Ants Vs. Worms — Computer Security Mimics Nature

← Back to Stories (view on slashdot.org)

Ants Vs. Worms — Computer Security Mimics Nature

Posted by Soulskill on Friday September 25, 2009 @09:14PM from the incompatible-with-raid dept.

An anonymous reader writes with this excerpt from Help Net Security: "In the never-ending battle to protect computer networks from intruders, security experts are deploying a new defense modeled after one of nature's hardiest creatures — the ant. Unlike traditional security devices, which are static, these 'digital ants' wander through computer networks looking for threats ... When a digital ant detects a threat, it doesn't take long for an army of ants to converge at that location, drawing the attention of human operators who step in to investigate. 'Our idea is to deploy 3,000 different types of digital ants, each looking for evidence of a threat,' [says Wake Forest Professor of Computer Science Errin Fulp.] 'As they move about the network, they leave digital trails modeled after the scent trails ants in nature use to guide other ants. Each time a digital ant identifies some evidence, it is programmed to leave behind a stronger scent. Stronger scent trails attract more ants, producing the swarm that marks a potential computer infection.'"

27 of 104 comments (clear)

Min score:

Reason:

Sort:

ridiculous references by sopssa · 2009-09-25 21:14 · Score: 4, Insightful

What's with the ridiculous reference to ants? If they had said this in a technical way, I might actually even understand what they mean. Now it's basically "ants travel inside your network". The article doesn't tell a lot more.
Obviously nothing is "traveling" inside your lan cable. So do they mean they have every machine in promiscuous lan that tries to seek what is traveling there? What kind of "scent" does it leave when it detects some threat and how are the other computers interact with that?
Stop doing some stupid nature references just for the hell of it, give technical details.
1. Re:ridiculous references by buchner.johannes · 2009-09-25 21:21 · Score: 5, Informative
  
  They are talking about an ant-based algorithm, often used in optimization (routing, for example). Some information is here http://en.wikipedia.org/wiki/Artificial_Ants and here.
  
  --
  NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
2. Re:ridiculous references by buchner.johannes · 2009-09-25 21:24 · Score: 5, Informative
  
  Second link: http://en.wikipedia.org/wiki/Ant_colony_optimization (sorry)
  I think this is just some theoretical research that got picked up by someone never heard of Ant algorithms (it sounds impressive when you hear it the first time), but it can often be outperformed.
  
  --
  NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
3. Re:ridiculous references by Fred_A · 2009-09-25 21:45 · Score: 4, Funny
  
  Obviously nothing is "traveling" inside your lan cable.
  So why does your network crawl all of or sudden ?
  
  --
  
  May contain traces of nut.
  Made from the freshest electrons.
4. Re:ridiculous references by Jurily · 2009-09-26 00:42 · Score: 2, Interesting
  
  They are talking about an ant-based algorithm, often used in optimization (routing, for example).
  I'm sorry, but neither you nor the article make any fucking sense whatsoever. This is an IT geek site, stop with the fucking metaphores. Why do these people expect us to understand "virtual ants wander around the network" any more than "a network scanner that looks for the same security holes as the worms, only this notifies the sysadmin about them"?
5. Re:ridiculous references by Chris+Burke · 2009-09-26 02:46 · Score: 4, Insightful
  
  And ant colony algorithms by themselves are just an obfuscated way of defining ad-hoc probabilistic algorithms.
  It's not "obfuscated", they are explicitly in that class of algorithms.
  In other words it's completely heuristic, there is no actual theory that justifies defining the algorithms in that particular way.
  Yeah and there's no theory a priori justifying simulated annealing or genetic algorithms work in their particular way. But they work. Random heuristics work (and there is theory explaining why, in general, they do). Different heuristics have different properties that are beneficial in some circumstances. That's why there's more than one. That's why Monte Carlo simulations weren't the final word on random heuristics.
  And what they do has precious little to do with actual ants.
  As much as genetic algorithms have to do with biological evolution or simulated annealing has to do with cooling metal. As in... next to nothing in a literal sense, but quite a bit in an inspirational or metaphorical sense. Probabilistically following previous paths through the solution space, with those paths 'evaporating' over time unless reinforced, is a pretty good analogy for what ants really do, and a good hint as to the algorithms advantages -- it does a good job of finding and tracking changes in the solution space in dynamic situations.
  Basically, "Oh it's just a heuristic and not literally like the inspiration its named after" is the worst way to dismiss an algorithm ever.
  Though, on the other hand, why this is a good idea for network security, I don't know. Why would you want a bunch of agents to "swarm" a location where problems are found, rather than just, say, deleting any instances of virus/worms found, and closing any security holes found (or notifying the sysadmin so they can), is beyond me.
  
  --
  
  The enemies of Democracy are
6. Re:ridiculous references by mikael · 2009-09-26 05:19 · Score: 3, Informative
  
  He just uses "ants and swarms" to replace "daemon and daemons".
  His research is based on a network of 64 computers and has identified all sorts of different types of security breach that can be detected on a network (unauthorized ssh/ftp, botnet commands, spam-mailer, virus-in-a-mail-message, backdoor trojan) and that it might not be possible to detect where the originating commands are coming from - a whole load of servers or PC's might be infected.
  The article states that there is a performance gain from having a separate task to detect each of these (he calls these ants). Since there are so many files, ports and devices to be checked, it is better to have multiple copies of each task. OS people would call these 'daemons'. Testing for all of these security breach requires a "swarm of ants" or a "plague of daemons" (whatever the aggreggate work of daemon is).
  I guess talking about daemons in the server network would probably scare the h*ll out of Christian Managers.
  
  --
  Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
7. Re:ridiculous references by lewko · 2009-09-26 15:07 · Score: 2, Funny
  
  Because hearing "Drunken cheerleader" and "virus" in the same sentence kinda spoils the fantasy.
  
  --
  Do you or your partner snore? - Visit www.snoring.com.au
Obvious questions. by palegray.net · 2009-09-25 21:21 · Score: 2, Insightful
The second question depends heavily on the answer to the first.
- Who gets to decide what qualifies as malware or a "threat?"
- Why should user agents trust this assessment?
--
512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
1. Re:Obvious questions. by buchner.johannes · 2009-09-25 21:29 · Score: 2, Funny
  
  My idea for network security would be this:
  Measure network traffic for a normal week or two, no limitations. Everyone should do the things they usually need to do. Ports, Types of traffic, etc. and Bandwidth is recorded.
  Then the admin creates a firewall setting from that (hopefully automatically).
  In the following weeks, differences to the behavior is measured, allowing the admin to extend or restrict the rules.
  And it would have colorful buttons.
  
  --
  NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
I can defeat the ants by t0qer · 2009-09-25 21:25 · Score: 5, Funny

I just gotta run..
%SystemRoot%\system32\magnify.exe
1. Re:I can defeat the ants by adrianwn · 2009-09-25 23:53 · Score: 2, Funny
  
  Just be careful you don't leave a honeypot lying around anywhere your ants will find it.
2. Re:I can defeat the ants by Zalbik · 2009-09-26 03:13 · Score: 2, Funny
  
  That only works if you have a Sun server.
Taking the analogy further... by AdamInParadise · 2009-09-25 21:26 · Score: 2, Insightful

In nature, an ant can get infected by many kinds of fungus, and when they return to the colony or meet another ant, the fungus can spread to another host.
Similarly, deploying this kind of "digital agents systems" opens another path of transmission for viruses and worms.
It's nice to see that some people are still active in this research area, but does anyone knows of a product that actually use such a principle for real?

--
Nobox: Only simple products.
1. Re:Taking the analogy further... by Lesrahpem · 2009-09-25 21:43 · Score: 3, Interesting
  
  This reminds me of how one of the first worms was actually created. Xerox made it for going around their computers after hours and doing various checks and system maintainence. It got out of control and DoS'ed their network.
2. Re:Taking the analogy further... by whisper_jeff · 2009-09-25 23:59 · Score: 2, Interesting
  
  but does anyone knows of a product that actually use such a principle for real?
  Yes. Ants
  
  It's a p2p program that uses a similar principle to vastly increase user anonymity. Currently, the only downside of the program (that I've noticed) is that it is in such minimal usage. The ant-like functionality of it, however, is really quite intelligent.
I'm looking for a new hobby by Norsefire · 2009-09-25 21:38 · Score: 2, Funny

We've got Worms and Spiders, now Ants!? I'm going to have to find a new hobby; computing doesn't seem very entomophobiac-friendly.
1. Re:I'm looking for a new hobby by The+Archon+V2.0 · 2009-09-26 08:03 · Score: 3, Funny
  
  We've got Worms and Spiders, now Ants!? I'm going to have to find a new hobby; computing doesn't seem very entomophobiac-friendly.
  We started with bugs years ago. It was only a matter of time before everyone else moved in.
Let's use another analogy by turing_m · 2009-09-25 21:52 · Score: 3, Funny

The internet is a lady of ill repute. My approach to security when "connected" to the internet is like 3 layers (hardware firewall, running as unprivileged user, whitelisting javascript/flash) of prophylactic separated by 2 layers of Deep Heat (logging, and tripwire). If either of the outer layers are "breached", I get a prompt warning.

--
If I have seen further it is by stealing the Intellectual Property of giants.
The EU Serenity Project is using the same approach by Futurepower(R) · 2009-09-25 22:17 · Score: 3, Interesting

MOD PARENT UP. It is apparently correct to be skeptical.

The Serenity Project in the European Union is using the same approach. They call it "Ambient Intelligence(AmI)." The level of intelligence in the Serenity project may be indicated by the fact that, at present, 2009-09-26, 02:47 PDT, there is no space before "(AmI)". The Ambient Intelligence in the Serenity Project is very low, apparently.

Someone who worked for SAP Labs France told me the SAP Labs France part of the Serenity Project is so poorly managed that smart people leave as soon as they can find other jobs.

Apparently the only way of providing security that actually works is the Open BSD method: Audit the code. No number of "ants" can provide the security of audited code.

Want more biological humor? Read about SAP's customer-focused ecosystem. It supposedly fosters "... an ideal environment for ongoing innovation and value creation..." Biological references are apparently the hot new thing in corporate-speak. Biological references concerning computers are very useful to people who have no technical knowledge and don't want any, because they are so vague the speaker can never be found wrong.
So... bugs? by jamesh · 2009-09-25 22:33 · Score: 5, Funny

If I wanted 3000 bugs swarming inside my computer i'd run Windows.
1. Re:So... bugs? by dissy · 2009-09-26 01:13 · Score: 2, Funny
  
  If I wanted 3000 bugs swarming inside my computer i'd run Windows.
  This is why, even with just one hard drive, I always load drivers for RAID.
Bound to fail by Tinctorius · 2009-09-25 22:38 · Score: 4, Insightful

Taking the obvious problems with this approach aside (using viral programs to identify viral infections), it should be easy to distract the flock of "ants" by one or more decoy infection(s), and then start the 'real' infection on the "other side" of the network. The "ants" have built a highway of warning signs towards the decoy(s), so the probability of ants traversing to the 'really' infected machines is lowered.
It's always fun to apply theories from one field of CS (namely optimization) to another (security), but if you give it a short thought, you know this can't be a good idea. It wouldn't be science if they didn't test that hypothesis, but I certainly hope they're not that stupid to test it in production systems.
How long before malicious ants will appear? by misnohmer · 2009-09-25 22:54 · Score: 3, Insightful

Having anything "crawl" through your network seems like a huge security risk to me. Any security solutions will have be aware of those crawlers and allow them to crawl from computer to computer. What's to stop viruses to simply impersonate such crawling ant - free pass to every computer on the network!
Another problem may be as they all "converge" on threats. What is they bug down the target machine, or the network? If my browser cookie looks "yummy" to the "ant" (no pun intended - browser cookie may be classified as a threat), next thing I know my network interface is crawling with these "ants"! My administrator cannot log in because of all the ants plugging my bandwidth!
like in nature there's always a hack: Phorid flies by garompeta · 2009-09-25 23:08 · Score: 3, Insightful

The genus "pseudacteon" of the Phorid flies zombifyies ants laying eggs in the ants thorax. The larvae moves to the head of the ant and it feeds itself until it is big enough to come out, decapitating the ant.
So yeah, I think I know how this story of swarming ants are going to turn out.
just more bugs by FatherDale · 2009-09-25 23:53 · Score: 4, Funny

Forget ants. Gimme a can of Raid.
These are not the ants you are looking for... by Scubaraf · 2009-09-26 04:47 · Score: 2, Interesting

Ants are not a good analogy. What they are describing is much more like an adaptive immune system - the "ants" in their system are circulating T-cells. Dr. Rodney Langman, an immunologist from the Salk Institute and UCSD, proposed exactly what the article describes. He described the conceptual elements required to form a synthetic immune system in the early 90's. Initially the goal was to model and understand our own adaptive immunity, but he often used computers and network protection from viruses as examples when explaining the concepts. I was his TA while in grad school.

Synthetic Immunity

If we extrapolate - computer networks will not only be guarded by T-cells that circulate through networks, identify threats, and release proinflammatory markers and antiviral "poisons" - there will be B-cell equivalents that produce antibodies, snippets of code the bind and immobilize specific codes they are designed to recognize. There will also be some degree of autoimmunity as viruses are reworked to mimic benign code. There will be an HIV equivalent (there already are) that targets not just the OS, but the OS defenses themselves. And there will be vaccines - benign code that presented as a virus to train the immune system on a specific type of threat.