Researchers at the Pennsylvania State University announced this week that they have developed a new anti-worm technology that shaves a significant amount of time from detection and containment processes.
The research was lead by Peng Liu, associate professor of information services and technology and director of the Cyber Security Lab at Penn State, who with his team developed Proactive Worm Containment (PWC). He said PWC was developed to decrease the amount of time it takes to contain fast-acting worms, many of which can do damage before the signature or behavioral blocking systems can react.
Signature-based systems can take several minutes between recognizing a packet as a worm and creating a new signature to contain the spread of the malware. This can be devastating because worms — such as Slammer — can send upwards of 4,000 packets per second.
PWC eschews signature generation and instead targets a packet’s rate or frequency of connections and the diversity of connections to other networks. When the system sees a host with a high rate, it contains it to prevent infected packets from being sent. Liu said that PWC only takes milliseconds to contain worm outbreaks.
“A lot of worms need to spread quickly in order to do the most damage, so our software looks for anomalies in the rate and diversity of connection requests going out of hosts,” Liu said.
In order to prevent false positives, PWC also includes methods to check whether hosts are clean or infected.
“PWC can quickly unblock any mistakenly blocked hosts,” Liu said.
The new software is currently in beta, and Liu and his team are in the process of applying for a patent.
Click here to email West Coast Bureau Chief Ericka Chickowski.