Penn State University researchers have created technology they say can nab computer worms more quickly than traditional signature-based systems and speedily set free the traffic if it's determined to be harmless after all.
The Proactive Worm Containment technology watches for a packet's rate and diversity of connections to other networks to identify worms, rather than having to wait around for a signature to be generated to spot new malware.
This technique can cut the time from identifying and capturing a worm from minutes to milliseconds, allowing for only a handful of infected packets to spread, the research team claims. That makes a big difference when you consider that notorious worms such as Slammer could issue 4,000 packets a second when attacking Microsoft's SQL Server.
"A lot of worms need to spread quickly in order to do the most damage, so our software looks for anomalies in the rate and diversity of connection requests going out of hosts," said lead researcher Peng Liu , an associate professor of information sciences and technology at Penn State, in a statement.
The technology, now in beta testing and in the midst of being patented, isn't just fast. It's also smart. In the event that a high connection rate turns out not to be the sign of a worm, the security system can do its version of a mea culpa and release the packets upon recognizing the mistake, the researchers say.
The technology can also be used in conjunction with signature-based detection systems to squelch slow as well as fast-moving worms.
Penn State researchers are putting lots of resources and brainpower toward making networks more secure. Other researchers at the school last year touted technology designed to enable databases to talk without giving away secrets to each other.
The university's Privacy-preserving Access Control Toolkit (PACT) relies on encryption of queries and data transmitted to protect sensitive information, including metadata. PACT is discussed in a paper called "Privacy-preserving Semantic Interoperation and Access Control of Heterogeneous Databases."