Researchers develop new worm-stopping technology

Feb 13, 2007 12:39 PM


         Subscribe in NewsGator Online   Subscribe in Bloglines

Researchers at Penn State University say they have developed anti-malware technology that can identify and contain worms in milliseconds rather than minutes -- greatly limiting how far they spread and how much damage they cause.

According to a report in InformationWeek, the new technology -- Proactive Worm Containment -- focuses on analyzing packet rate and frequency of connections, rather than signature or pattern identification.

"A lot of worms need to spread quickly in order to do the most damage, so our software looks for anomalies in the rate and diversity of connection requests going out of hosts," says Peng Liu, associate professor of information sciences and technology at Penn State and lead researcher on the Proactive Worm Containment system.

Penn State researchers assert that because many security technologies focus on signature or pattern identification for blocking worms, they cannot respond to new attacks fast enough, allowing worms to exploit network vulnerabilities. Several minutes can elapse between when a signature-based system first recognizes a new worm and when it creates a new signature to block it from spreading any more.

When signature-based systems shorten the signature-generation time, however, they often miss worms that are capable of mutating automatically.

By targeting a packet rates, frequency of connections, and the diversity of connections to other networks, researchers claim that the Proactive Worm Containment technology can react much more quickly. Liu says only a few dozen infected packets may be sent out to other networks before the new technology can quarantine the attack. In contrast, the Slammer worm, which attacked Microsoft SQL Server, sent out about 4,000 infected packets every second, he tells the magazine.

The Penn State researchers currently are testing the technology, and the university has filed a patent for it.

Want to use this article? Click here for options!
© 2012 Penton Media Inc.

Today's New Product

Product 1 Image

Privaris Biometric Verification Software

In support of the Privaris family of personal identity verification tokens for secure physical and IT access, an updated version of its plusID Manager Version 2.0 software extends the capabilities and convenience to administer and enroll biometric tokens. The software offers multi-client support, import and export functionality, more extensive reporting features and a key server for a more convenient method of securing tokens to the issuing organization.

To read more...


Govt Security

Cover

This month in Access Control

Latest Jobs

Popular Stories

Resources

Back to Top