Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Modeling Security Software To Mimic Ant Behavior

Roblimo posted more than 3 years ago | from the maybe-more-like-white-blood-cells-than-ants dept.

Programming 68

wiredmikey writes "Researchers from universities and national laboratories in the United States are developing software that mimics ant behavior, as a new approach to network security." The concept has been around for a while, but this summer researchers are working to train the "digital ants" well enough that they can turn them loose into the power grid to seek out computer viruses trying to wreak havoc on the system.

cancel ×

68 comments

Ant bait? (1)

pinpuke (2194896) | more than 3 years ago | (#36308996)

Will McAfee come out with Ant Trap 1.0?

Re:Ant bait? (1)

Meski (774546) | more than 3 years ago | (#36316688)

It'll work if we tip honey on all the malware.

A new definition of honey-trap.

Skynet (1)

Anonymous Coward | more than 3 years ago | (#36308998)

Turn them loose? Sounds like skynet. What could possibly go wrong?

Re:Skynet (0)

Anonymous Coward | more than 3 years ago | (#36309018)

Well. If the ants consider computer viruses to be food then they will take them back to the nest. This would lead to a collection of viruses that could possibly intermingle, mutate, and form new variations of viruses one of which may be self-aware.

Re:Skynet (1)

Culture20 (968837) | more than 3 years ago | (#36309100)

Well. If the ants consider computer viruses to be food then they will take them back to the nest.

or just like how real ants herd aphids and mulch fungus farms, these digi-ants might introduce vulnerabilities in known good software to keep their food supply high. Thank God that's not how they're programmed except in the mind of a mediocre sci-fi writer.

Re:Skynet (1)

maxwell demon (590494) | more than 3 years ago | (#36309316)

But could a malicious person write another, malicious ant which manipulates the existing ant colony for his own goals? Those malicious ants could leave false scents at completely harmless computers, or remove scents left by other ants. Maybe it could even manage to free some part of the network from ants by leading ants at its borders to other parts of the network through strategically placed scents. Indeed, it could even be a DoS attack by simply creating lots of copies of the existing ants, which then will clog the network. Say, add a few ants which do nothing but clone other ants they encounter. Let a few loose in the network. They will start to copy good ants (and occasionally other bad ants, thus slowly increasing the copy rate, while never becoming a large fraction of all ants). After some time, the ants will start to clog the network; since the vast majority is (clones of) genuine ants, it will be hard to detect the cause of this.

Re:Skynet (0)

Anonymous Coward | more than 3 years ago | (#36309374)

Maybe a malicious person writes an ant fungi that mind controls that ants.

Re:Skynet (1)

Moryath (553296) | more than 3 years ago | (#36309906)

But could a malicious person write another, malicious ant which manipulates the existing ant colony for his own goals?

Sure they could.

What, you didn't think that was what existing botnet viruses do? They co-opt the millions of computers left unpatched and unsecured by clueless users everywhere for their own purposes.

What's being described by the "ants" concept is nothing more than the age-old "can we make a beneficial computer virus" crap that constantly gets spread around. The answer is no, because if it gets in through a vulnerability, that vulnerability necessarily exists and any form of communication it does back to home necessarily becomes a new vulnerability.

Re:Skynet (1)

Meski (774546) | more than 3 years ago | (#36316702)

Is that an un-ant-serable problem?

Re:Skynet (1)

halfEvilTech (1171369) | more than 3 years ago | (#36309038)

Was thinking the same thing. Let me know when they are about to start so I can make sure I am out of possible nuke targets.

There was an old power grid (3, Funny)

bugs2squash (1132591) | more than 3 years ago | (#36309004)

That swallowed a fly...

Re:There was an old power grid (0)

Anonymous Coward | more than 3 years ago | (#36309234)

And the new one will be... well, let's say I'm developing a digital giant magnifying glass. ;)

Re:There was an old power grid (1)

BenJaminus (472372) | more than 3 years ago | (#36309400)

I wonder why it swallowed a fly?...

Re:There was an old power grid (1)

Abstrackt (609015) | more than 3 years ago | (#36310766)

Probably because it was glowing.

Re:There was an old power grid (1)

Wiarumas (919682) | more than 3 years ago | (#36309488)

For those who don't understand this (insightful) post, its based off a children's novel (http://en.wikipedia.org/wiki/There_Was_an_Old_Lady_Who_Swallowed_a_Fly). There is an old woman who swallowed a fly and she keeps eating other animals to get rid of the previous animal until she eventually dies in the end (some versions have a censored ending).

Obligatory (3, Informative)

Blackdognight (1329141) | more than 3 years ago | (#36309068)

"I, for one, welcome our new insect overlords." Sorry, but the perfect oportunity to use the original quote doesn't come up every day...

Re:Obligatory (3, Funny)

NoNonAlphaCharsHere (2201864) | more than 3 years ago | (#36309182)

It didn't today, either.

Not this bollocks again. (1)

Anonymous Coward | more than 3 years ago | (#36309080)

So, in order for these "ant-like" software agents to "roam" around a network, presumably all the machines on the net will have to keep a port open to accept random downloads of software to run locally?

Sure, that'll work.

Why on earth would they "wander" (2)

Zerth (26112) | more than 3 years ago | (#36309092)

I'd like my security software to stay resident at all times, thank you very much.

And "swarming"? I suppose that is an effective response, sucking up CPU by making meaningless copies of itself will keep the virus from doing much. But I'd rather remove the malware.

Re:Why on earth would they "wander" (1)

Inda (580031) | more than 3 years ago | (#36309680)

They wander to create networks: http://science.slashdot.org/story/11/02/17/2243203/Ants-Build-Cheapest-Networks

I like ants; I've owned ant farms, but c'mon, they can't be used for everything. Digging sand from under your garden path? Sure. Farming aphids? Yeah, they do a better job than I ever could ever do...

Leave the computer stuff to the intelligent animals.

Uh...WTF? (5, Interesting)

chill (34294) | more than 3 years ago | (#36309114)

"In nature, we know that ants defend against threats very successfully," Fulp said. "They can ramp up their defense rapidly, and then resume routine behavior quickly after an intruder has been stopped. We're trying to achieve that same framework in a computer system."

Yeah, that's what we need. One Symantec AV can't stop a virus it doesn't know about, so we need TEN SYMANTEC AVS on the job.

The problem in computer security is one of DISCERNING INTENT. Good code and bad code look the same. The call the same functions, perform mostly the same tasks.

Think of VNC or Windows Remote Help vs a backdoor trojan. Same basic thing, just different intent.

FTP, Dropbox or other file transfer vs a trojan that uploads your files. Intent again.

Ants don't do any better at recognizing bad guys than AV software does. Faced with an enemy that is TRYING to disguise itself, they are fooled or sidelined. http://www.securityweek.com/researchers-model-security-software-mimic-behavior-ants [securityweek.com]

On the bight side, I'll be they can squeeze a few research grants out of it.

Re:Uh...WTF? (1)

ThunderBird89 (1293256) | more than 3 years ago | (#36309150)

ZoneAlarm and Comodo DO detect RealVNC as possible threat, asking for authorization to run, then another to connect. Same with Crossloop (which is just a shell for RealVNC with a custom connection schema, though).

Re:Uh...WTF? (2)

chill (34294) | more than 3 years ago | (#36309312)

Yes, but that isn't a solution. That is just passing it on to the user to say "I see something, what is it?" Again, it defers determining intent to the user.

In real world application, ZoneAlarm and Comodo are next to useless because clueless users just keep clicking "allow" to make it stop bothering them.

God help them when "svchost.exe" pops up asking for permission.

Re:Uh...WTF? (1)

The Archon V2.0 (782634) | more than 3 years ago | (#36309330)

Which is really annoying if the firewall updates and forgets you told it VNC was OK, then you're left with a machine that has no monitor, mouse, or keyboard waiting for someone to click OK. (Thank you Comodo....)

Re:Uh...WTF? (1)

maxwell demon (590494) | more than 3 years ago | (#36309406)

Well, just add another program to the box which monitors the firewall and emulates clicking OK whenever that window appears. :-)

Re:Uh...WTF? (1)

element-o.p. (939033) | more than 3 years ago | (#36309818)

Back in my days working the abuse desk at an ISP, ZoneAlarm was the bane of my existence. The problem with ZoneAlarm is that it would freak out about EVERYTHING unless it was configured by someone who actually had a clue...but no one who actually had a clue would use ZoneAlarm, since much better products (like Sygate, IIRC) were available. We had customers write to complain that they were being hacked by the ISP DNS servers, mail servers, 127.0.0.1 (yes, I actually had someone write in to ask us to take action against the user who was trying to hack him from 127.0.0.1...sigh), etc., etc., ad nauseum.

IMHO, ZoneAlarm was scareware: "See what we are protecting you from?!?! It's a good thing we're installed...in fact, why don't you upgrade to Pro?"

Re:Uh...WTF? (1)

ThunderBird89 (1293256) | more than 3 years ago | (#36310014)

I got fed up by the pro version's insane resource utilization when updating. It was enough to actually break USB connection to my phone. So off it went, and I switched to Comodo. Since I can't pay for the license (being a student and whatnot), I'd rather my AV/Firewall was free... :)

Re:Uh...WTF? (1)

PhilHibbs (4537) | more than 3 years ago | (#36309206)

I think the broad theory is that each computer on a network behaves like an ant, passing information to other computers about the network environment. If one computer starts misbehaving, the others can communicate this information and avoid the infected machine or the source of the incoming traffic. If the security software on the infected PC is compromised, they might even be able to force the infected machine to run some different security software that can help combat the threat. This is all just off the top of my head, and no, of course I didn't read the fine article.

Re:Uh...WTF? (1)

PhilHibbs (4537) | more than 3 years ago | (#36309228)

Hm, looks like I replied to the wrong comment. Oh well.

Re:Uh...WTF? (0)

Anonymous Coward | more than 3 years ago | (#36309276)

so a user uses a computer, so it tells all other computers to ignore that computer because it is no longer idle - hmmmm
problem of intent still exists. How about you ask the other ants?? but what if one of the other ants can't be trusted... or has multiple personality disorder and is pretending to be many more ants to influence the others... same issue. Maybe I should read TFA, but the headline only makes me think research grant fluff fail.

Re:Uh...WTF? (1)

pookemon (909195) | more than 3 years ago | (#36313586)

Ah yes, however now when you are bored at work, and you look out the window and see a beautiful day, with the sun shining, you can have some fun by grabbing a magnifying glass and setting fire to your security software.

Thank you master (-1)

Anonymous Coward | more than 3 years ago | (#36309160)

I think that is very good theme for everybody. Thank you master
http://bilgibank.tk/forum/index.php
http://bilgibank.tk/wordpress
http://colorfashion.co.cc
http://womanly.tk/

Nice concept... (1)

grimsweep (578372) | more than 3 years ago | (#36309192)

...but the power of such a system is in interpreting the data. It sounds as if the 'ants' themselves wander about the network observing specific attributes, then leaving behind a few notes on anomalies found. Other ants come along, attracted by the 'scent' of the data, and add their own observations. This is all well and good, but my skepticism comes in when we try to interpret the 'odors'. The ants have a chance of observing an event they or another ant caused to happen, which introduces false positives. Other ants arrive, further interfering with the results and pointing virtual fingers at what could be an illusionary culprit. Therefore, the trouble with this approach is that there always exists a possibility of that which 'smelt' it, 'dealt' it.

computer viruses in the power grid? (1)

doperative (1958782) | more than 3 years ago | (#36309270)

"this summer researchers are working to train the "digital ants" well enough that they can turn them loose into the power grid to seek out computer viruses trying to wreak havoc on the system".

The only way 'computer viruses` could get into the power grid is if you run your SCADA units on Microsoft Windows and connect them directly to the Internet. Designing a system that allows 'digital ants` to scurry about and be secure at the same time is a contradiction in terms. What happens if the 'digital ants` are hijacked by the .cyber->terrorists :)

The power grid is probably more vulnerable to cyber attacks than security experts would like to admit,” said Fulp.,

What part of don't connect your SCADA units to the Internet don't these 'security experts' understand?

As the grid becomes more and more interconnected, it offers hackers more points to enter the system; for instance, inserting a virus or computer worm into a low security site, such as in your home's smart grid, to gain access to more secure systems up the line,

Anyone who designs such a system should be arrested immediately and shifted off to Guantanamo Bay as a threat to national security.

Re:computer viruses in the power grid? (1)

vlm (69642) | more than 3 years ago | (#36309306)

What happens if the 'digital ants` are hijacked by the .cyber->terrorists :)

This will be the inevitable outcome. Random software is not allowed inside, or at least we put a measurable although microscopic effort into it. Digital ants are allowed in. Therefore they will be the infection vector of the future. "who watches the watchers"

Re:computer viruses in the power grid? (1)

SEWilco (27983) | more than 3 years ago | (#36311322)

"who watches the watchers"

The ant lion watches them.

Re:computer viruses in the power grid? (1)

maxwell demon (590494) | more than 3 years ago | (#36309532)

What part of don't connect your SCADA units to the Internet don't these 'security experts' understand?

The "don't" part, of course.

never heard of USB sticks? (1)

dutchwhizzman (817898) | more than 3 years ago | (#36310186)

It doesn't require an Internet connection to get infected. The most useful approach I've seen so far in power plants is 2 separated networks. One reserved for control with no external media or Internetconnection and one with internet and functioning drives, USB ports and all that. People are going to try to use the computer on their desk to do stuff they want, unless you provide them with an alternative. Lock the control computer down as best as you can, and leave the other one as open as possible.

Re:computer viruses in the power grid? (1)

GameboyRMH (1153867) | more than 3 years ago | (#36311954)

What part of don't connect your SCADA units to the Internet don't these 'security experts' understand?

When they're not connected to the Internet, they're connected to a modem with no authentication...

Sounds like buggy code (3, Funny)

gatkinso (15975) | more than 3 years ago | (#36309304)

Hahahahawhawhaw.

Carry on.

Re:Sounds like buggy code (1)

antdude (79039) | more than 3 years ago | (#36311296)

Ants aren't bugs. "How wude." :P

Computer Fungus Infection (1)

Pennidren (1211474) | more than 3 years ago | (#36309356)

Exit the age of the computer virus. Enter the age of the computer fungus! [youtube.com]

viruses are a bad analogy (1)

doperative (1958782) | more than 3 years ago | (#36309420)

"In nature, we know that ants defend against threats very successfully," Fulp said. "They can ramp up their defense rapidly, and then resume routine behavior quickly after an intruder has been stopped. We're trying to achieve that same framework in a computer system." link [securityweek.com]

Except computer viruses are no way near analogous to the biological kind. In nature the virus first has to latch onto the outside of the cell before injecting its genetic payload. It does this by hijacking biological processes necessary the cell to survive and propagate in the host fluid. There is no such analogous process in computer systems. A computer system can still function without ever having to download external code. The root cause of the current virus/spam/phishing infestation being the inability of the local system to differentiate between code and data and not allowing remote code to be run.

Re:viruses are a bad analogy (1)

jonadab (583620) | more than 3 years ago | (#36319984)

> In nature, we know that ants defend against threats very successfully

Sure. Ants are particularly prolific even as insects go. They can take hundred-to-one losses against virtually anything and still win by sheer numbers.

Off the top of my head the only creature I can think of that can consistently wipe out entire colonies of ants and prevent them from coming back is a human.

In other words, the analogy is stupid.

The security technology may or may not be stupid. It's hard to tell, because unfortunately the article doesn't SAY ANYTHING about how it actually works, or even what it does. It just gives you the inane meaningless less-than-half-baked analogy in way more detail than is useful.

What will this do... (0)

Kamiza Ikioi (893310) | more than 3 years ago | (#36309452)

...to honeypots?

Re:What will this do... (1)

pasv (755179) | more than 3 years ago | (#36310480)

Is it just me or is creating "buzz"words nowadays an actual career path? (a lucrative one at that).

Resulting in... (1)

bugs2squash (1132591) | more than 3 years ago | (#36309492)

...crispy ant jerky

With apologies to Scott Adams, whomever he is signed in as today

The DigiAnts are a Godsend (1)

sexconker (1179573) | more than 3 years ago | (#36309604)

Well, I was wrong. The DigiAnts are a godsend.

But isn’t that a bit short-sighted? What happens when we’re overrun by DigiAnts?

No problem. We simply release wave after wave of Chinese DigiAnteater. They’ll wipe out the DigiAnts.

But aren’t the DigiAnteaters even worse?

Yes, but we’re prepared for that. We’ve lined up a fabulous type of DigiGorilla that thrives on DigiAnteater bits.

But then we’re stuck with DigiGorillas!

No, that’s the beautiful part. When IPv6 rolls around, the DigiGorillas simply get null routed.

Magnifying Glass (1)

Rob Riggs (6418) | more than 3 years ago | (#36309638)

Is it me, or is it getting a bit warm on such a fine, sunny day?

How could it possibly go wrong? (0)

Anonymous Coward | more than 3 years ago | (#36309704)

I see no potential problems with this idea at all

I mean, its not as if the solution has ever been worse than the problem it was to fix before, right?

Where's... (0)

Anonymous Coward | more than 3 years ago | (#36309760)

my magnifying glass...

Instead of mimicing ants..... (0)

Anonymous Coward | more than 3 years ago | (#36309878)

... why don't they just build a system that mimics a secure network!

Re:Instead of mimicing ants..... (0)

Anonymous Coward | more than 3 years ago | (#36310236)

> Instead of mimicing ants..... (Score:+99)

Nice one ...

Anthill inside... (1)

chthon (580889) | more than 3 years ago | (#36310426)

nuff'said

Man questions? (1)

SanityInAnarchy (655584) | more than 3 years ago | (#36310552)

From TFA:

Berenhaut and Hilton are working to answer man questions: How do the ants migrate across different computer platforms and systems operating at different speeds?

I'm not entirely sure how that's a "man question", and I certainly don't want MANswers [wikipedia.org] to attempt to answer it.

Re:Man questions? (1)

Psychotria (953670) | more than 3 years ago | (#36313410)

It's quite simple really [youtube.com]

Well, that's how it works around here anyway :(

Easily broken (1)

SnarfQuest (469614) | more than 3 years ago | (#36310624)

All it takes is a 10 year old with a magnifying glass to wipe out your entire security system.

Ants? Why not lions? (1)

Smigh (1634175) | more than 3 years ago | (#36310912)

"In nature, we know that ants defend against threats very successfully," Fulp said.

Yeah, I'd say lions defend against threats even better. Why not model our security software to mimic lion behavior?

First it would conceal among other packets until the virus gets distracted. Then it will run at it in an angle so that the virus will run straight into an ambush mounted by other lions. Then they will bite the virus neck until it dies. Done! No more virus!

You may be vulnerable while your security software is napping though...

Melissa again? (1)

IZN0GUD (804758) | more than 3 years ago | (#36311078)

Wasn't it the writer of Melissa that has had original intent of searching for other virii and removing them? I am no cracker, but from what I know AV software is common initial target of any decent virus; why would ants be immune to such attacks and who could guarantee that they are impermeable? This scenario sounds more like "once you get infected, can't get help by being insected" or whatever. Adding more possible holes that have mind of their own isn't really a security way to go...

hmm (0)

Anonymous Coward | more than 3 years ago | (#36311184)

how do the ants gain access to the systems they are protecting? if this works anything like lawful intercept these ants really will be bugs in the system.

100 years later... (1)

SchroedingersCat (583063) | more than 3 years ago | (#36311186)

"researchers are working to train the digital ants well enough that they can turn them loose" ...
100 years later:
Agent Smith: I'd like to share a revelation that I've had during my time here. It came to me when I tried to classify your species and I realized that you're not actually mammals. Every mammal on this planet instinctively develops a natural equilibrium with the surrounding environment but you humans do not. You move to an area and you multiply and multiply until every natural resource is consumed and the only way you can survive is to spread to another area. There is another organism on this planet that follows the same pattern. Do you know what it is? A virus. Human beings are a disease, a cancer of this planet. You're a plague and we are the cure.

this software (1)

BattleApple (956701) | more than 3 years ago | (#36311200)

is going to be full of bugs

Great idea! (1)

SEWilco (27983) | more than 3 years ago | (#36311342)

Seems like a great idea, as long as it's released on an electrical network that I'm not using!

Just read a Cory Doctorow short about this... (1)

unrtst (777550) | more than 3 years ago | (#36314010)

"Human Readable" in his short story collection "With a Little Help".
Really enjoyable read, as are all his books. And you can read 'em for free if you like (most, if not all, are under creative commons), so there's no harm in checking it out :-)

I'd love to explain the story, cause it's really great, but that'd give away too much.

If you can't beat them, join them. (0)

Anonymous Coward | more than 3 years ago | (#36315280)

This is obviously an excuse to make a virus who is an antivirus. No pun intended.

Modeling Security Software To Mimic Ant Behavior (0)

Anonymous Coward | more than 3 years ago | (#36329102)

I have read information on ant behavior software application posted at mightystudent.com, it mentioned that once successfully created it will lessen or eliminate computer viruses. Best luck to all those researchers and IT people.

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...