Academic researchers supported by Intel have come up with a method that could lead to a new way of defending networked assets against zero-day malware attacks.
The scheme works by having peer systems share information about anomalous activity, and then prioritising a process of remediation that causes the least business impact.
The work to develop new intrusion detection procedures has been carried out by researchers at the University of California’s Davis Computer Security Laboratory.
According to reports first published in Science Daily, the system relies on an algorithm that weighs the cost of a computer being disconnected from the network against the cost of it being infected by a worm.
“Results of this ongoing process depend on the calculated probability of an attack, and on what the machine is used for. The algorithm triggers a toggle to disconnect the computer whenever the cost of infection outweighs the benefit of staying online, and vice versa.”
The software is designed to interact with existing personal firewalls and intrusion detection systems to gather data about anomalous behaviour.
A system used to process sales orders, say, would be automatically disconnected from the network only if an attack were certain, whereas a PC being used in a warehouse or store room might be quarantined as soon as the security software suspected a potential malware attack.
It is said that Senthil Cheetancheri, who led efforts has been working for several years on the use of automated reasoning in co-operated cyber defence, is now with SonicWall.
This article is from the CBROnline archive: some formatting and images may not be present.