Penn State Researchers Develop New Worm-Stopping Technology
The new technology focuses on analyzing packet rate and frequency of connections, rather than signature or pattern identification.
Researchers at Penn State University say they have developed anti-malware technology that can identify and contain worms in milliseconds rather than minutes -- greatly limiting how far they spread and how much damage they cause.
The new technology, Proactive Worm Containment, focuses on analyzing packet rate and frequency of connections, rather than signature or pattern identification, according to a release from Penn State.
- Comparison of Avaya and ShoreTel Unified Communication Solutions
- Don't Get Stuck on Your Virtualization Journey: Where to Focus Next
- Strategy: Building and Enforcing an Endpoint Security Strategy
- 10 Emerging Threats Your Company May Not Know About
"A lot of worms need to spread quickly in order to do the most damage, so our software looks for anomalies in the rate and diversity of connection requests going out of hosts," says Peng Liu, associate professor of information sciences and technology at Penn State and lead researcher on the Proactive Worm Containment system.
Penn State researchers assert that because many security technologies focus on signature or pattern identification for blocking worms, they cannot respond to new attacks fast enough, allowing worms to exploit network vulnerabilities. Several minutes can elapse between when a signature-based system first recognizes a new worm and when it creates a new signature to block it from spreading any more.
When signature-based systems shorten the signature-generation time, however, they often miss worms that are capable of mutating automatically.
By targeting a packet rates, frequency of connections, and the diversity of connections to other networks, researchers claim that the Proactive Worm Containment technology can react much more quickly. Liu says only a few dozen infected packets may be sent out to other networks before the new technology can quarantine the attack. In contrast, the Slammer worm, which attacked Microsoft SQL Server, sent out about 4,000 infected packets every second, he notes.
Liu also says the technology also can fix its own mistakes. It's designed to unblock any mistakenly blocked hosts. The Penn State researchers currently are testing the technology.
The university has filed a patent for the technology. Liu worked on the project along with Yoon-Chan Jhi, a doctoral student in the Department of Computer Science and Engineering, and Lunquan Li, an information science and technology doctoral student.