Featured Research

from universities, journals, and other organizations

Researchers Invent System To Control And Quarantine Worms Attacking Computer Networks

Date:
February 9, 2007
Source:
Penn State
Summary:
A new anti-worm technology developed by Penn State researchers can not only identify and contain worms milliseconds after a cyber attack, but can also release the information if the quarantine turns out to be unwarranted.

A new anti-worm technology developed by Penn State researchers can not only identify and contain worms milliseconds after a cyber attack, but can also release the information if the quarantine turns out to be unwarranted.

Because many current security technologies focus on signature or pattern identification for blocking worms, they cannot respond to attacks fast enough, allowing worms to exploit network vulnerabilities, according to the researchers. As a result, several minutes can elapse between when a signature-based system first recognizes that a packet or datagram is a worm and when it creates a new signature to block further spread.

But when signature-based systems shorten the signature-generation time, they often miss those worms capable of mutating automatically.

The researchers' new technology -- Proactive Worm Containment (PWC) -- doesn't rely on signature generation. Instead it targets a packet's rate or frequency of connections and the diversity of connections to other networks -- which allows PWC to react far more quickly than other technologies.

"A lot of worms need to spread quickly in order to do the most damage, so our software looks for anomalies in the rate and diversity of connection requests going out of hosts," said Peng Liu, associate professor of information sciences and technology at Penn State and lead researcher on the PWC system.

When a host with a high rate is identified, then PWC contains that host so that no packets with the worm code can be sent out.

Liu estimates that only a few dozen infected packets may be sent out to other networks before PWC can quarantine the attack. In contrast, the Slammer worm, which attacked Microsoft SQL Server, on average sent out 4,000 infected packets every second, Liu said.

Because high connection rate transmissions do not always indicate worms, PWC includes two novel techniques that can verify that suspect hosts are clean or not infected. These techniques use vulnerability-window and relaxation analyses to overcome the denial-of-service effect that could be caused by false positives, he added.

"PWC can quickly unblock any mistakenly blocked hosts," Liu said.

The PWC software can be integrated seamlessly with existing signature-based worm filtering systems. The researchers are currently beta testing PWC. Because PWC targets connection rates to identify worms, it may miss slow-spreading worms. But current technologies already can pick those up, Liu said. Worms pose a serious threat to networks, compromising network performance and even leading to denial of services. SQL Slammer, for instance, not only slowed Internet traffic but also disrupted thousands of A.T.M. machines. Additionally, worms can open the door for attackers to machines within infected networks.

A provisional patent has been filed by Penn State on the software, "Proactive Worm Containment (PWC) for Enterprise Networks," invented by Liu; Yoon-Chan Jhi, a doctoral student in the Department of Computer Science and Engineering; and Lunquan Li, an IST doctoral student.


Story Source:

The above story is based on materials provided by Penn State. Note: Materials may be edited for content and length.


Cite This Page:

Penn State. "Researchers Invent System To Control And Quarantine Worms Attacking Computer Networks." ScienceDaily. ScienceDaily, 9 February 2007. <www.sciencedaily.com/releases/2007/02/070208131708.htm>.
Penn State. (2007, February 9). Researchers Invent System To Control And Quarantine Worms Attacking Computer Networks. ScienceDaily. Retrieved April 16, 2014 from www.sciencedaily.com/releases/2007/02/070208131708.htm
Penn State. "Researchers Invent System To Control And Quarantine Worms Attacking Computer Networks." ScienceDaily. www.sciencedaily.com/releases/2007/02/070208131708.htm (accessed April 16, 2014).

Share This



More Computers & Math News

Wednesday, April 16, 2014

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

Google Patents Contact Lens Cameras; Internet Is Wary

Google Patents Contact Lens Cameras; Internet Is Wary

Newsy (Apr. 15, 2014) Google has filed for a patent to develop contact lenses capable of taking photos. The company describes possible benefits to blind people. Video provided by Newsy
Powered by NewsLook.com
NYPD Ends Muslim Surveillance Program

NYPD Ends Muslim Surveillance Program

AP (Apr. 15, 2014) The New York City Police Department has ended a program that once kept tabs on the city's muslim population. (April 15) Video provided by AP
Powered by NewsLook.com
Images Of Rumored Amazon Smartphone Leaked

Images Of Rumored Amazon Smartphone Leaked

Newsy (Apr. 15, 2014) BGR has leaked images of what could be Amazon's smartphone. The outlet's been right about Amazon leaks before. Sources expect an announcement in June. Video provided by Newsy
Powered by NewsLook.com
The Walking, Talking Oil-Drigging Rig

The Walking, Talking Oil-Drigging Rig

Reuters - Business Video Online (Apr. 15, 2014) Pennsylvania-based Schramm is incorporating modern technology in its next generation oil-drigging rigs, making them smaller, safer and smarter. Ernest Scheyder reports. Video provided by Reuters
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:

Breaking News:
from the past week

In Other News

... from NewsDaily.com

Science News

Health News

Environment News

Technology News



Save/Print:
Share:

Free Subscriptions


Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

Get Social & Mobile


Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

Have Feedback?


Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
Mobile: iPhone Android Web
Follow: Facebook Twitter Google+
Subscribe: RSS Feeds Email Newsletters
Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins