To combat worms, Trojans and other malware, a team of security researchers wants to use ants.
Not the actual live insects, of course, but computer programs modeled to act like ants in the way they roam a network and search for anomalies. “Ants aren’t intelligent,” says Glenn Fink, a senior research scientist at the Pacific Northwest National Laboratory who came up with the idea for the project, “but as a colony ants exert some very intelligent behavior.”
According to Fink and one of his project partners, associate professor Errin Fulp of Wake Forest University, their in-the-works project uses distributed data-collecting sensors that are modeled after the six-legged natural creatures. But where ants may leave scent trails to guide other ants to a discovered threat or food source, Fink’s sensors pass along collected data to other sensors in an attempt to identify anomalous behavior that may signal a malware infection in a large-scale network.
As information is collected, different varieties of ants may be activated to collect different types of data, Fink says. One might look for a higher-than-normal cpu usage, while another may check out network traffic.
And as with actual ant colonies, the system uses a hierarchy of programs. The sensor ants report to host-based sentinels that sit still and collect data from the ants, and the sentinels in turn are below sergeants, which are tasked with presenting data to humans and passing down their orders to the digital colony.
While early-stage tests of the system have successfully identified computer worms, “a lot of the higher-level reasoning has yet to be done,” Fulp says. It’s one thing to collect data from the insect-simulating sensors, and another to accurately interpret and process it.
The challenge, as Fink puts it, is, “How do you talk to an ant?”