Can ‘digital ants’ cripple worms like Conficker and Koobface?
Posted on | September 22, 2009 | 1 comment
‘Tis the season when the major antivirus vendors try new approaches. Symantec recently announced its new reputation-based protection; and AVG next week will announce new bells and whistles in the roll out of AVG 9.0, free and paid versions.
Meanwhile, McAfee says it continually adds incremental improvements, even though it does a splashy marketing message changeover this time of year, which can be misleading, as The Tech Herald’s security editor Steve Ragan points out in this story.
Still security suites remain, by-and-large, reactive — and effective less than half the time, as Cyveillance recently reported.
Now comes Wake Forest computer science professor, Errin Fulp, who, with the aid of a couple of ace grad students, Brian Williams and Wes Featherstun, says he is on to a promising new approach to defending your computer against cyber threats, especially invasive Internet worms, like Conficker and Koobface.
The new and better technology? Digital ants.
Fulp is developing a pioneering defense he calls “swarm intelligence,” modeled after the behavior of ants. You can read his full report here.
When one of Fulp’s digital ants detects a threat residing on a PC or in a network, it sets off a digital scent, attracting compatriot ants to converge, which then should draw the attention of a systems or network administrator.
“Our idea is to deploy 3,000 different types of digital ants, each looking for evidence of a threat,” Fulp says. “As they move about the network, they leave digital trails modeled after the scent trails ants in nature use to guide other ants.”
Each time a digital ant identifies some evidence of malicious coding, it attract more ants, producing the swarm that marks a potential computer infection.
LastWatchdog would like to here from security experts as to whether this appears to be derivative of some existing technology, or is, indeed, could be a breakthrough paradigm shift.
Please share your comments.
Photo of Fulp, with Williams and Featherstun, courtesy WFU
By Byron Acohido
Comments
1 Comment »
RSS feed for comments on this post.
This sounds awfully like a variation the concept of “good viruses” that people outside of the mainstream of the anti-virus industry have proposed many times over the last 20 years.
Unfortunately using “good viruses” or “anti-virus viruses” to fight malware is quite a bad idea, for a number of reasons – some technical, some legal, some practical.
Vesselin Bontchev of Frisk Software wrote an excellent paper which discussed the challenges that “good viruses” have to overcome. As he discusses the issues far more competently and completely than I would in a blog post, I’ll just provide a link.
http://www.people.frisk-software.com/~bontchev/papers/goodvir.html
Comment by Graham Cluley, Sophos — 9/23/2009 @ 7:50 am