, web-based interface to control and configure the system.

###

The paper is online at http://www.arl.wustl.edu/~lockwood/publications/MAPLD_2003_e10_lockwood_p.pdf.


Story Source:

The above story is based on materials provided by Washington University In St. Louis. Note: Materials may be edited for content and length.


Cite This Page:

Washington University In St. Louis. "System Halts Computer Viruses, Worms, Before End-user Stage." ScienceDaily. ScienceDaily, 12 November 2003. <www.sciencedaily.com/releases/2003/11/031112073134.htm>.
Washington University In St. Louis. (2003, November 12). System Halts Computer Viruses, Worms, Before End-user Stage. ScienceDaily. Retrieved January 27, 2015 from www.sciencedaily.com/releases/2003/11/031112073134.htm
Washington University In St. Louis. "System Halts Computer Viruses, Worms, Before End-user Stage." ScienceDaily. www.sciencedaily.com/releases/2003/11/031112073134.htm (accessed January 27, 2015).

Share This


More From ScienceDaily



More Computers & Math News

Tuesday, January 27, 2015

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

Cablevision Enters Wi-Fi Phone Fray

Cablevision Enters Wi-Fi Phone Fray

Reuters - Business Video Online (Jan. 26, 2015) The entry by Cablevision and Google could intensify the already heated price wars for mobile phone service. Fred Katayama reports. Video provided by Reuters
Powered by NewsLook.com
Hector the Robot Mimics a Giant Stick Insect

Hector the Robot Mimics a Giant Stick Insect

Reuters - Innovations Video Online (Jan. 26, 2015) A robot based on a stick insect can navigate difficult terrain autonomously and adapt to its surroundings. Tara Cleary reports. Video provided by Reuters
Powered by NewsLook.com
Scientists Model Flying, Walking Drone After Vampire Bats

Scientists Model Flying, Walking Drone After Vampire Bats

Buzz60 (Jan. 26, 2015) Swiss scientists build a new drone that can both fly and walk, modeling it after the movements of common vampire bats. Jen Markham (@jenmarkham) has the story. Video provided by Buzz60
Powered by NewsLook.com
Malaysia Airlines Hack: Lizard Squad, ISIS Involved?

Malaysia Airlines Hack: Lizard Squad, ISIS Involved?

Newsy (Jan. 26, 2015) Malaysia Airlines on Sunday experienced website outages and what appeared to be an attack by hacker group Lizard Squad. Video provided by Newsy
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:

Breaking News:

Strange & Offbeat Stories


Space & Time

Matter & Energy

Computers & Math

In Other News

... from NewsDaily.com

Science News

    Health News

      Environment News

        Technology News



          Save/Print:
          Share:

          Free Subscriptions


          Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

          Get Social & Mobile


          Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

          Have Feedback?


          Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
          Mobile: iPhone Android Web
          Follow: Facebook Twitter Google+
          Subscribe: RSS Feeds Email Newsletters
          Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins