[Colloq] Talk by Fernando C. Colon Osorio,
hosted by NU Computer Architecture Research Laboratory
Rachel Kalweit
rachelb at ccs.neu.edu
Wed Apr 27 13:32:48 EDT 2005
The Northeastern University Computer Architecture Research Laboratory
is pleased to welcome Prof. Fernando C. Colon Osorio, who will be
talking about his work in the area of Information Security and Swarm
Worms.
Date: Friday, April 29
Time: 11:00am
Place: 206 Egan Center
Title:
"And you thought you were safe after SLAMMER, not so, Swarms not Zombies
present the greatest risk to Our National Internet Infrastructure"
Presenters:
Fernando C. Colon Osorio and Zachi Klopman
WPI System Security Research Laboratory
Worcester Polytechnic Institute
Abstract:
In the early morning hours (05:30 GMT) of January 25, 2003 the
fastest computer worm in recorded history began spreading throughout the
Internet. Within 10 minutes after the first infected host (patient
zero), 90 percent of all vulnerable hosts had been compromised creating
significant disruption to the global Internet infrastructure. Vern
Paxson of the International Computer Science Institute and Lawrence
Berkeley National Laboratory in its analysis of SLAMMER commented:
"The Slammer worm spread so quickly that human response was ineffective."
The interesting part from our perspective about the spread of SLAMMER is
that it was a relatively unsophisticated worm with benign behavior,
namely self-reproduction. Since SLAMMER, researchers across the United
States and overseas have explored the behaviors of fast spreading worms,
and have designed countermeasures strategies based primarily on rate
detection and limiting algorithms. For example, Zhou, et al. proposed a
scheme where a Kalman filter is used to detect the early propagation of
a worm. Other researchers have proposed the use of detectors where rates
of "Destination Unreachable" messages are monitored by firewalls, and a
significant increase beyond "normal", alerts the organization to the
potential presence of a worm. However, such strategies suffer from the
"fighting the last WAR" syndrome. That is, systems are being designed
and developed to effectively contain worms whose behaviors are similar
to that of SLAMMER.
In this work, we put forth the hypothesis that next generation
worms will be radically different, and therefore such techniques will
prove ineffective. Specifically, we propose to study a new generation
of worms called "Swarm Worms", whose behavior is predicated on the
concept of "emergent intelligence". Emergent Intelligence is the
behavior of systems, very much like biological swarms such as ants or
bees, where simple local interactions of autonomous swarm members, with
simple primitives, gives rise to complex and intelligent global
behavior. In this talk we will introduce the basic principles behind the
idea of "Swarm Worms", the nature of the intelligent behavior that
emerges, as well as the basic structure required in order to be
considered a "swarm worm", based on our definition. In addition, we will
present preliminary results on the propagation speeds of one such swarm
worm, called the ZachiK worm. We will show that ZachiK is capable of
propagating at a rate 9,000 times faster that previously known worms.
______________________________________
* This work was conducted as part of a larger effort in the development of
next generation Intrusion Detection & Countermeasure Systems at WSSRL.
The work is conducted under the auspices of Grant ACG-2004-06 by the
Acumen Consulting Group, Inc., Marlboro, Massachusetts.
Information on the speaker can be found at:
http://www.cs.wpi.edu/People/faculty/fcco.html
More information about the Colloq
mailing list