Digital ants to protect computers against viruses

Digital ants to protect computers against viruses

In the never-ending battle to protect computer networks from intruders, security experts are deploying a new defence, modelled on one of nature's hardiest creatures -- the ant.

Unlike traditional security devices, which are static, these "digital ants" wander through computer networks looking for threats, such as "computer worms" -- self-replicating programmes designed to steal information or facilitate unauthorised use of machines.

When a digital ant detects a threat, it doesn't take long for an army of ants to converge at that location, drawing the attention of human operators who step in to investigate.

The concept, called "swarm intelligence", promises to transform cyber security because it adapts readily to changing threats.

"In nature, we know that ants defend against threats very successfully," explains Errin Fulp, computer science professor and expert in security and computer networks, at the Wake Forest University (WFU).

"They can ramp up their defence rapidly, and then resume routine behaviour quickly after an intruder has been stopped. We were trying to achieve that same framework in a computer system," he says.

Current security devices are designed to defend against all known threats at all times, but the bad guys who write malware -- software created for malicious purposes -- keep introducing slight variations to evade computer defences.

As new variations are discovered and updates issued, security programmes gobble more resources, antivirus scans take longer and machines run slower -- a familiar problem for most computer users.

Glenn Fink, research scientist at Pacific Northwest National Laboratory (PNNL) in Richland, Washington, came up with the idea of copying ant behaviour. PNNL, one of 10 Department of Energy (DoE) labs, conducts cutting-edge research in cyber security.

Fink was familiar with Fulp's expertise developing faster scans using parallel processing -- dividing computer data into batches like lines of shoppers going through grocery store checkouts, where each lane is focussed on certain threats.

He invited Fulp and Wake Forest graduate students Wes Featherstun and Brian Williams to join a project there this summer that tested digital ants on a network of 64 computers.

Swarm intelligence, the approach developed by PNNL and Wake Forest, divides up the process of searching for specific threats, says a WFU release.

"Our idea is to deploy 3,000 different types of digital ants, each looking for evidence of a threat," Fulp says.

Fulp introduced a worm into the network, and the digital ants successfully found it. PNNL has extended the project this semester, and Featherstun and Williams plan to incorporate the research into their master's theses.