A Cheap, Distributed Zero-Day Defense?

coondoggie writes "Shutting down zero-day computer attacks could be carried out inexpensively by peer-to-peer software that shares information about anomalous behavior, say researchers at the University of California at Davis.The software would interact with existing personal firewalls and intrusion detection systems to gather data about anomalous behavior, says Senthil Cheetancheri, the lead researcher on the project he undertook as a grad student at UC Davis from 2004 to 2007. He now works for SonicWall."

Cheap defense?

[the_humeister]

How about "disconnect it from the network."? That's the cheapest one I can think of.

Will never happen.

[girlintraining]

Detecting anomalies requires a baseline of what "normal" is. That means surrendering information about the type and nature of traffic being received by your computer (and possibly sent as well). It's a privacy problem that not many people will commit to. And businesses will be even more reluctant to surrender such information. That said, an aggregate of several hundred thousand firewall logs would be an asset to many organizations and individuals. For this reason, it will never be free... The moment someone realizes there is a monentary value in what they're doing, they will attempt to capitalize on it. So, effectually, what this project is asking you to do is give them your private, personal data, so they can turn a buck under the pretense of fighting those big bad evil hackers. Isn't the market already pretty crowded with the fear-mongers, anti-virus, anti-malware, anti-anti-anti businesses?

Also, this is not a defensive product. A defense requires the ability to resist or avoid an attack. Nothing about this scheme suggests it would provide that to the end-user. It is more of a "zero day surveillance" system than anything. It's a digital cow bell. Moo, ding ding, moo. The only problem is the cow moves at the speed of light and can replicate a few thousand times a second (conservatively). Don't ask about the milk. x_x

Re:Wow...

[orclevegam]

Don't even need to break into it, just fool it. If you could convince it that some normal every day activity (say going to google more than twice in an hour) is really a sign of a 0-day attack in progress and get it to lock down network IO, you've just gotten a ready made DDoS. Simply get the system to propagate your false positive to all the nodes (which it would need to do quickly, quietly, and efficiently in order to combat 0-Day threats) and then wait for it to go off. Instant DDoS and you barely even needed to do anything. Best part is if you can make it look like you weren't trying to trick it, then even if the attack eventually gets traced back to you, you can claim you're innocent and the software just flaked on you.

Re:Linux Causes Woman to Drop Out of College

[Chabo]

And I cry any time a school says it requires a piece of software that can only run on one OS.

Then again, at my school the standard response would've been "there are plenty of cluster computers available all over campus, if yours won't run the necessary software."