By IANS,
Washington : Network administrators might soon be able to mount effective, low-cost defences against self-propagating infectious programmes known as worms, thanks to a new strategy devised by an Indian American researcher.
Many computers are already equipped with software that can detect when another computer is attempting to attack it. Yet the software usually cannot identify newly-minted worms that do not share features with earlier marauders.
When network managers detect suspicious activity, they face a major dilemma, said Senthil Cheetancheri, who led efforts to develop the strategy. “The question is, ‘Should I shut down the network and risk losing business for a couple of hours for what could be a false alarm, or should I keep it running and risk getting infected?'”
Cheetancheri, a graduate student at the Computer Security Lab at University of California-Davis (UC-D) has shown that the conundrum can be overcome by enabling computers to share information about anomalous activity.
Cheetancheri, who works as a network security expert, is a product of Coimbatore Institute of Technology, India. He also studied at Education University of California and computer science from UC-Davis.
As signals come in from other machines in the network, each computer compiles the data to continually calculate the probability that a worm attack is underway.
“One suspicious activity in a network with 100 computers can’t tell you much,” he said. “But when you see half a dozen activities and counting, you know that something’s happening.”
The second part of the strategy is an algorithm that weighs the cost of a computer being disconnected from the network against the cost of it being infected by a worm.
Results of this ongoing process depend on the calculated probability of an attack, and vary from computer to computer depending on what the machine is used for.
The algorithm triggers a toggle to disconnect the computer whenever the cost of infection outweighs the benefit of staying online, and vice versa, said a UC-D release.
The study was published in Recent Advances in Intrusion Detection, 2008.