Digital ants seek out security threats

Posted by Emma Woollacott

There's a sort of logic to it: security experts are fighting worms using a strategy modeled on the behaviour of ants.

Unlike traditional security devices, which are static, these 'digital ants' wander through computer networks looking for threats. When they find one, an army of ants converges at that location, drawing the attention of human operators.

The concept - called swarm intelligence - could transform cyber security because it adapts readily to changing threats, say the researchers.

As new variations are discovered and updates issued, security programs gobble more resources, antivirus scans take longer and machines run more slowly.

Glenn Fink, a research scientist at Pacific Northwest National Laboratory (PNNL), came up with the idea of copying ant behavior, using a network of 64 computers.

“Our idea is to deploy 3,000 different types of digital ants, each looking for evidence of a threat,” Fulp says. “As they move about the network, they leave digital trails modeled after the scent trails ants in nature use to guide other ants. Each time a digital ant identifies some evidence, it is programmed to leave behind a stronger scent. Stronger scent trails attract more ants, producing the swarm that marks a potential computer infection.”

The researchers say the new security approach is best suited for large networks that share many identical machines, such as those found in governments, large corporations and universities.