/dqweek/media/agency_attachments/JNb31gQnqJvAm0jqPxaV.png)
Follow UsA new program being developed in US could soon help predict virus attacks and
lead to a smarter generation of intrusion-dete-ction systems
It was Friday, June 13, 2003. Raj Narayan, accounts manager at one of the
major financial in-stitutions, turned on his note-book to give finishing touches
to the budget proposals that he had been working on for the last two months.
Instead, he saw a devilish message and lit-tle later found all his data gone.
The massive Bugbear C–a vari-ation of the original and deva-stating Bugbear
virus–had destroyed all his files.
Computer viruses and their malicious ilk are getting bigger, increasingly
aggressive and sophisticated that they may soon elude anti-virus programs. Since
anti-virus software and firewall function by identifying the telltale signature
of known attacks, these protective armo-ries are ineffective against any new
virus. The speed with wh-ich the malevolent codes now propagate require
technologies that predict outbreaks.
Software engineers at Ico-system in Cambridge, Massa-chusetts, have developed
a program that can predict eme-rging attacks by evolving scripts based on the
future hacker’s intentions.
On an experimental basis, the software is currently being developed for the
Computer Crimes Investigation Command of the US Army in Fort Belvoir, Virginia.
Another piece has been developed for the US Navy to evolve not hacker scripts
but damages to a warship control system.
"The technique can be used to systematically test software systems
around the world for vu-lnerabilities and in designing intr-usion detection
systems," Eric Bonabeau, foun-der and chief sci-entific officer at
Icosystem told Dataquest in an exclusive from Cambridge.
The hacker tool is a research prototype and is implemented on an ordinary PC
in JAVA.
The approach requires two steps: Building a detailed model of the system or
building a testing site, and evolving scripts that will be tested using the
model or the testing site.
"The prototype model de-veloped for the US Army was developed in two
months, but it requires at least ano-ther 12 months of work be-fore it can
be released," Bonabeau said.
The number of new and more destructive computer vir-uses continues to grow at
an alarming rate since they are relatively simple to create. Vir-us writers are
always on the lookout for ways to trip up un-suspecting computer users.
Advances in technology and companies’ increasing depen-dence on com-puters
and e-mail have ma-de it easier for the malicious soft-ware programs to spread
quic-kly and cripple businesses.
"Viruses will soon be too go-od for desktop computers to stop,"
Mark Sunner, chief tech-nology officer at e-mail security company MessageLabs
said recently.
Anti-virus programs for the desktops update automatically by connecting to
the security company’s website for the latest virus definitions. The res-ponse
therefore, is usually reactive rather than proactive.
The computer security indu-stry says the speed with which viruses and worms
now propa-gate require technologies that predict out-breaks before they happen.
Such predictive sys-tems require intensive compu-ting power beyond the capacity
of desktop machines.
Bonabeau said, "…new for-ms of attacks will undoubtedly emerge and our
ultimate goals will be predicting new types of computer virus and finding and
exploiting vulnerabilities in an operating system or in a router."
"The idea is to continue to evolve scripts which might allow us to
always be one step ahead. For example, if a new vulnerability has been publi-shed
we can model it and find all the ways it can be exploited. Alternatively we can
apply evolved scripts to real rather than simulated software and find the
vulnerabilities before they are discovered," he hoped.
To defend any attacks, pre-sently software that analyses traffic for signs of
malicious activity are being used. Howe-ver, hackers use modified meth-ods to
confuse such defenses.
But the new software, being developed by Icosystem, acts as an intrusion
detector that can predict hacker’s future strate-gies. "This works by
mutating the short programs or scripts that hackers use to invade computers or
which they plant on them for later activation," he said. The result is
artificially created hacking routines that security systems could be tau-ght to
recognize, allowing them to defend networks agai-nst previously unseen attacks.
"Most of the work was in building a detailed model of a Linux Red Hat
operating sys-tem and building a hierar-chical scripting grammar that derives
scripts from the hacker’s intentions. Evolving scripts is easy once you have
the grammar and the fitness," Bonabeau said.
CR Jayachandran in New Delhi