Penn State Researchers Develop New Worm-Stopping Technology - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications

Penn State Researchers Develop New Worm-Stopping Technology

The new technology focuses on analyzing packet rate and frequency of connections, rather than signature or pattern identification.

Researchers at Penn State University say they have developed anti-malware technology that can identify and contain worms in milliseconds rather than minutes -- greatly limiting how far they spread and how much damage they cause.

The new technology, Proactive Worm Containment, focuses on analyzing packet rate and frequency of connections, rather than signature or pattern identification, according to a release from Penn State.

"A lot of worms need to spread quickly in order to do the most damage, so our software looks for anomalies in the rate and diversity of connection requests going out of hosts," says Peng Liu, associate professor of information sciences and technology at Penn State and lead researcher on the Proactive Worm Containment system.

Penn State researchers assert that because many security technologies focus on signature or pattern identification for blocking worms, they cannot respond to new attacks fast enough, allowing worms to exploit network vulnerabilities. Several minutes can elapse between when a signature-based system first recognizes a new worm and when it creates a new signature to block it from spreading any more.

When signature-based systems shorten the signature-generation time, however, they often miss worms that are capable of mutating automatically.

By targeting a packet rates, frequency of connections, and the diversity of connections to other networks, researchers claim that the Proactive Worm Containment technology can react much more quickly. Liu says only a few dozen infected packets may be sent out to other networks before the new technology can quarantine the attack. In contrast, the Slammer worm, which attacked Microsoft SQL Server, sent out about 4,000 infected packets every second, he notes.

Liu also says the technology also can fix its own mistakes. It's designed to unblock any mistakenly blocked hosts. The Penn State researchers currently are testing the technology.

The university has filed a patent for the technology. Liu worked on the project along with Yoon-Chan Jhi, a doctoral student in the Department of Computer Science and Engineering, and Lunquan Li, an information science and technology doctoral student.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
News
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Commentary
Where Cloud Spending Might Grow in 2021 and Post-Pandemic
Joao-Pierre S. Ruth, Senior Writer,  11/19/2020
Slideshows
The Ever-Expanding List of C-Level Technology Positions
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/10/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
Slideshows
Flash Poll