Washington, January 14 (ANI): Researchers at University of California, Davis and Intel Corporation have devised a new strategy to enable computer network administrators to curb attacks by computer worms at low cost.
Many computers are already equipped with software that can detect when another computer is attempting to attack it.
However, research leader Senthil Cheetancheri says that the software usually fail to identify newly-minted worms that do not share features with earlier marauders.
He even highlights the fact that network managers face a major dilemma when they detect any suspicious activity.
"The question is, 'Should I shut down the network and risk losing business for a couple of hours for what could be a false alarm, or should I keep it running and risk getting infected?'" he says.
Cheetancheri, a graduate student in the Computer Security Laboratory at UC Davis when he did the work, has demonstrated that it is possible to overcome the conundrum by enabling computers to share information about anomalous activity.
He says, as signals come in from other machines in the network, each computer compiles the data to continually calculate the probability that a worm attack is underway.
"One suspicious activity in a network with 100 computers can't tell you much. But when you see half a dozen activities and counting, you know that something's happening," he said.
According to the researcher, the second part of the strategy is an algorithm that weighs the cost of a computer being disconnected from the network against the cost of it being infected by a worm.
Cheetancheri revealed that the results of the new strategy depended upon the calculated probability of an attack, and varied from computer to computer depending on what the machine was used for.
He said that the algorithm would trigger a toggle to disconnect the computer whenever the cost of infection outweighed the benefit of staying online, and vice versa.
The researcher said that the computer used by a person working with online sales, for example, might be disconnected only when the threat of an attack is virtually certain.
On the other hand, a computer used by a copy writer who can complete various tasks offline might disconnect whenever the probability of an attack rises above even a very low level.
The study was published in "Recent Advances in Intrusion Detection, 2008," the proceedings of a symposium that was held in Cambridge, Massachusetts, in September last year. (ANI)