In association with heise online

28 September 2009, 12:55

Ants vs. worms

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Since ants are pretty good at finding and combating enemies in the natural world, a team of researchers decided to try reproducing an ant-type model on computer networks. In contrast to standard anti-virus defences, this approach does not rely on anti-virus products permanently installed on workstations. Instead, digital ants wander around the network searching workstations for malware. Up to 3,000 different types of ants are used, each able to detect specific threats.

If an ant finds a threat, it leaves a digital scent marker. Other digital ants are then attracted by the marker and can also add their own markers. The stronger the signal, the more ants are attracted to the workstation in question. The idea is that infections can be detected more reliably and using less resources than a standard anti-virus product, which contains thousands of signatures and special detection procedures.

The swarm intelligence-based solution should work particularly well on large networks with many identical workstations. Initial tests in the collaboration between Wake Forest University and Pacific Northwest National Laboratory (part of the US Department of Energy) showed promise. The digital ants successfully detected a worm on a network of 64 computers.

According to the researchers, the ants are not able to move around the network at will and accidentally take control of a PC. In order to be able to examine a workstation, a digital "sentinel" that monitors the ants' work and forwards the results to a human operated central control station, must be present on the machine.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit