[Colloq] CCIS Colloquium

Chantal Cardona chantalc at ccs.neu.edu
Tue Sep 27 14:00:00 EDT 2005


                                                                         
                              **

* *

*                                            College** of **Computer** 
and Information Science Colloquium*

 

Presents:

*Dr. Fernando C. Colon Osorio*

*WPI System Security Research Laboratory*

 

Who will speak on:

*Malware Exhibiting Swarm-Like Behavior*

* *

*/Thursday, September 29, 2005/**//*

*/10:30am/**//*

*/366 West Village H/*

*/Northeastern University/*

*/ /*

_Abstract_:

*The Slammer, which is currently the fastest computer worm in recorded 
history, was observed to infect 90 percent of all vulnerable Internet 
hosts within 10 minutes. Although the main action that the Slammer worm 
takes is a relatively unsophisticated replication of itself, it still 
spreads so quickly that human response was ineffective. Most proposed 
countermeasures strategies are based primarily on rate detection and 
limiting algorithms, or the detection of a sudden increased occurrence 
of "Destination Unreachable" messages in a network. However, such 
strategies are being designed and developed to effectively contain worms 
whose behaviors are similar to that of Slammer.*

*In our work, we put forth the hypothesis that next generation worms 
will be radically different, and potentially such techniques will prove 
ineffective. Specifically, we propose to study a new generation of worms 
called "Swarm **Worms**", whose behavior is predicated on the concept of 
"emergent intelligence". Emergent Intelligence is the behavior of 
systems, very much like biological systems such as ants or bees, where 
simple local interactions of autonomous members, with simple primitive 
actions, gives rise to complex and intelligent global behavior. In this 
talk we will introduce the basic principles behind the idea of "Swarm 
**Worms**", the nature of the intelligent behavior that emerges, as well 
as the basic structure required in order to be considered a "swarm 
worm", based on our definition. In addition, we will present preliminary 
results on the propagation speeds of one such swarm worm, called the 
ZachiK worm. We will show that ZachiK is capable of propagating at a 
rate 2 orders of magnitude faster than similar worms without swarm 
capabilities while remaining stealthy.*

*This work was conducted as part of a larger effort in the development 
of next generation Intrusion Detection & CounterMeasure Systems at 
WSSRL. The work is conducted under the auspices of Grant ACG-2004-06 by 
the Acumen Consulting Group, Inc., Marlboro, **Massachusetts**.*

Host: Ken Baclawski




More information about the Colloq mailing list