Computer Security: Adapt or Die
As security threats evolve, systems will have to become adaptive and resilient.
Computerworld - Intel Corp. is developing a way for networked computers to “gossip” among themselves, sharing their experiences and “beliefs.” The idea is to stay a step ahead of hackers.
For years, the backbone of computer security has been the use of tools, such as firewalls and virus scanners, that base their actions on knowledge, or “signatures,” of past attacks. But this has two problems: The tools generally don’t recognize new threats, and they can’t be updated rapidly enough to deal with fast-spreading exploits.
The answer, IT researchers say, lies in new tools for “adaptive and resilient computing security,” the name of a recent workshop sponsored by the Santa Fe Institute and BT Group PLC.
“Signature-based technology is limited,” says Robert Ghanea-Hercock, a research engineer at BT in London and the leader of the workshop. “For cutting-edge day-to-day protection, you’ll have to have adaptive things that monitor what’s happening on the network in real time.”
That’s just what Intel is developing. “Anomaly detectors” at local nodes on a network look for evidence of worms, such as unusual spikes in activity. A machine that normally makes just a few network connections per second might suspect that something is amiss if it is suddenly instructed to make connections at a higher rate. So, using a peer-to-peer “gossip” protocol, it transmits to other machines its so-called belief, in the form of a probability, that the network may be under attack. If the total number of beliefs that any given machine receives from other nodes is high enough, it will assume that an attack is under way and take some defensive action, such as sounding an alarm or disconnecting from the network.
Intrusion-detection systems that look for anomalous behavior are not new. And it’s not hard to detect an intrusion by a fast-spreading worm such as the infamous SQL Slammer, which infected more than 10,000 machines per second (response is a different matter). But more recently, hackers have deliberately slowed the spread of their malware so it will pass under the radar of conventional detectors.
The era of massive, highly visible worm attacks has largely passed, says Richard Ford, a computer science professor at the Florida Institute of Technology in Melbourne.
“Now what we are seeing is that hackers keep exploits close to their chests and use them for high-value targets,” he says. “That dramatically changes the threat profile.”
The Intel prototype, called Distributed Detection and Inference (DDI), uses Bayesian probability to detect these more stealthy worms. The idea is that if just one node is seeing a big increase in connections, that could be a temporary, random fluctuation, but 50 nodes experiencing even a modest increase in traffic very likely means that the network is under attack and that a protective response is warranted.
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Surescripts Case Study- Securing Keys and Certificates Surescripts implemented Venafi's Trust Protection Platform™ to secure digital keys and certificates, ensure the privacy and confidentiality of electronic clinical information for its...
- Ponemon 2014 SSH Security Vulnerability Report According to research by the Ponemon Institute, 3 out of 4 enterprises have no security controls in place for SSH which leaves organizations...
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities.
- Deep Dive into Advanced Networking and Security with Hybrid Cloud Security and networking are among the top concerns when moving workloads to the cloud. VMware vCloud® Hybrid Service™ enables you to extend your... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!