According to an article at Dark Reading, a new startup called “Day Zero Systems” has developed a new technology called PWC (Proactive Worm Containment) based on anomaly detection. The idea would be to license this technology to be included in malware and firewall products.
The Proactive Worm Containment (PWC) approach developed by the researchers is supposed to augment traditional signature-based worm and virus detection, as well as so-called rate-limiting technology. The researchers have applied for a provisional patent for PWC, which uses anomaly detection, not signatures. It looks at packet rate, frequency of connections, and the diversity of connections, and it can find and detain a worm within milliseconds of a cyber attack.
Peng Liu, associate professor of information sciences and technology at Penn State and the lead researcher on the PWC project, acknowledges that anomaly detection isn’t new. But the difference with PWC, he says, is it doesn’t generate false positives — it releases legitimate hosts that get temporarily quarantined. “The novelty of PWC is that it can unblock those mistakenly contained hosts very quickly,” he says. “Others cannot do this.”
0 Responses to “Trapping fast worms”
Leave a Reply