Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ants Vs. Worms — Computer Security Mimics Nature

Soulskill posted more than 4 years ago | from the incompatible-with-raid dept.

Security 104

An anonymous reader writes with this excerpt from Help Net Security: "In the never-ending battle to protect computer networks from intruders, security experts are deploying a new defense modeled after one of nature's hardiest creatures — the ant. Unlike traditional security devices, which are static, these 'digital ants' wander through computer networks looking for threats ... When a digital ant detects a threat, it doesn't take long for an army of ants to converge at that location, drawing the attention of human operators who step in to investigate. 'Our idea is to deploy 3,000 different types of digital ants, each looking for evidence of a threat,' [says Wake Forest Professor of Computer Science Errin Fulp.] 'As they move about the network, they leave digital trails modeled after the scent trails ants in nature use to guide other ants. Each time a digital ant identifies some evidence, it is programmed to leave behind a stronger scent. Stronger scent trails attract more ants, producing the swarm that marks a potential computer infection.'"

cancel ×

104 comments

ridiculous references (4, Insightful)

sopssa (1498795) | more than 4 years ago | (#29547255)

What's with the ridiculous reference to ants? If they had said this in a technical way, I might actually even understand what they mean. Now it's basically "ants travel inside your network". The article doesn't tell a lot more.

Obviously nothing is "traveling" inside your lan cable. So do they mean they have every machine in promiscuous lan that tries to seek what is traveling there? What kind of "scent" does it leave when it detects some threat and how are the other computers interact with that?

Stop doing some stupid nature references just for the hell of it, give technical details.

Re:ridiculous references (5, Informative)

buchner.johannes (1139593) | more than 4 years ago | (#29547275)

They are talking about an ant-based algorithm, often used in optimization (routing, for example). Some information is here http://en.wikipedia.org/wiki/Artificial_Ants [wikipedia.org] and here.

Re:ridiculous references (5, Informative)

buchner.johannes (1139593) | more than 4 years ago | (#29547281)

Second link: http://en.wikipedia.org/wiki/Ant_colony_optimization [wikipedia.org] (sorry)

I think this is just some theoretical research that got picked up by someone never heard of Ant algorithms (it sounds impressive when you hear it the first time), but it can often be outperformed.

Oblig (1)

NotBornYesterday (1093817) | more than 4 years ago | (#29548495)

XKCD [xkcd.com]

Re:Oblig (0)

Anonymous Coward | more than 4 years ago | (#29549473)

Interesting but if you take that analogy further to God, it breaks down. Humans are imperfect. Ants are imperfect. Of course one of them might fail to communicate with the other. God, on the other hand, is allegedly perfect. If God tries to communicate, it does so. There can be no mistakes. So, it's not a matter of humans looking in the wrong place or God not noticing us.

Re:ridiculous references (3, Informative)

mikael (484) | more than 4 years ago | (#29549135)

He just uses "ants and swarms" to replace "daemon and daemons".

His research is based on a network of 64 computers and has identified all sorts of different types of security breach that can be detected on a network (unauthorized ssh/ftp, botnet commands, spam-mailer, virus-in-a-mail-message, backdoor trojan) and that it might not be possible to detect where the originating commands are coming from - a whole load of servers or PC's might be infected.

The article states that there is a performance gain from having a separate task to detect each of these (he calls these ants). Since there are so many files, ports and devices to be checked, it is better to have multiple copies of each task. OS people would call these 'daemons'. Testing for all of these security breach requires a "swarm of ants" or a "plague of daemons" (whatever the aggreggate work of daemon is).

I guess talking about daemons in the server network would probably scare the h*ll out of Christian Managers.

Re:ridiculous references (1)

LordAndrewSama (1216602) | more than 4 years ago | (#29550659)

Thanks for the link in your sig, signed the e-petition and already had plans to get rid of virgin when I move house next year, they're wang. I shall add the phorm thing to the letter I send them, explaining my opinion of their service. yes I know it's meaningless, but if enough people do it.....

Re:ridiculous references (0)

Anonymous Coward | more than 4 years ago | (#29547449)

And ant colony algorithms by themselves are just an obfuscated way of defining ad-hoc probabilistic algorithms. In other words it's completely heuristic, there is no actual theory that justifies defining the algorithms in that particular way. And what they do has precious little to do with actual ants.

Re:ridiculous references (4, Insightful)

Chris Burke (6130) | more than 4 years ago | (#29548335)

And ant colony algorithms by themselves are just an obfuscated way of defining ad-hoc probabilistic algorithms.

It's not "obfuscated", they are explicitly in that class of algorithms.

In other words it's completely heuristic, there is no actual theory that justifies defining the algorithms in that particular way.

Yeah and there's no theory a priori justifying simulated annealing or genetic algorithms work in their particular way. But they work. Random heuristics work (and there is theory explaining why, in general, they do). Different heuristics have different properties that are beneficial in some circumstances. That's why there's more than one. That's why Monte Carlo simulations weren't the final word on random heuristics.

And what they do has precious little to do with actual ants.

As much as genetic algorithms have to do with biological evolution or simulated annealing has to do with cooling metal. As in... next to nothing in a literal sense, but quite a bit in an inspirational or metaphorical sense. Probabilistically following previous paths through the solution space, with those paths 'evaporating' over time unless reinforced, is a pretty good analogy for what ants really do, and a good hint as to the algorithms advantages -- it does a good job of finding and tracking changes in the solution space in dynamic situations.

Basically, "Oh it's just a heuristic and not literally like the inspiration its named after" is the worst way to dismiss an algorithm ever.

Though, on the other hand, why this is a good idea for network security, I don't know. Why would you want a bunch of agents to "swarm" a location where problems are found, rather than just, say, deleting any instances of virus/worms found, and closing any security holes found (or notifying the sysadmin so they can), is beyond me.

Re:ridiculous references (0)

Anonymous Coward | more than 4 years ago | (#29553815)

The problem is basically the same for genetic algorithms and simulated annealing, but at least there you have the justification that there is existing theory on genetic fitness functions and annealing that you can appeal to.

In the case of ant colony algorithms, as far as I can see the only justification for the analogy to ant colonies is that it makes for good marketing. As far as analysing the algorithms goes, the analogy is nothing but a distraction.

Re:ridiculous references (2, Interesting)

Jurily (900488) | more than 4 years ago | (#29547805)

They are talking about an ant-based algorithm, often used in optimization (routing, for example).

I'm sorry, but neither you nor the article make any fucking sense whatsoever. This is an IT geek site, stop with the fucking metaphores. Why do these people expect us to understand "virtual ants wander around the network" any more than "a network scanner that looks for the same security holes as the worms, only this notifies the sysadmin about them"?

Re:ridiculous references (1)

TapeCutter (624760) | more than 4 years ago | (#29548179)

I wouldn't know what TFA says, I don't read 'em. What the GP is trying to say is not a metaphor, the mathematical behaviour of ant colonies is usefull from a networking and logistics POV [wikipedia.org] .

Re:ridiculous references (1)

TheLink (130905) | more than 4 years ago | (#29549019)

Maybe the reason is if people understood it, they'll know it's mostly bullshit or useless.

Having stuff "wander around" networks isn't going to be very useful, especially when you don't want stuff wandering around all your networks in the first place.

What might be useful is machines that raise an alert when they think something is going wrong, or even quarantine themselves (or networks). I believe such systems already exist.

Anyway, just put some controls over info flow via firewalls and proxies. Then get users to store their data on fileservers (so they can be backed up easily) and have the desktops use stuff like "Windows SteadyState" (there are hardware versions of such stuff too).

Laptops are a harder problem. But I don't see how the "ants" would help for laptops either.

Re:ridiculous references (1)

mikael (484) | more than 4 years ago | (#29550929)

I've tried explaining computer technology to my retired relatives..

Me: "Ok, here's your power cable - that plugs into the back of the base unit just like your DVD player. The cable here goes to the screen just like the SCART connctor to the TV. Now this is the keyboard which is just like a typewriter keyboard, and this is the mouse...."

Relative: "What? Where's the mouse? That plastic thing there? It doesn't look much like a mouse to me. Where are it's whiskers, feet and tail?"

Me: "OK, let's call it an input device. You hold it in your hand and move it around like this. When you want to select something, you press or click the button here..."

And you don't even want to try to explain to them why they can't just use the TV remote to type in the letters of the channel they want to watch (e. C..N...N ) rather than having to type in and remember the desired channel number.

Who remembers Operating System lectures where the professor talked about semaphore signals [freefoto.com] , monitors [codinghorror.com] and deadlock [nedbatchelder.com] , or scanners [blogspot.com]

Re:ridiculous references (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#29553595)

do you people are really that stupid to don't know how to use a remote control? No wonder how Indu guys are getting away with your jobs, niggers getting away with you women and chinks and yiews getting away with you money.

Re:ridiculous references (1)

kbw (524341) | more than 4 years ago | (#29547301)

I can't see anything new either. Let's think about this. There are processes that look for suspicious files or configuration and does something about it. Surely the fundamentals haven't change, you still have to find a threat and then act on it. The article has conveyed no new information.

Re:ridiculous references (4, Funny)

Fred_A (10934) | more than 4 years ago | (#29547343)

Obviously nothing is "traveling" inside your lan cable.

So why does your network crawl all of or sudden ?

Re:ridiculous references (1)

herojig (1625143) | more than 4 years ago | (#29547363)

Sure hope someone releases some dung beetles to clean up the bowels of my Snow Leopard.

The EU Serenity Project is using the same approach (3, Interesting)

Futurepower(R) (558542) | more than 4 years ago | (#29547409)

MOD PARENT UP. It is apparently correct to be skeptical.

The Serenity Project [serenity-project.org] in the European Union is using the same approach. They call it "Ambient Intelligence(AmI)." The level of intelligence in the Serenity project may be indicated by the fact that, at present, 2009-09-26, 02:47 PDT, there is no space before "(AmI)". The Ambient Intelligence in the Serenity Project is very low, apparently.

Someone who worked for SAP Labs France [sap.com] told me the SAP Labs France part of the Serenity Project is so poorly managed that smart people leave as soon as they can find other jobs.

Apparently the only way of providing security that actually works is the Open BSD method [openbsd.org] : Audit the code. No number of "ants" can provide the security of audited code.

Want more biological humor? Read about SAP's customer-focused ecosystem [sap.com] . It supposedly fosters "... an ideal environment for ongoing innovation and value creation..." Biological references are apparently the hot new thing in corporate-speak. Biological references concerning computers are very useful to people who have no technical knowledge and don't want any, because they are so vague the speaker can never be found wrong.

Re:The EU Serenity Project is using the same appro (0)

Anonymous Coward | more than 4 years ago | (#29548131)

I know a researcher from this project and he don't know anything about security but he is doing a phd in this subject
Like the captcha said he is a dishonor to our profession

--a disgruntled master student

Re:ridiculous references (1)

floppycat (1592023) | more than 4 years ago | (#29547457)

"When a digital ant detects a threat, it doesn't take long for an army of ants to converge at that location, drawing the attention of human operators who step in to investigate". You see, they are like real ants - a single "digital ant" is unable to do anything about the threat. Also, humans are incapable of noticing the "scent" that single "digital ant" leaves. No, one has to wait for a lots of other ants to come. This takes time. ..I'm not so sure nothing is traveling inside _their_ cables. There must be a reason they need an army of ants.

Re:ridiculous references (1)

Anne Thwacks (531696) | more than 4 years ago | (#29547515)

What's with the ridiculous reference to ants?

It implies you can put a stop to them by pouring boiling water on their nest!

Re:ridiculous references (1)

Sulphur (1548251) | more than 4 years ago | (#29549149)

Grasshopper: When the water rises the phish eat the ants, and when the water falls the ants eat the phish.

Re:ridiculous references (0)

Anonymous Coward | more than 4 years ago | (#29547605)

So they confused you by using knowledge from outside your realm of expertise and you would rather they just used language and terminology you can understand and explained themselves better. I bet the flat out irony of you posting that on a website popular with IT geeks will fly right past you too.

Re:ridiculous references (1)

noundi (1044080) | more than 4 years ago | (#29547649)

Aren't ants and worms ultimately -- well bugs?

Re:ridiculous references (1)

Jessta (666101) | more than 4 years ago | (#29547697)

If they stopped the stupid nature reference it wouldn't be impressive at all and you'd realise they had made something completely useless.

1. If you know enough about a security threat to detect it, then you also know enough about the threat to actually prevent it.
This is computer security(where you can have complete security) not physical security(where all it takes is time to bypass).

2. These 'ants' are software running on infected machines, and thus any response they give can't be trusted.

3, you want to find a computer on a network with suspicious behaviour then you have to monitor it's network activity. which for a lot of the actually dangerous malicious software(industrial espionage,keylogging etc.) is not going to look suspicious at all.

Re:ridiculous references (0)

lysergic.acid (845423) | more than 4 years ago | (#29548713)

I believe the "stupid nature reference" is just to state where they got their inspiration from, and it also serves as a non-technical analogy that laymen can understand. It's a pretty standard practice that you'll find in many CS textbooks. Also, you're making a lot of assumptions and outright illogical statements.

1. You clearly aren't very knowledgeable about network/system security. Sure, you can have complete security if you leave your computer off or don't connect it to an external network, but that's not always practical. A computer sitting disassembled inside of a 20-ton safe isn't very useful. Software is written by human-beings, and the more robust the software is, the more likely it is to have bugs. If a bug can be exploited, then you have a security problem on your hands. You may know everything there is to know about security (at the moment), but there's no telling what new exploits will be found in the future, and what new viruses will be written to use them. And, usually, it's only after a virus has infected lots of machines that security researchers pick up on it and and learn how to detect/remove/prevent it.

2. How do you know that the servers sitting between you and your e-mail server/online banking server/ecommerce site server are secure? Just as malware writers use encryption to communicate securely with their botnets, so can security researchers communicate with their "ants." And the idea is to run the application on your entire network so that the network uses its collective computing power to detect signs of a potential new infection. This is only meant to be used on large networks and is more concerned with preventing an infection from spreading through the entire network rather than protecting a single PC.

3. That reads a lot like, "[If] you want X, you should do Y. However, Y usually doesn't work." If monitoring network activity doesn't work on the dangerous malware, then wouldn't it be a good idea to try another method? What exactly is your point? That computer security is futile? This has nothing to do with the idea being proposed, which is merely a way of applying distributed computing to the deployment of network security. The article only mentions that the ants will look for evidence of a security threat, not what type of evidence it is looking for.

There is no perfect solution to computer security, which is why it's an area of continuous research. Of course malware writers will try to hide, disguise, or otherwise improve their worms and viruses. Likewise, security researchers will continue to improve their detection/prevention techniques. It's an ongoing arms race. That doesn't mean nothing can be done to improve the state of computer security.

Re:ridiculous references (1)

Rogerborg (306625) | more than 4 years ago | (#29547855)

What's with the ridiculous reference to ants?

They couldn't come up with a decent analogy involving drunken cheerleaders?

decent analogy involving drunken cheerleaders (0)

Anonymous Coward | more than 4 years ago | (#29548521)

Perhaps some of us would not mind hearing the indecent ones?

Re:ridiculous references (1)

arminw (717974) | more than 4 years ago | (#29549849)

..a decent analogy...

involving automobiles is what is needed.

Re:ridiculous references (2, Funny)

lewko (195646) | more than 4 years ago | (#29552973)

Because hearing "Drunken cheerleader" and "virus" in the same sentence kinda spoils the fantasy.

Re:ridiculous references (0)

Anonymous Coward | more than 4 years ago | (#29548047)

They didn't write the research for you, they wrote it for their DARPA fund managers. This has the stench of grant-proposal-speak all over it.

Re:ridiculous references (0)

Anonymous Coward | more than 4 years ago | (#29548615)

Who remembers Rudy Rucker's book The Hacker and the Ants?

Imagination. Use it. (1)

Dudeman_Jones (1589225) | more than 4 years ago | (#29549411)

If you can stop waving your freak out stick for a second, you'd see that he's trying to make an analogy to the natural world so as to better illustrate the mechanism behind this technique. Furthermore, seeing as how the natural ant mechanism was the inspiration for this, how exactly is it ridiculous? Or is the issue that you just lack the imagination to take one model and superimpose it's properties onto another setting?

Re:ridiculous references (1)

bandmassa (951387) | more than 4 years ago | (#29558829)

Oh great, now the blackhats will just start using "ant" tech to create their botnets. One will find a big cache of bank data, start shouting, "hey guys, here's a goldmine!" and they'll go nom nom nom all over our computer networks. Sheesh, just require admin password for the installation and first run of ALL executable code.

Obvious questions. (2, Insightful)

palegray.net (1195047) | more than 4 years ago | (#29547277)

The second question depends heavily on the answer to the first.
  • Who gets to decide what qualifies as malware or a "threat?"
  • Why should user agents trust this assessment?

Re:Obvious questions. (2, Funny)

buchner.johannes (1139593) | more than 4 years ago | (#29547295)

My idea for network security would be this:

Measure network traffic for a normal week or two, no limitations. Everyone should do the things they usually need to do. Ports, Types of traffic, etc. and Bandwidth is recorded.
Then the admin creates a firewall setting from that (hopefully automatically).
In the following weeks, differences to the behavior is measured, allowing the admin to extend or restrict the rules.

And it would have colorful buttons.

That is fundamental part of network management (0)

Anonymous Coward | more than 4 years ago | (#29547377)

I'm pretty sure that any computer related degree anywhere in the world includes at least one course about networks (OSI-model, TCP/IP-model, difference between TCP and UDP, etc. etc. fundamentals).

And I am also pretty sure that regardless of college/university/Polytechnic/... first course about networks also includes that network performance should be examined and benchmarked regularly and any unexplained changes investigated.

That is fundamental and necessary part of course but not nearly enough to secure a network. Without doing deep packet inspection it doesn't really help anything against Trojans that use common ports, for example. (And even then it would be far from secure)

Re:Obvious questions. (1)

bruce_the_loon (856617) | more than 4 years ago | (#29547639)

And walk straight into pitfall #1 with punji sticks in it.

What if there is already something wrong with your network. I should send your comment to Marcus J. Ranum sometime, he's always amused by these ideas.

You HAVE to know exactly what is on the network, not making assumptions that it is clean. Examine everything, catalog everything. Deny all, permit known.

Re:Obvious questions. (1)

symbolset (646467) | more than 4 years ago | (#29552891)

In the heirarchy of information technology it's the role of the Network Administrator (NA) to identify and defeat threats to the network and its nodes, to be the enterprise's last line of defense against the leakage of proprietary or sensitive information and to defend each node not just against the wider world but also against each other. The network is not a trusted space no matter how many firewalls you have, and it was never intended to be. Far more attention is paid these days to connectivity. Disconnectivity is a far more important and neglected role of the NA.

User agents should (must) trust this because their ability to interact on the Network Administrator's network is controlled by the Network Administrator. That's the price they pay to use network resources, including Interent access and shared resources like printers, file shares and enterprise database connections.

As an enterprise NA if you're not probing every client that connects at least within the first 60 seconds for unauthorized ports, and again every day - if you're not sniffing every unencrypted packet for honey telltales and limiting encrypted channels to trusted personnel - if you're not shutting down network access to nodes that probe other nodes or violate disclosure policy within 100ms, you're not doing your job.

The Fine Article calls processes that maintain aspects of these network security requirements "ants". That's a fair term if you're using distributed processing to analyze behaviors. A sufficiently Darwinian process should be able to create sufficient numbers of detector nodes to identify and isolate emerging threats, though the false positive problem becomes challenging.

But far too many NAs still rely on the perimeter defense model which has proven to be as effective as the defense of Troy against the Achaeans [wikipedia.org] .

I can defeat the ants (5, Funny)

t0qer (230538) | more than 4 years ago | (#29547285)

I just gotta run..
%SystemRoot%\system32\magnify.exe

Re:I can defeat the ants (-1, Redundant)

jas203 (942742) | more than 4 years ago | (#29547297)

In Soviet Russia, ants magnify you!

But seriously, what am I going to do? I can't find %SystemRoot% on my Linux box.

With Linux, there is no profit in vulnerabilities. (0)

Anonymous Coward | more than 4 years ago | (#29547561)

Linux box? None of this applies to you.

Releasing unfinished, vulnerable software is Microsoft's profit model, evidently.

Re:With Linux, there is no profit in vulnerabiliti (0)

Anonymous Coward | more than 4 years ago | (#29548217)

I'm sure your beloved has its screw ups too. I would start with KDE as a great recent example. I like most OS's, and it amazes me how fan-bois' memories are so selective/short when it comes to their religion. Ugh.

Re:I can defeat the ants (2, Funny)

adrianwn (1262452) | more than 4 years ago | (#29547669)

Just be careful you don't leave a honeypot [wikipedia.org] lying around anywhere your ants will find it.

Re:I can defeat the ants (2, Funny)

Zalbik (308903) | more than 4 years ago | (#29548503)

That only works if you have a Sun server.

Taking the analogy further... (2, Insightful)

AdamInParadise (257888) | more than 4 years ago | (#29547289)

In nature, an ant can get infected by many kinds of fungus, and when they return to the colony or meet another ant, the fungus can spread to another host.

Similarly, deploying this kind of "digital agents systems" opens another path of transmission for viruses and worms.

It's nice to see that some people are still active in this research area, but does anyone knows of a product that actually use such a principle for real?

Re:Taking the analogy further... (3, Interesting)

Lesrahpem (687242) | more than 4 years ago | (#29547335)

This reminds me of how one of the first worms was actually created. Xerox made it for going around their computers after hours and doing various checks and system maintainence. It got out of control and DoS'ed their network.

Re:Taking the analogy further... (0)

Anonymous Coward | more than 4 years ago | (#29547353)

hurray
a new type of malware:
fungus, infect only digi-ants

Re:Taking the analogy further... (1)

AdamInParadise (257888) | more than 4 years ago | (#29547435)

Well, we already have bit rot.

Re:Taking the analogy further... (1)

Wellmont (737226) | more than 4 years ago | (#29547467)

Similarly, deploying this kind of "digital agents systems" opens another path of transmission for viruses and worms.

I think they are talking more like digital observers, sort of like a multi-threaded passive search as opposed to a huge beam laser like contemporary virus programs use. As long as this new element uses no added privileges over any other read authorized thread then this doesn't add a path for transmission but it does increase the search area. It also decentralizes the virus protection protocols allowing the system to function despite basic malware attacks on the root level virus protection. Imagine if your virus protection was FUBAR but a single digital "ant" told you it found a dangerous malware, trojan or rootkit running that could affect it's "colony's" ability to remove it properly. This leads to better protection if anything.

Re:Taking the analogy further... (2, Interesting)

whisper_jeff (680366) | more than 4 years ago | (#29547685)

but does anyone knows of a product that actually use such a principle for real?

Yes. Ants [sourceforge.net]

It's a p2p program that uses a similar principle to vastly increase user anonymity. Currently, the only downside of the program (that I've noticed) is that it is in such minimal usage. The ant-like functionality of it, however, is really quite intelligent.

Re:Taking the analogy further... (0)

Anonymous Coward | more than 4 years ago | (#29547917)

They probably should've built on top of Freenet, which uses the same "anonymizing" technique.

I'm looking for a new hobby (2, Funny)

Norsefire (1494323) | more than 4 years ago | (#29547323)

We've got Worms and Spiders, now Ants!? I'm going to have to find a new hobby; computing doesn't seem very entomophobiac-friendly.

Re:I'm looking for a new hobby (0)

Anonymous Coward | more than 4 years ago | (#29548229)

worms are nematodes and spiders are arachnids, nothing to do with insects which is what entomology studies.

Re:I'm looking for a new hobby (3, Funny)

The Archon V2.0 (782634) | more than 4 years ago | (#29550013)

We've got Worms and Spiders, now Ants!? I'm going to have to find a new hobby; computing doesn't seem very entomophobiac-friendly.

We started with bugs years ago. It was only a matter of time before everyone else moved in.

Useless. (0)

Anonymous Coward | more than 4 years ago | (#29547331)

When a digital ant detects a threat, it doesn't take long for an army of ants to converge at that location

What's the point in the digital domain? Do more programs help "more"?

This sounds like bullshit babble for marketing drones to get CEOs to pay for additional complexity in their networks. In some months you will hear that this technique opened up yet more holes for malware to come in.

Sent? on what!?!? (0)

Anonymous Coward | more than 4 years ago | (#29547345)

Ok, what persistent storage will these "ant" leave there "sent" on? This sonds like someone fishing for a grant to me.

Re:Sent? on what!?!? (0)

Anonymous Coward | more than 4 years ago | (#29547371)

To me it sounds like you should be paying attention to English class instead of writing on Slashdot.

lolwut? (0)

Anonymous Coward | more than 4 years ago | (#29547359)

so basically the are making viruses that congregate on an infected/infectable computer and then flags them....
REALLY NOW!!?!?!?!?!?!!?

Let's use another analogy (3, Funny)

turing_m (1030530) | more than 4 years ago | (#29547361)

The internet is a lady of ill repute. My approach to security when "connected" to the internet is like 3 layers (hardware firewall, running as unprivileged user, whitelisting javascript/flash) of prophylactic separated by 2 layers of Deep Heat (logging, and tripwire). If either of the outer layers are "breached", I get a prompt warning.

Re:Let's use another analogy (0)

Anonymous Coward | more than 4 years ago | (#29549793)

Skank. But I get off of her, so I can't get off of her.

Complete flawed idea and analogy (0)

Anonymous Coward | more than 4 years ago | (#29547385)

1st ants don't have telephathy which mimics our IP networks, so why the hell send army of ants if one will do, sending alert to operator
2nd:
>> Each time a digital ant identifies some evidence, it is programmed to leave behind a stronger scent. Stronger scent trails attract more ants, producing the swarm that marks a potential computer infection

isn't this quite accurate description of ddos attack exploiting some known vulnerability?

I for one... (1)

RichardJenkins (1362463) | more than 4 years ago | (#29547391)

I for one welcome our new digital insect overlords.

Re:I for one... (0)

Anonymous Coward | more than 4 years ago | (#29547633)

You're far from being funny. Try to be more original.

Re:I for one... (1)

RichardJenkins (1362463) | more than 4 years ago | (#29549129)

Rather than humour it is a satirical stab at the meme itself. Consider the irony in using this phrase in reference to "ants" (the original subject of the phrase) when most in most instances of this phrase being used in popular culture the subject is typically replaced with something that has no link or connection to the original.

The meme became irksome because it could be (and was) used in most any circumstance where a new and unconventional technology emerged that was fundamentally different to its already established competitors. Over time it has become less prevalent, and a story about 'ants' as something entirely new is a delightful place to comment on that.

Perhaps I was too subtle, but I rather fancy you're a tad slow off the mark.

Re:I for one... (1)

gestalt_n_pepper (991155) | more than 4 years ago | (#29548243)

That's overladies to you buddy. Hello from your ant Mabel.

Re:I for one... (1)

Hatta (162192) | more than 4 years ago | (#29548327)

Ants vs. Worms sounds like a great video game.

Re:I for one... (0)

Anonymous Coward | more than 4 years ago | (#29549109)

Ants vs. Worms. Soon to go planetwide!

Wow. (0)

Capsy (1644737) | more than 4 years ago | (#29547405)

This is akin to sticking used needles into your arm. Hell, while we're at it, why not just go ahead and download viruses to our systems. It'll cut the middle man out of the equation (i.e. these stupid "ants") and free up some time for hackers. Thank you Wake Forest.

Re:Wow. (1)

bitemykarma (1515895) | more than 4 years ago | (#29547747)

"why not just go ahead and download viruses to our systems"
Or, use Windows.

Re:Wow. (1)

Capsy (1644737) | more than 4 years ago | (#29547791)

Touche.

So... bugs? (5, Funny)

jamesh (87723) | more than 4 years ago | (#29547451)

If I wanted 3000 bugs swarming inside my computer i'd run Windows.

Re:So... bugs? (2, Funny)

dissy (172727) | more than 4 years ago | (#29547919)

If I wanted 3000 bugs swarming inside my computer i'd run Windows.

This is why, even with just one hard drive, I always load drivers for RAID.

Re:So... bugs? (1)

antdude (79039) | more than 4 years ago | (#29551951)

Ants aren't bugs. They're insects! :P

Bound to fail (4, Insightful)

Tinctorius (1529849) | more than 4 years ago | (#29547465)

Taking the obvious problems with this approach aside (using viral programs to identify viral infections), it should be easy to distract the flock of "ants" by one or more decoy infection(s), and then start the 'real' infection on the "other side" of the network. The "ants" have built a highway of warning signs towards the decoy(s), so the probability of ants traversing to the 'really' infected machines is lowered.

It's always fun to apply theories from one field of CS (namely optimization) to another (security), but if you give it a short thought, you know this can't be a good idea. It wouldn't be science if they didn't test that hypothesis, but I certainly hope they're not that stupid to test it in production systems.

Re:Bound to fail (1)

Scubaraf (1146565) | more than 4 years ago | (#29549083)

The scent signal only travels so far. This will not create a defense void at the side opposite the infection. But, the "ants" should not only lay down scent trails when they pick up a threat, they should clone themselves. This will select for the repertoire of ants than can identify this type of threat. That way you bring more effort to bear at the site of infections with out worrying about depleting resources on the "other side" of the network. Once the initial threat is over, the cloned ants disperse, covering the whole network. The system is now effectively inoculated against this specific type of threat - with the latency to respond to a subsequent attack significantly decreased. All without user intervention.

How long before malicious ants will appear? (3, Insightful)

misnohmer (1636461) | more than 4 years ago | (#29547499)

Having anything "crawl" through your network seems like a huge security risk to me. Any security solutions will have be aware of those crawlers and allow them to crawl from computer to computer. What's to stop viruses to simply impersonate such crawling ant - free pass to every computer on the network!

Another problem may be as they all "converge" on threats. What is they bug down the target machine, or the network? If my browser cookie looks "yummy" to the "ant" (no pun intended - browser cookie may be classified as a threat), next thing I know my network interface is crawling with these "ants"! My administrator cannot log in because of all the ants plugging my bandwidth!

like in nature there's always a hack: Phorid flies (3, Insightful)

garompeta (1068578) | more than 4 years ago | (#29547535)

The genus "pseudacteon" of the Phorid flies zombifyies ants laying eggs in the ants thorax. The larvae moves to the head of the ant and it feeds itself until it is big enough to come out, decapitating the ant.

So yeah, I think I know how this story of swarming ants are going to turn out.

just more bugs (4, Funny)

FatherDale (1535743) | more than 4 years ago | (#29547665)

Forget ants. Gimme a can of Raid.

everything evolves, it will constantly change (1)

mrflash818 (226638) | more than 4 years ago | (#29549933)

The one paralled in nature, I think, is that the whole offense/defense is an evolving dynamic system. There will never be a 'done.'

New attacks will be found/invented each time a new defense is found for existing threats.

For me, it is 'so far, so good!' in using Debian stable, and an unpriviledged user, sudo'ing as needed.

RAID? (1)

antdude (79039) | more than 4 years ago | (#29552081)

Redundant array of inexpensive disks is good! :)

When can we expect the first "fire ant" malware? (1)

John Hasler (414242) | more than 4 years ago | (#29547771)

n/t

ObReference to Mute (1)

trawg (308495) | more than 4 years ago | (#29547813)

Obligatory reference to MUTE, an anonymous p2p system for file sharing which is apparently based on the process by which ants find food: http://mute-net.sourceforge.net/howAnts.shtml [sourceforge.net]

analogy != idea (1)

jipn4 (1367823) | more than 4 years ago | (#29548039)

Our idea is to deploy 3,000 different types of digital ants, each looking for evidence of a threat

That's not an "idea", that's an analogy. An analogy with nature is a nice way of explaining something, not an idea.

There "idea" seems to be that if there is evidence of an infection, then the infected system should be examined further for evidence of other infection. I'm not sure why that's useful. Why not investigate all systems for all infections? Why continue to run an infected system at all?

it is programmed to leave behind a stronger scent. Stronger scent trails attract more ants, producing the swarm that marks a potential computer infection.

That sounds actually like it might itself result in a denial of service attack of the system.

Re:analogy != idea (1)

techhead79 (1517299) | more than 4 years ago | (#29550243)

I'm also having a hard time trying to understand the "use" here. But I'm not a network guy. I'm assuming though these ants will try to identify individual patterns that are not specific to a threat but are potential threats based on behavior. As the ants swarm they identify other similar behavior taking up more CPU time looking for other occurrences of the behavior...I'm assuming once the ant arrives on the system the bandwidth would no longer be an issue as the local daemon that accepts the ant would be doing the communication? I'm assuming the need for the ant to travel is for it to have adapting algos that learn as it travels the network so an ant on one machine designed to detect certain behavior may not be the same as an ant on another machine designed to detect that same behavior. So if you have all 3000 ants on your system soaking up all your CPU time and the daemon on your system is spitting out an ungodly amount of data to the sysadmins...chances are good your system is already hosed by the worm/virus and the sysadmin will be giving you a call in a few minutes anyway...at least that's the plan?

I don't know...someone help clue me in!

ants??? ants!!! (1)

someone1234 (830754) | more than 4 years ago | (#29548223)

There is no way i let ants in my box.
Lemme buy some insecticide.

Re: Is the TFA a Mohawk or American fast food (0, Troll)

bitemykarma (1515895) | more than 4 years ago | (#29548251)

I'm sick and fucking tired of web sites that are a slim stip of content down the middle, with horseshit on the side.

You got ants.... I got predators (1)

gestalt_n_pepper (991155) | more than 4 years ago | (#29548255)

Or better still, uncles, a type of ant that fights network ants, scattering them and making them useless.

How long? (1)

Dreadneck (982170) | more than 4 years ago | (#29548473)

How long before these 'ants' are set loose to sniff out people the State finds undesirable?

Hmmm... (0)

Anonymous Coward | more than 4 years ago | (#29548475)

Sim-Ant-Tec

Ant-based Clustering for Intrusion Detection (0)

Anonymous Coward | more than 4 years ago | (#29548527)

Here is a related paper that also could be of your interest: http://www.chemoton.org/ref54.html (PDF available online)

Vitorino Ramos, Ajith Abraham, ANTIDS: Self-Organized Ant-based Clustering Model for Intrusion Detection System, in Swarm Intelligence and Patterns special session at WSTST-05 - 4th IEEE Int. Conf. on Soft Computing as Transdisciplinary Science and Technology - Japan, LNCS series, Springer-Verlag, Germany, pp. 977-986, May 2005.

Abstract: Security of computers and the networks that connect them is increasingly becoming of great significance. Computer security is defined as the protection of computing systems against threats to confidentiality, integrity, and availability. There are two types of intruders: the external intruders who are unauthorized users of the machines they attack, and internal intruders, who have permission to access the system with some restrictions. Due to the fact that it is more and more improbable to a system administrator to recognize and manually intervene to stop an attack, there is an increasing recognition that ID systems should have a lot to earn on following its basic principles on the behavior of complex natural systems, namely in what refers to self-organization, allowing for a real distributed and collective perception of this phenomena. With that aim in mind, the present work presents a self-organized ant colony based intrusion detection system (ANTIDS) to detect intrusions in a network infrastructure. The performance is compared among conventional soft computing paradigms like Decision Trees, Support Vector Machines and Linear Genetic Programming to model fast, online and efficient intrusion detection systems.

These are not the ants you are looking for... (2, Interesting)

Scubaraf (1146565) | more than 4 years ago | (#29549007)

Ants are not a good analogy. What they are describing is much more like an adaptive immune system - the "ants" in their system are circulating T-cells. Dr. Rodney Langman, an immunologist from the Salk Institute and UCSD, proposed exactly what the article describes. He described the conceptual elements required to form a synthetic immune system in the early 90's. Initially the goal was to model and understand our own adaptive immunity, but he often used computers and network protection from viruses as examples when explaining the concepts. I was his TA while in grad school.

Synthetic Immunity [salk.edu]

If we extrapolate - computer networks will not only be guarded by T-cells that circulate through networks, identify threats, and release proinflammatory markers and antiviral "poisons" - there will be B-cell equivalents that produce antibodies, snippets of code the bind and immobilize specific codes they are designed to recognize. There will also be some degree of autoimmunity as viruses are reworked to mimic benign code. There will be an HIV equivalent (there already are) that targets not just the OS, but the OS defenses themselves. And there will be vaccines - benign code that presented as a virus to train the immune system on a specific type of threat.

HP did this 15+ years ago for network management (1)

karl.auerbach (157250) | more than 4 years ago | (#29549063)

Hewlett Packard did this 15+ years ago for purposes of device discovery and management.

They had a constrained abstract machine environment in some of their products that was intended to be "infected" by one of their worker programs.

Worker code would "infect" a machine, would send back reports about the machine, would serve as a contact point for management, and try to propagate itself to other machines.

delusional thoughts (0)

Anonymous Coward | more than 4 years ago | (#29549869)

I think they might also be thinking of running distributed file scans against a networked FS.
I also think they might be thinking of some sort of networked virtual machine that checks network traffic and has software to collobarate with other like node.
The fungus and fly references mentioned earlier are also apt because this can go dark side fast. I wouldn't worry about the spammers expoliting it until they outsource for a solution.

what if ants take over? (1)

roman_mir (125474) | more than 4 years ago | (#29553631)

which step here involves 'When wintertime rolls around, the gorillas simply freeze to death'? Is it the one that comes right before the 'Profit' line?

Re:what if ants take over? (0)

Anonymous Coward | more than 4 years ago | (#29554475)

hex DEF6

Pratchett (0)

Anonymous Coward | more than 4 years ago | (#29557733)

Ant Hill inside

reminds me of something (1)

pdunham (1627109) | more than 4 years ago | (#29558033)

and the name of the ant? Tron. Will it keep an eye on the Master Control Program also?
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...