The Daily Collegian Online - Published independently by students at Penn State SCIHEALTH
[ Tuesday, Feb. 20, 2007 ]

Computer security system developed
PSU researchers have developed a new system to help contain worms.

By Amy Flashenberg email
Collegian Staff Writer

Researchers in Penn State's College of Information Sciences and Technology (IST) Cyber Security Lab have developed a new system for blocking and containing fast-scanning computer worms.

The system monitors connection rates of faster, diverse worms, said Peng Liu, associate professor in the College of IST. By detecting packets of data -- including its source address, receiver address and content of the worm -- the system can identify a worm and contain it before infecting other hosts, Liu said.

"We can quickly detect worm attacks, and then we basically will block and contain the host," Liu said.

A diverse worm is one that does not follow a normal line of virtual "traffic," but instead spreads more sporadically from one receiver to the next, said Lunquan Li, a doctoral student in the College of IST who is involved in the research. The worm's arbitrary spread makes it difficult to identify its original source to contain and block it.

The new system, called Proactive Worm Containment (PWC), gets its name because of its quick activation, Li said.

Currently, the most popular systems for identifying and attacking worms are signature-based, Liu said. Signatures are unique patterns in a worm's coding that can be matched with a packet for detection, he said.

Signature-based techniques tend to have a period of latency -- because people must learn specific signatures of worms before identifying them -- and thus provide less protection from worms than the PWC system, Liu said. The new system uses an alternative approach that does not rely on signatures, he said, so it is activated immediately.

Worm attacks that are planned are especially dangerous because they spread faster than worm attacks that infect just one machine, said John Yen, professor-in-charge of IST at Penn State. Because the attacks are premeditated, more must be known about the infected machine, making it much more vulnerable to fast-scanning worms.

Liu said the techniques the PWC system uses will be compatible with all computer operating systems once it is fully developed.

Some companies in the computer security industry are already interested in commercializing the system, Liu said.

"This technology can be widely used by real world people, by enterprises like Penn State or by individuals at home," Liu said. "It's not difficult to use. You just install the software, and worms can be blocked."

The research began in late 2005 and will continue while the system is being perfected, Liu said. A provisional patent has been filed by Penn State, Liu said, which offers protection to the system until a full patent is filed, he said.

"In this stage we have a beta version, so now we've basically developed a prototype," Liu said. "Based on testing results, we may need to further refine the approach."


 

TOP  HOME
News  Sports  Opinions  Arts  Venues  Special  Classifieds 
Blogs  About  Contact Us  Back Issues  Advertising 

Copyright © 2009 Collegian Inc.