Penn State Technology Fast in Capturing Worms
Researchers at Penn State University have designed technology they claim can catch computer worms faster than conventional signature-based solutions and quickly let the traffic flow normally provided it is harmless, of course.
Researchers said since most existing security technologies concentrate on signature identification to capture worms, they cannot react to attacks early. This allows worms to harvest network vulnerabilities.
Thus there could be a time gap between when a signature-based solution first detects that a data packet is a worm and when it releases a new signature to stop further proliferation. But when such solutions reduce the signature-release time, they may step over worms that mutate automatically.
The new Proactive Worm Containment (PWC) technology of Penn State assesses the rate at which computer makes connection to a network and the variations between the connections. The new mechanism picks a host computer that has a high-rate request of similar connections, and blocks the wrong-doing PC so that the PC can no longer send worm-infected data.
This technique can shorten the time between identifying and gripping a worm down from minutes to milliseconds, letting only a few of infected data packets to spread, claims the research team. That would make a significant difference to notorious worms such as 'Scammer' that is capable of releasing 4,000 packets every second while attacking Microsoft's SQL Server vulnerability.
Since a large number of worms need to spread fast to inflict the maximum harm, the Penn State technology seeks irregularities in the rate and variation of connection requests passing through the hosts, said Peng Liu, associate professor of information sciences and technology at Penn State and key researcher on the PWC mechanism.
The technology is undergoing beta testing and is in the process of getting patented. It's not just fast but smart too. The new system allows release of only a few dozen packets before an attack is stopped, says Liu. The technology is also capable of determining if a suspected host is truly contaminated and send out clean systems. It is possible to use the technology in combination with signature-based detection software to capture both slow and fast-spreading worms.
Related article: PM’s Official Web Site Targeted By Hackers
» SPAMfighter News - 21-02-2007