Slashdot Mirror

← Back to Stories (view on slashdot.org)

Modeling Security Software To Mimic Ant Behavior

Posted by Roblimo on from the maybe-more-like-white-blood-cells-than-ants dept.

wiredmikey writes "Researchers from universities and national laboratories in the United States are developing software that mimics ant behavior, as a new approach to network security." The concept has been around for a while, but this summer researchers are working to train the "digital ants" well enough that they can turn them loose into the power grid to seek out computer viruses trying to wreak havoc on the system.

68 comments

  1. Ant bait? by pinpuke · · Score: 1

    Will McAfee come out with Ant Trap 1.0?

    1. Re:Ant bait? by Meski · · Score: 1

      It'll work if we tip honey on all the malware.

      A new definition of honey-trap.

  2. Skynet by Anonymous Coward · · Score: 1

    Turn them loose? Sounds like skynet. What could possibly go wrong?

    1. Re:Skynet by Anonymous Coward · · Score: 0

      Well. If the ants consider computer viruses to be food then they will take them back to the nest. This would lead to a collection of viruses that could possibly intermingle, mutate, and form new variations of viruses one of which may be self-aware.

    2. Re:Skynet by halfEvilTech · · Score: 1

      Was thinking the same thing. Let me know when they are about to start so I can make sure I am out of possible nuke targets.

    3. Re:Skynet by Culture20 · · Score: 1

      Well. If the ants consider computer viruses to be food then they will take them back to the nest.

      or just like how real ants herd aphids and mulch fungus farms, these digi-ants might introduce vulnerabilities in known good software to keep their food supply high. Thank God that's not how they're programmed except in the mind of a mediocre sci-fi writer.

    4. Re:Skynet by maxwell+demon · · Score: 1

      But could a malicious person write another, malicious ant which manipulates the existing ant colony for his own goals? Those malicious ants could leave false scents at completely harmless computers, or remove scents left by other ants. Maybe it could even manage to free some part of the network from ants by leading ants at its borders to other parts of the network through strategically placed scents. Indeed, it could even be a DoS attack by simply creating lots of copies of the existing ants, which then will clog the network. Say, add a few ants which do nothing but clone other ants they encounter. Let a few loose in the network. They will start to copy good ants (and occasionally other bad ants, thus slowly increasing the copy rate, while never becoming a large fraction of all ants). After some time, the ants will start to clog the network; since the vast majority is (clones of) genuine ants, it will be hard to detect the cause of this.

      --
      The Tao of math: The numbers you can count are not the real numbers.
    5. Re:Skynet by Anonymous Coward · · Score: 0

      Maybe a malicious person writes an ant fungi that mind controls that ants.

    6. Re:Skynet by Moryath · · Score: 1

      But could a malicious person write another, malicious ant which manipulates the existing ant colony for his own goals?

      Sure they could.

      What, you didn't think that was what existing botnet viruses do? They co-opt the millions of computers left unpatched and unsecured by clueless users everywhere for their own purposes.

      What's being described by the "ants" concept is nothing more than the age-old "can we make a beneficial computer virus" crap that constantly gets spread around. The answer is no, because if it gets in through a vulnerability, that vulnerability necessarily exists and any form of communication it does back to home necessarily becomes a new vulnerability.

    7. Re:Skynet by Meski · · Score: 1

      Is that an un-ant-serable problem?

  3. There was an old power grid by bugs2squash · · Score: 3, Funny

    That swallowed a fly...

    --
    Nullius in verba
    1. Re:There was an old power grid by Anonymous Coward · · Score: 0

      Rudy Rucker wrote on this topic, http://project.cyberpunk.ru/idb/hacker_and_the_ants.html

    2. Re:There was an old power grid by Anonymous Coward · · Score: 0

      And the new one will be... well, let's say I'm developing a digital giant magnifying glass. ;)

    3. Re:There was an old power grid by BenJaminus · · Score: 1

      I wonder why it swallowed a fly?...

    4. Re:There was an old power grid by Wiarumas · · Score: 1

      For those who don't understand this (insightful) post, its based off a children's novel (http://en.wikipedia.org/wiki/There_Was_an_Old_Lady_Who_Swallowed_a_Fly). There is an old woman who swallowed a fly and she keeps eating other animals to get rid of the previous animal until she eventually dies in the end (some versions have a censored ending).

      --
      I will bend like a reed in the wind.
    5. Re:There was an old power grid by Abstrackt · · Score: 1

      Probably because it was glowing.

      --
      They say a little knowledge is a dangerous thing, but it's not one half so bad as a lot of ignorance. - Terry Pratchett
  4. Obligatory by Blackdognight · · Score: 3, Informative

    "I, for one, welcome our new insect overlords." Sorry, but the perfect oportunity to use the original quote doesn't come up every day...

    1. Re:Obligatory by NoNonAlphaCharsHere · · Score: 3, Funny

      It didn't today, either.

  5. Not this bollocks again. by Anonymous Coward · · Score: 1

    So, in order for these "ant-like" software agents to "roam" around a network, presumably all the machines on the net will have to keep a port open to accept random downloads of software to run locally?

    Sure, that'll work.

  6. Why on earth would they "wander" by Zerth · · Score: 2

    I'd like my security software to stay resident at all times, thank you very much.

    And "swarming"? I suppose that is an effective response, sucking up CPU by making meaningless copies of itself will keep the virus from doing much. But I'd rather remove the malware.

    1. Re:Why on earth would they "wander" by Inda · · Score: 1

      They wander to create networks: http://science.slashdot.org/story/11/02/17/2243203/Ants-Build-Cheapest-Networks

      I like ants; I've owned ant farms, but c'mon, they can't be used for everything. Digging sand from under your garden path? Sure. Farming aphids? Yeah, they do a better job than I ever could ever do...

      Leave the computer stuff to the intelligent animals.

      --
      This post contains benzene, nitrosamines, formaldehyde and hydrogen cyanide.
  7. Uh...WTF? by chill · · Score: 5, Interesting

    "In nature, we know that ants defend against threats very successfully," Fulp said. "They can ramp up their defense rapidly, and then resume routine behavior quickly after an intruder has been stopped. We're trying to achieve that same framework in a computer system."

    Yeah, that's what we need. One Symantec AV can't stop a virus it doesn't know about, so we need TEN SYMANTEC AVS on the job.

    The problem in computer security is one of DISCERNING INTENT. Good code and bad code look the same. The call the same functions, perform mostly the same tasks.

    Think of VNC or Windows Remote Help vs a backdoor trojan. Same basic thing, just different intent.

    FTP, Dropbox or other file transfer vs a trojan that uploads your files. Intent again.

    Ants don't do any better at recognizing bad guys than AV software does. Faced with an enemy that is TRYING to disguise itself, they are fooled or sidelined. http://www.securityweek.com/researchers-model-security-software-mimic-behavior-ants

    On the bight side, I'll be they can squeeze a few research grants out of it.

    --
    Learning HOW to think is more important than learning WHAT to think.
    1. Re:Uh...WTF? by ThunderBird89 · · Score: 1

      ZoneAlarm and Comodo DO detect RealVNC as possible threat, asking for authorization to run, then another to connect. Same with Crossloop (which is just a shell for RealVNC with a custom connection schema, though).

      --
      Hyperbole: I use it liberally!
    2. Re:Uh...WTF? by PhilHibbs · · Score: 1

      I think the broad theory is that each computer on a network behaves like an ant, passing information to other computers about the network environment. If one computer starts misbehaving, the others can communicate this information and avoid the infected machine or the source of the incoming traffic. If the security software on the infected PC is compromised, they might even be able to force the infected machine to run some different security software that can help combat the threat. This is all just off the top of my head, and no, of course I didn't read the fine article.

    3. Re:Uh...WTF? by PhilHibbs · · Score: 1

      Hm, looks like I replied to the wrong comment. Oh well.

    4. Re:Uh...WTF? by Anonymous Coward · · Score: 0

      so a user uses a computer, so it tells all other computers to ignore that computer because it is no longer idle - hmmmm
      problem of intent still exists. How about you ask the other ants?? but what if one of the other ants can't be trusted... or has multiple personality disorder and is pretending to be many more ants to influence the others... same issue. Maybe I should read TFA, but the headline only makes me think research grant fluff fail.

    5. Re:Uh...WTF? by chill · · Score: 2

      Yes, but that isn't a solution. That is just passing it on to the user to say "I see something, what is it?" Again, it defers determining intent to the user.

      In real world application, ZoneAlarm and Comodo are next to useless because clueless users just keep clicking "allow" to make it stop bothering them.

      God help them when "svchost.exe" pops up asking for permission.

      --
      Learning HOW to think is more important than learning WHAT to think.
    6. Re:Uh...WTF? by The+Archon+V2.0 · · Score: 1

      Which is really annoying if the firewall updates and forgets you told it VNC was OK, then you're left with a machine that has no monitor, mouse, or keyboard waiting for someone to click OK. (Thank you Comodo....)

    7. Re:Uh...WTF? by maxwell+demon · · Score: 1

      Well, just add another program to the box which monitors the firewall and emulates clicking OK whenever that window appears. :-)

      --
      The Tao of math: The numbers you can count are not the real numbers.
    8. Re:Uh...WTF? by element-o.p. · · Score: 1

      Back in my days working the abuse desk at an ISP, ZoneAlarm was the bane of my existence. The problem with ZoneAlarm is that it would freak out about EVERYTHING unless it was configured by someone who actually had a clue...but no one who actually had a clue would use ZoneAlarm, since much better products (like Sygate, IIRC) were available. We had customers write to complain that they were being hacked by the ISP DNS servers, mail servers, 127.0.0.1 (yes, I actually had someone write in to ask us to take action against the user who was trying to hack him from 127.0.0.1...sigh), etc., etc., ad nauseum.

      IMHO, ZoneAlarm was scareware: "See what we are protecting you from?!?! It's a good thing we're installed...in fact, why don't you upgrade to Pro?"

      --
      MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
    9. Re:Uh...WTF? by ThunderBird89 · · Score: 1

      I got fed up by the pro version's insane resource utilization when updating. It was enough to actually break USB connection to my phone. So off it went, and I switched to Comodo. Since I can't pay for the license (being a student and whatnot), I'd rather my AV/Firewall was free... :)

      --
      Hyperbole: I use it liberally!
    10. Re:Uh...WTF? by pookemon · · Score: 1

      Ah yes, however now when you are bored at work, and you look out the window and see a beautiful day, with the sun shining, you can have some fun by grabbing a magnifying glass and setting fire to your security software.

      --
      dnuof eruc rof aixelsid
  8. Nice concept... by grimsweep · · Score: 1

    ...but the power of such a system is in interpreting the data. It sounds as if the 'ants' themselves wander about the network observing specific attributes, then leaving behind a few notes on anomalies found. Other ants come along, attracted by the 'scent' of the data, and add their own observations. This is all well and good, but my skepticism comes in when we try to interpret the 'odors'. The ants have a chance of observing an event they or another ant caused to happen, which introduces false positives. Other ants arrive, further interfering with the results and pointing virtual fingers at what could be an illusionary culprit. Therefore, the trouble with this approach is that there always exists a possibility of that which 'smelt' it, 'dealt' it.

  9. computer viruses in the power grid? by doperative · · Score: 1

    "this summer researchers are working to train the "digital ants" well enough that they can turn them loose into the power grid to seek out computer viruses trying to wreak havoc on the system".

    The only way 'computer viruses` could get into the power grid is if you run your SCADA units on Microsoft Windows and connect them directly to the Internet. Designing a system that allows 'digital ants` to scurry about and be secure at the same time is a contradiction in terms. What happens if the 'digital ants` are hijacked by the .cyber->terrorists :)

    The power grid is probably more vulnerable to cyber attacks than security experts would like to admit,” said Fulp.,

    What part of don't connect your SCADA units to the Internet don't these 'security experts' understand?

    As the grid becomes more and more interconnected, it offers hackers more points to enter the system; for instance, inserting a virus or computer worm into a low security site, such as in your home's smart grid, to gain access to more secure systems up the line,

    Anyone who designs such a system should be arrested immediately and shifted off to Guantanamo Bay as a threat to national security.

    1. Re:computer viruses in the power grid? by vlm · · Score: 1

      What happens if the 'digital ants` are hijacked by the .cyber->terrorists :)

      This will be the inevitable outcome. Random software is not allowed inside, or at least we put a measurable although microscopic effort into it. Digital ants are allowed in. Therefore they will be the infection vector of the future. "who watches the watchers"

      --
      "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
    2. Re:computer viruses in the power grid? by maxwell+demon · · Score: 1

      What part of don't connect your SCADA units to the Internet don't these 'security experts' understand?

      The "don't" part, of course.

      --
      The Tao of math: The numbers you can count are not the real numbers.
    3. Re:computer viruses in the power grid? by SEWilco · · Score: 1

      "who watches the watchers"

      The ant lion watches them.

    4. Re:computer viruses in the power grid? by GameboyRMH · · Score: 1

      What part of don't connect your SCADA units to the Internet don't these 'security experts' understand?

      When they're not connected to the Internet, they're connected to a modem with no authentication...

      --
      "When information is power, privacy is freedom" - Jah-Wren Ryel
  10. Sounds like buggy code by gatkinso · · Score: 3, Funny

    Hahahahawhawhaw.

    Carry on.

    --
    I am very small, utmostly microscopic.
    1. Re:Sounds like buggy code by antdude · · Score: 1

      Ants aren't bugs. "How wude." :P

      --
      Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
  11. Computer Fungus Infection by Pennidren · · Score: 1

    Exit the age of the computer virus. Enter the age of the computer fungus!

  12. viruses are a bad analogy by doperative · · Score: 1

    "In nature, we know that ants defend against threats very successfully," Fulp said. "They can ramp up their defense rapidly, and then resume routine behavior quickly after an intruder has been stopped. We're trying to achieve that same framework in a computer system." link

    Except computer viruses are no way near analogous to the biological kind. In nature the virus first has to latch onto the outside of the cell before injecting its genetic payload. It does this by hijacking biological processes necessary the cell to survive and propagate in the host fluid. There is no such analogous process in computer systems. A computer system can still function without ever having to download external code. The root cause of the current virus/spam/phishing infestation being the inability of the local system to differentiate between code and data and not allowing remote code to be run.

    1. Re:viruses are a bad analogy by jonadab · · Score: 1

      > In nature, we know that ants defend against threats very successfully

      Sure. Ants are particularly prolific even as insects go. They can take hundred-to-one losses against virtually anything and still win by sheer numbers.

      Off the top of my head the only creature I can think of that can consistently wipe out entire colonies of ants and prevent them from coming back is a human.

      In other words, the analogy is stupid.

      The security technology may or may not be stupid. It's hard to tell, because unfortunately the article doesn't SAY ANYTHING about how it actually works, or even what it does. It just gives you the inane meaningless less-than-half-baked analogy in way more detail than is useful.

      --
      Cut that out, or I will ship you to Norilsk in a box.
  13. Terry Pratchett was right ! by Pop69 · · Score: 1

    Invented years ago by TP

    http://www.paulkidby.com/stickers/index.html/

  14. What will this do... by Kamiza+Ikioi · · Score: 0

    ...to honeypots?

    --
    I8-D
    1. Re:What will this do... by pasv · · Score: 1

      Is it just me or is creating "buzz"words nowadays an actual career path? (a lucrative one at that).

  15. Resulting in... by bugs2squash · · Score: 1

    ...crispy ant jerky

    With apologies to Scott Adams, whomever he is signed in as today

    --
    Nullius in verba
  16. The DigiAnts are a Godsend by sexconker · · Score: 1

    Well, I was wrong. The DigiAnts are a godsend.

    But isn’t that a bit short-sighted? What happens when we’re overrun by DigiAnts?

    No problem. We simply release wave after wave of Chinese DigiAnteater. They’ll wipe out the DigiAnts.

    But aren’t the DigiAnteaters even worse?

    Yes, but we’re prepared for that. We’ve lined up a fabulous type of DigiGorilla that thrives on DigiAnteater bits.

    But then we’re stuck with DigiGorillas!

    No, that’s the beautiful part. When IPv6 rolls around, the DigiGorillas simply get null routed.

  17. Magnifying Glass by Rob+Riggs · · Score: 1

    Is it me, or is it getting a bit warm on such a fine, sunny day?

    --
    the growth in cynicism and rebellion has not been without cause
  18. How could it possibly go wrong? by Anonymous Coward · · Score: 0

    I see no potential problems with this idea at all

    I mean, its not as if the solution has ever been worse than the problem it was to fix before, right?

  19. Where's... by Anonymous Coward · · Score: 0

    my magnifying glass...

  20. Instead of mimicing ants..... by Anonymous Coward · · Score: 0

    ... why don't they just build a system that mimics a secure network!

    1. Re:Instead of mimicing ants..... by Anonymous Coward · · Score: 0

      > Instead of mimicing ants..... (Score:+99)

      Nice one ...

  21. never heard of USB sticks? by dutchwhizzman · · Score: 1

    It doesn't require an Internet connection to get infected. The most useful approach I've seen so far in power plants is 2 separated networks. One reserved for control with no external media or Internetconnection and one with internet and functioning drives, USB ports and all that. People are going to try to use the computer on their desk to do stuff they want, unless you provide them with an alternative. Lock the control computer down as best as you can, and leave the other one as open as possible.

    --
    I was promised a flying car. Where is my flying car?
  22. Anthill inside... by chthon · · Score: 1

    nuff'said

  23. Man questions? by SanityInAnarchy · · Score: 1

    From TFA:

    Berenhaut and Hilton are working to answer man questions: How do the ants migrate across different computer platforms and systems operating at different speeds?

    I'm not entirely sure how that's a "man question", and I certainly don't want MANswers to attempt to answer it.

    --
    Don't thank God, thank a doctor!
    1. Re:Man questions? by Psychotria · · Score: 1

      It's quite simple really

      Well, that's how it works around here anyway :(

  24. Easily broken by SnarfQuest · · Score: 1

    All it takes is a 10 year old with a magnifying glass to wipe out your entire security system.

    --
    Who would win this election: Andrew Weiner vs Andrew Weiner's weiner.
  25. Ants? Why not lions? by Smigh · · Score: 1

    "In nature, we know that ants defend against threats very successfully," Fulp said.

    Yeah, I'd say lions defend against threats even better. Why not model our security software to mimic lion behavior?

    First it would conceal among other packets until the virus gets distracted. Then it will run at it in an angle so that the virus will run straight into an ambush mounted by other lions. Then they will bite the virus neck until it dies. Done! No more virus!

    You may be vulnerable while your security software is napping though...

  26. Melissa again? by IZN0GUD · · Score: 1

    Wasn't it the writer of Melissa that has had original intent of searching for other virii and removing them? I am no cracker, but from what I know AV software is common initial target of any decent virus; why would ants be immune to such attacks and who could guarantee that they are impermeable? This scenario sounds more like "once you get infected, can't get help by being insected" or whatever. Adding more possible holes that have mind of their own isn't really a security way to go...

    --
    .Play.Open.Minded.
  27. hmm by Anonymous Coward · · Score: 0

    how do the ants gain access to the systems they are protecting? if this works anything like lawful intercept these ants really will be bugs in the system.

  28. 100 years later... by SchroedingersCat · · Score: 1

    "researchers are working to train the digital ants well enough that they can turn them loose" ...
    100 years later:
    Agent Smith: I'd like to share a revelation that I've had during my time here. It came to me when I tried to classify your species and I realized that you're not actually mammals. Every mammal on this planet instinctively develops a natural equilibrium with the surrounding environment but you humans do not. You move to an area and you multiply and multiply until every natural resource is consumed and the only way you can survive is to spread to another area. There is another organism on this planet that follows the same pattern. Do you know what it is? A virus. Human beings are a disease, a cancer of this planet. You're a plague and we are the cure.

  29. this software by BattleApple · · Score: 1

    is going to be full of bugs

  30. Great idea! by SEWilco · · Score: 1

    Seems like a great idea, as long as it's released on an electrical network that I'm not using!

  31. Just read a Cory Doctorow short about this... by unrtst · · Score: 1

    "Human Readable" in his short story collection "With a Little Help".
    Really enjoyable read, as are all his books. And you can read 'em for free if you like (most, if not all, are under creative commons), so there's no harm in checking it out :-)

    I'd love to explain the story, cause it's really great, but that'd give away too much.

  32. If you can't beat them, join them. by Anonymous Coward · · Score: 0

    This is obviously an excuse to make a virus who is an antivirus. No pun intended.

  33. Modeling Security Software To Mimic Ant Behavior by Anonymous Coward · · Score: 0

    I have read information on ant behavior software application posted at mightystudent.com, it mentioned that once successfully created it will lessen or eliminate computer viruses. Best luck to all those researchers and IT people.