Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

“In a sense, what we’re doing is taking advantage of the fact that this worm is trying a lot of things and missing many times, and each time it misses, it’s giving out some information,” Shroff says. Although the system is designed for dealing with scanning worms that seek vulnerable hosts at random, the researchers have also adapted it for worms that target their attacks at specific local networks.

Shroff believes that the system could best be deployed on corporate networks, particularly in situations in which extra computers are available that could cover a workload while possibly infected computers are examined. It might not work as well for small businesses or on home networks, because taking a computer offline could be too large of a disruption for users, he says.

Rohloff says that he could imagine such a system being effective, but he cautions, “The bias, of course, would be that it would protect local networks from infections that are already present in the network. It wouldn’t do as much for protecting networks from infections that come from the outside.” He adds that while the researchers’ model and initial simulations look good, he would be curious to see a more thorough analysis of how often the system suspects a computer of being infected with a worm when no worm is actually present.

The Purdue and Ohio State researchers suggest that future work could search for ways to adapt their tools for ever more targeted worms. Shroff says that while he and his colleagues are now concentrating on stopping worms at the level of host computers, another possible direction could be to make software that would allow routers to watch for suspicious traffic patterns. While such an approach could allow a relatively large number of computers to be monitored from a single point, it would also require significant changes to how routers operate. While they currently keep track of only the destination of Internet traffic, they would have to begin keeping track of its source as well.


0 comments about this story. Start the discussion »

Credit: Technology Review

Tagged: Web, computer security, botnet, denial of service attacks, Internet worms

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me