Forgot your password?
typodupeerror
Programming AI Bug Security Science Technology

Modeling Security Software To Mimic Ant Behavior 68

Posted by Roblimo
from the maybe-more-like-white-blood-cells-than-ants dept.
wiredmikey writes "Researchers from universities and national laboratories in the United States are developing software that mimics ant behavior, as a new approach to network security." The concept has been around for a while, but this summer researchers are working to train the "digital ants" well enough that they can turn them loose into the power grid to seek out computer viruses trying to wreak havoc on the system.
This discussion has been archived. No new comments can be posted.

Modeling Security Software To Mimic Ant Behavior

Comments Filter:
  • Will McAfee come out with Ant Trap 1.0?
    • by Meski (774546)
      It'll work if we tip honey on all the malware.

      A new definition of honey-trap.
  • by Anonymous Coward

    Turn them loose? Sounds like skynet. What could possibly go wrong?

    • Was thinking the same thing. Let me know when they are about to start so I can make sure I am out of possible nuke targets.

  • by bugs2squash (1132591) on Wednesday June 01, 2011 @11:53AM (#36309004)
    That swallowed a fly...
    • I wonder why it swallowed a fly?...

    • by Wiarumas (919682)
      For those who don't understand this (insightful) post, its based off a children's novel (http://en.wikipedia.org/wiki/There_Was_an_Old_Lady_Who_Swallowed_a_Fly). There is an old woman who swallowed a fly and she keeps eating other animals to get rid of the previous animal until she eventually dies in the end (some versions have a censored ending).
  • Obligatory (Score:3, Informative)

    by Blackdognight (1329141) on Wednesday June 01, 2011 @11:58AM (#36309068)
    "I, for one, welcome our new insect overlords." Sorry, but the perfect oportunity to use the original quote doesn't come up every day...
  • by Anonymous Coward

    So, in order for these "ant-like" software agents to "roam" around a network, presumably all the machines on the net will have to keep a port open to accept random downloads of software to run locally?

    Sure, that'll work.

  • by Zerth (26112) on Wednesday June 01, 2011 @12:00PM (#36309092)

    I'd like my security software to stay resident at all times, thank you very much.

    And "swarming"? I suppose that is an effective response, sucking up CPU by making meaningless copies of itself will keep the virus from doing much. But I'd rather remove the malware.

    • by Inda (580031)
      They wander to create networks: http://science.slashdot.org/story/11/02/17/2243203/Ants-Build-Cheapest-Networks

      I like ants; I've owned ant farms, but c'mon, they can't be used for everything. Digging sand from under your garden path? Sure. Farming aphids? Yeah, they do a better job than I ever could ever do...

      Leave the computer stuff to the intelligent animals.
  • Uh...WTF? (Score:5, Interesting)

    by chill (34294) on Wednesday June 01, 2011 @12:02PM (#36309114) Journal

    "In nature, we know that ants defend against threats very successfully," Fulp said. "They can ramp up their defense rapidly, and then resume routine behavior quickly after an intruder has been stopped. We're trying to achieve that same framework in a computer system."

    Yeah, that's what we need. One Symantec AV can't stop a virus it doesn't know about, so we need TEN SYMANTEC AVS on the job.

    The problem in computer security is one of DISCERNING INTENT. Good code and bad code look the same. The call the same functions, perform mostly the same tasks.

    Think of VNC or Windows Remote Help vs a backdoor trojan. Same basic thing, just different intent.

    FTP, Dropbox or other file transfer vs a trojan that uploads your files. Intent again.

    Ants don't do any better at recognizing bad guys than AV software does. Faced with an enemy that is TRYING to disguise itself, they are fooled or sidelined. http://www.securityweek.com/researchers-model-security-software-mimic-behavior-ants [securityweek.com]

    On the bight side, I'll be they can squeeze a few research grants out of it.

    • ZoneAlarm and Comodo DO detect RealVNC as possible threat, asking for authorization to run, then another to connect. Same with Crossloop (which is just a shell for RealVNC with a custom connection schema, though).

      • by chill (34294)

        Yes, but that isn't a solution. That is just passing it on to the user to say "I see something, what is it?" Again, it defers determining intent to the user.

        In real world application, ZoneAlarm and Comodo are next to useless because clueless users just keep clicking "allow" to make it stop bothering them.

        God help them when "svchost.exe" pops up asking for permission.

      • Which is really annoying if the firewall updates and forgets you told it VNC was OK, then you're left with a machine that has no monitor, mouse, or keyboard waiting for someone to click OK. (Thank you Comodo....)
        • Well, just add another program to the box which monitors the firewall and emulates clicking OK whenever that window appears. :-)

      • Back in my days working the abuse desk at an ISP, ZoneAlarm was the bane of my existence. The problem with ZoneAlarm is that it would freak out about EVERYTHING unless it was configured by someone who actually had a clue...but no one who actually had a clue would use ZoneAlarm, since much better products (like Sygate, IIRC) were available. We had customers write to complain that they were being hacked by the ISP DNS servers, mail servers, 127.0.0.1 (yes, I actually had someone write in to ask us to take a
        • I got fed up by the pro version's insane resource utilization when updating. It was enough to actually break USB connection to my phone. So off it went, and I switched to Comodo. Since I can't pay for the license (being a student and whatnot), I'd rather my AV/Firewall was free... :)

    • by PhilHibbs (4537)

      I think the broad theory is that each computer on a network behaves like an ant, passing information to other computers about the network environment. If one computer starts misbehaving, the others can communicate this information and avoid the infected machine or the source of the incoming traffic. If the security software on the infected PC is compromised, they might even be able to force the infected machine to run some different security software that can help combat the threat. This is all just off the

    • by pookemon (909195)
      Ah yes, however now when you are bored at work, and you look out the window and see a beautiful day, with the sun shining, you can have some fun by grabbing a magnifying glass and setting fire to your security software.
  • ...but the power of such a system is in interpreting the data. It sounds as if the 'ants' themselves wander about the network observing specific attributes, then leaving behind a few notes on anomalies found. Other ants come along, attracted by the 'scent' of the data, and add their own observations. This is all well and good, but my skepticism comes in when we try to interpret the 'odors'. The ants have a chance of observing an event they or another ant caused to happen, which introduces false positives
  • "this summer researchers are working to train the "digital ants" well enough that they can turn them loose into the power grid to seek out computer viruses trying to wreak havoc on the system".

    The only way 'computer viruses` could get into the power grid is if you run your SCADA units on Microsoft Windows and connect them directly to the Internet. Designing a system that allows 'digital ants` to scurry about and be secure at the same time is a contradiction in terms. What happens if the 'digital ants` are

    • by vlm (69642)

      What happens if the 'digital ants` are hijacked by the .cyber->terrorists :)

      This will be the inevitable outcome. Random software is not allowed inside, or at least we put a measurable although microscopic effort into it. Digital ants are allowed in. Therefore they will be the infection vector of the future. "who watches the watchers"

    • What part of don't connect your SCADA units to the Internet don't these 'security experts' understand?

      The "don't" part, of course.

    • It doesn't require an Internet connection to get infected. The most useful approach I've seen so far in power plants is 2 separated networks. One reserved for control with no external media or Internetconnection and one with internet and functioning drives, USB ports and all that. People are going to try to use the computer on their desk to do stuff they want, unless you provide them with an alternative. Lock the control computer down as best as you can, and leave the other one as open as possible.
    • What part of don't connect your SCADA units to the Internet don't these 'security experts' understand?

      When they're not connected to the Internet, they're connected to a modem with no authentication...

  • by gatkinso (15975) on Wednesday June 01, 2011 @12:21PM (#36309304)

    Hahahahawhawhaw.

    Carry on.

  • Exit the age of the computer virus. Enter the age of the computer fungus! [youtube.com]
  • "In nature, we know that ants defend against threats very successfully," Fulp said. "They can ramp up their defense rapidly, and then resume routine behavior quickly after an intruder has been stopped. We're trying to achieve that same framework in a computer system." link [securityweek.com]

    Except computer viruses are no way near analogous to the biological kind. In nature the virus first has to latch onto the outside of the cell before injecting its genetic payload. It does this by hijacking biological processes necessary t

    • by jonadab (583620)
      > In nature, we know that ants defend against threats very successfully

      Sure. Ants are particularly prolific even as insects go. They can take hundred-to-one losses against virtually anything and still win by sheer numbers.

      Off the top of my head the only creature I can think of that can consistently wipe out entire colonies of ants and prevent them from coming back is a human.

      In other words, the analogy is stupid.

      The security technology may or may not be stupid. It's hard to tell, because unfortunately
  • ...to honeypots?

    • by pasv (755179)
      Is it just me or is creating "buzz"words nowadays an actual career path? (a lucrative one at that).
  • ...crispy ant jerky

    With apologies to Scott Adams, whomever he is signed in as today

  • Well, I was wrong. The DigiAnts are a godsend.

    But isn’t that a bit short-sighted? What happens when we’re overrun by DigiAnts?

    No problem. We simply release wave after wave of Chinese DigiAnteater. They’ll wipe out the DigiAnts.

    But aren’t the DigiAnteaters even worse?

    Yes, but we’re prepared for that. We’ve lined up a fabulous type of DigiGorilla that thrives on DigiAnteater bits.

    But then we’re stuck with DigiGorillas!

    No, that’s the beautiful part. When IPv6 rol

  • Is it me, or is it getting a bit warm on such a fine, sunny day?
  • nuff'said
  • From TFA:

    Berenhaut and Hilton are working to answer man questions: How do the ants migrate across different computer platforms and systems operating at different speeds?

    I'm not entirely sure how that's a "man question", and I certainly don't want MANswers [wikipedia.org] to attempt to answer it.

  • All it takes is a 10 year old with a magnifying glass to wipe out your entire security system.

  • "In nature, we know that ants defend against threats very successfully," Fulp said.

    Yeah, I'd say lions defend against threats even better. Why not model our security software to mimic lion behavior?

    First it would conceal among other packets until the virus gets distracted. Then it will run at it in an angle so that the virus will run straight into an ambush mounted by other lions. Then they will bite the virus neck until it dies. Done! No more virus!

    You may be vulnerable while your security software is napping though...

  • Wasn't it the writer of Melissa that has had original intent of searching for other virii and removing them? I am no cracker, but from what I know AV software is common initial target of any decent virus; why would ants be immune to such attacks and who could guarantee that they are impermeable? This scenario sounds more like "once you get infected, can't get help by being insected" or whatever. Adding more possible holes that have mind of their own isn't really a security way to go...
  • "researchers are working to train the digital ants well enough that they can turn them loose" ...
    100 years later:
    Agent Smith: I'd like to share a revelation that I've had during my time here. It came to me when I tried to classify your species and I realized that you're not actually mammals. Every mammal on this planet instinctively develops a natural equilibrium with the surrounding environment but you humans do not. You move to an area and you multiply and multiply until every natural resource is cons
  • is going to be full of bugs
  • Seems like a great idea, as long as it's released on an electrical network that I'm not using!
  • "Human Readable" in his short story collection "With a Little Help".
    Really enjoyable read, as are all his books. And you can read 'em for free if you like (most, if not all, are under creative commons), so there's no harm in checking it out :-)

    I'd love to explain the story, cause it's really great, but that'd give away too much.

A CONS is an object which cares. -- Bernie Greenberg.

Working...