if figures..insects to catch bugs.. Digital ‘ants’ take on computer worms
New software acts like biological counterpart to find and diagnose malware.
By Eric Bland
updated 2:40 p.m. ET, Wed., Oct . 28, 2009
Digital ants could soon be crawling through your computer's hard drive, but don't worry, they are there to help.
Scientists from Wake Forest University and the Pacific Northwest National Laboratory have created an army of digital ants and their superior officers, digital sergeants and sentinels, to search out viruses, worms and other malware.
The new antivirus software could provide better protection while freeing up valuable hardware.
"We are using the ants to sense something very basic, like a connection rate," said Errin Fulp, a professor of computer science at Wake Forest University who helped develop the digital ants.
"Then we collect that evidence which points us to a particular infection or security threat," said Fulp.
Like their biological counterparts, each individual ant is not very bright. A connection rate, CPU utilization or one of about 60 other technical details is all they can sense. When an ant detects something unusual, it leaves a digital pheromone, a tiny digital sense that says something unusual is going on here, and that other ants should check it out.
The digital ants report any suspicious activity to a digital sentinel, a program designed to watch over a set of computers in a network. The sentinel sorts through all the information the ants gather, and if its suspicious, passes the information on to a digital sergeant. The sergeant then alerts the human supervisor, who can the deal with the problem.
The sentinels and sergeants reward the ants for finding problems. If an ant doesn't find enough problems it "dies" off, although a minimum number is always maintained.
If a particular kind of ant finds lots of problems then more of them are created to monitor the problem. The entire system is modeled off of a normal ant colony and uses "swarm intelligence" to find and diagnose problems.
The beauty of using digital ants, instead of a traditional anti-virus program, is their flexibility. Traditional anti-virus software usually scans constantly or on a set time schedule. Constantly scanning for threats is effective, but uses a lot of computer resources, resources that could be better spent doing something else.
Scanning at certain times, usually at night, optimizes computer usage, but it leaves a computer more vulnerable. Since the number of ants rises and falls with number of problems being detected, it can free up computer hardware to perform calculations when an attack isn't happening. If at attack is happening, more ants can quickly be created to help deal with it.
The researchers created four digital ants of the 64 types then eventually want. To test their effectiveness, they set up a bank of computers and released three worms into the ant-infested Linux-based computers. The four digital ants in the computers had never seen the viruses before, yet identified the virus by only monitoring four very specific aspects of the computers.
© 2009 Discovery Channel