Researchers put lid on can of worms
By Rene Millman,
Researchers have devised a way of tagging worms and containing them before they damage computer systems.
The research was carried out by Peng Liu, associate professor of information services and technology and director of the Cyber Security Lab at Penn State University.
The technology, dubbed Proactive Worm Containment (PWC), doesn't rely on signature databases but looks at a packet's rate or frequency of connections and the diversity of connections to other networks - which, the researcher said, allowed PWC to react far more quickly than other technologies.
"A lot of worms need to spread quickly in order to do the most damage, so our software looks for anomalies in the rate and diversity of connection requests going out of hosts," said Liu.
When a host infected with a worm is identified, the technology contains that host so that no packets with worm code can be sent out. Liu said that only a few dozen infected packets may be sent out to other networks before PWC can quarantine the attack. In contrast, the Slammer worm, which attacked Microsoft SQL Server, on average sent out 4,000 infected packets every second, Liu said.
He said that the technology also uses two other techniques to ensure that the host is uninfected. These techniques use vulnerability-window and relaxation analyses to overcome the denial-of-service effect that could be caused by false positive.
"PWC can quickly unblock any mistakenly blocked hosts," Liu said.
The researchers are currently beta-testing the software and said it could be easily integrated with existing signature-based worm filtering systems.
advertisement
Latest Security Features
IT around the world: Russia
In the first of an on-going series examining IT markets around the globe, we look at whether investing in Russia is worth the risk – and how to go about it the right way.
- Chinese web control an Olympic challenge for tech firms
- SOS Bletchley Park
- Where will IT be in 2015?
- Q&A: John Stewart, Cisco's chief security officer
- NHS IT - something to celebrate?
- Q&A: Tom Ilube, head of Garlik
- Ten of the most infamous ‘black hat’ hackers
- USB Flash Disks: A modern day business curse?
- Creating a mobile data management policy
Latest Security Reviews
AVG Internet Security SBS Edition 8.0
Rating: 
- Finjan Vital Security Web Appliance NG-6000S
- LogLogic MX2010
- Exclusive: WatchGuard Firebox Core X750e
- Sophos ES4000 Security Appliance
- Microsoft Forefront Security for Exchange and SharePoint
- EXCLUSIVE: Juniper Networks SSG 550 UTM appliance
- EXCLUSIVE: Arbor Networks Peakflow X 3.7
- EXCLUSIVE: Check Point UTM-1 1050
- EXCLUSIVE: Finjan Vital Security NG-5100
advertisement
Latest News Videos in Security
Video: Q&A with Richard Archdeacon, Symantec
PlayIT PRO speaks to Richard Archdeacon, director, global services, at the information security software vendor Symantec.
White papers
Want more background on today's hottest IT trends?
Visit IT PRO's white paper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free white papers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Social Bookmark this article: What is this?