Sunday, February 21, 2010

Unique network security algorithm stops worms from spreading; Networksecurity algorithm from Penn State researchers halts worm outbreaksquickly.( Worm Virulence Estimation algorithm from Pennsylvania StateUniversity ). USA, LLC

Microsoft Store

ArabicChinese (Simplified)Chinese (Traditional)DeutchEspanolFrenchItalianJapaneseKoreanPortugueseRussian

Researchers at Pennsylvania State University say they can block the spread of self-propagating worms on corporate networks

while keeping infected machines online so they can continue performing their legitimate duties.a

15 genius algorithms that aren't boringUsing an algorithm they devised, the research team can quickly measure how virulent

worms are and halt their spread while keeping the false-positive rate less than 5%, says Peng Liu, an associate professor

of information sciences and technology at PSU who is on the team.

In conjunction with smart switches, the Worm Virulence Estimation algorithm can discover what machines are infected and what

packets they are sending to attempt spreading the worm. The PSU system then blocks just those packets, Liu says. "It doesn't

affect your other business," he says.

That leaves infected computers free to continue authorized activities until they can be cleaned when it is convenient rather

than immediately quarantining them from the network at large.

The worm-blocking system consists of software running on smart switches in conjunction with a central security console, Liu

says. There is no client software that has to run on each PC and server.

The algorithm and experimental software is being developed into a commercial product by Day Zero Systems, a start-up founded

by Liu.

As self-propagating worms probe other machines on the network for open ports that allow entry to vulnerable machines, software

installed in the smart switches log packets as suspicious if they are being sent to ports that are closed.

This data is sent to the security console.

The console crunches the data to determine whether these suspicious packets have been sent successfully to machines that then

start similar probing activity. The more quickly these newly infected machines appear, the more virulent the worm is gauged

to be, Liu says.

The security console can be set to block suspicious packets that seem to be infecting other machines. Administrators can limit

how many machines can be infected before the packets are blocked. The PSU system can discover worms with as few as four infected

machines, Liu says, which is a third of what other similar system need. And the PSU system has a higher accuracy rate for

identifying only packets that are actually malicious, he adds.

The algorithm also takes into account the number of machines that the worm could infect if left unchecked. So if a large population

is at risk, the measures to block the suspect packets would be rated more urgent.

Using virulence as a factor in setting thresholds finds an optimal balance between stopping the spread of worms and blocking

some legitimate traffic that is misidentified as being related to the worms' spread, he says.

The algorithm doesn't use malware signatures to make decisions, so it can uncover new worms as well as it can find known worms,

Liu says.

Liu worked on the research with Yoon-Ho Choi, a post-doctoral fellow; George Kesidis, professor, electrical engineering and

computer science and engineering; and with Lunquan Li, assistant professor, Institute of Microelectronics, Chinese Academy

of Sciences, Beijing. They published their work in the February issue of Computers and Security.

Source Citation
Greene, Tim. "Unique network security algorithm stops worms from spreading; Network security algorithm from Penn State researchers halts worm outbreaks quickly." Network World (2010). Computer Database. Web. 21 Feb. 2010.
Document URL

Gale Document Number:A218439079

(Web-Page) (Album / Profile)
leonard.wilson2009@hotmail.comShop the Official Coca-Cola Store!Click here for the Best Buy Free Shipping Offers
ArabicChinese (Simplified)Chinese (Traditional)DeutchEspanolFrenchItalianJapaneseKoreanPortugueseRussian
Personalized MY M&M'S® Candies

No comments: