Events - Colloquia & Seminars

CCIS Colloquium Fall 2005

An Initial Analysis and Presentation of Malware Exhibiting Swarm-Like Behavior

Speaker: Dr. Fernando C. Colon Osorio (WPI System Security Research Laboratory)

Date: Thursday, Sept 29, 2005

Talk: 10:30 am, 366 WVH

Abstract

The Slammer, which is currently the fastest computer worm in recorded history, was observed to infect 90 percent of all vulnerable Internet hosts within 10 minutes. Although the main action that the Slammer worm takes is a relatively unsophisticated replication of itself, it still spreads so quickly that human response was ineffective. Most proposed countermeasures strategies are based primarily on rate detection and limiting algorithms, or the detection of a sudden increased occurrence of "Destination Unreachable" messages in a network. However, such strategies are being designed and developed to effectively contain worms whose behaviors are similar to that of Slammer.

In our work, we put forth the hypothesis that next generation worms will be radically different, and potentially such techniques will prove ineffective. Specifically, we propose to study a new generation of worms called "Swarm Worms", whose behavior is predicated on the concept of "emergent intelligence". Emergent Intelligence is the behavior of systems, very much like biological systems such as ants or bees, where simple local interactions of autonomous members, with simple primitive actions, gives rise to complex and intelligent global behavior. In this talk we will introduce the basic principles behind the idea of "Swarm Worms", the nature of the intelligent behavior that emerges, as well as the basic structure required in order to be considered a "swarm worm", based on our definition. In addition, we will present preliminary results on the propagation speeds of one such swarm worm, called the ZachiK worm. We will show that ZachiK is capable of propagating at a rate 2 orders of magnitude faster than similar worms without swarm capabilities while remaining stealthy.

This work was conducted as part of a larger effort in the development of next generation Intrusion Detection & CounterMeasure Systems at WSSRL. The work is conducted under the auspices of Grant ACG-2004-06 by the Acumen Consulting Group, Inc., Marlboro, Massachusetts.

Biography

Dr. Fernando C. Colon Osorio was, until recently Director of the WPI System Security Research Laboratory (WSSRL), which he founded in 2002. During his tenure at the Laboratory, the laboratory grew to 3 faculty members, 5 MS students, 2 Ph.D students, and several undergraduate students working on multiple security related projects. The Lab received total funding of approximately $ 100,000 from private corporations and government in CY 2004. Over the last two years the WSSRL lab has been involved in the following research efforts:

1. SAFE, is a distributed Intrusion Detection and Countermeasure System (IDCS) based on the principles of "the Wisdom of Crowds". T

2. Worm and Zero-day Worm modeling. Primary research in this area has been the creation of worm models that accurately reflect the propagation of computer viruses and worms in corporate environments.

3. Chimera, Swarms, and Swarm Attacks: In order to study the effectiveness of current and future IDCS systems, the creation of new worms and malicious attacks is imperative. Chimera is an effort at WSSRL designed to generate effective attacks and worms that have not been seen previously in the wild. The fundamental technologies behind Chimera are: (a) behavioral worm models, (b) Swarm Intelligence, and "Swarm Attacks".

4. Efficiency of Wireless Security Protocols: The use of wireless networks is increasing at an unparallel pace combined with the slow rate of performance improvement associated with battery life has force researchers to investigate the problem of energy dissipation associated with wireless protocols. This project attempts to remedy some of the limitations of previous efforts which by enlarge ignored the impact of security protocols such as 802.11x on battery life.

Prior to founding the Laboratory Dr. Colon Osorio was President, CEO and Founder of Acunet.net, Inc. Acunet was a provider of eBusiness and eCommerce products and solutions World Wide. In addition, Dr. Colon Osorio has managed businesses with total revenues of $ 1.3 B dollars annually, fifteen hundred professionals, and locations worldwide. His business experience includes International Business Development in Asia, Latin America, Europe, and Africa. Dr. Colon Osorio is a well known industry leader who has served as Editor of the IEEE Transaction on Computers from 1978 to 1982, published numerous articles in the computer field, and a textbook on artificial intelligence entitled "Engineering Intelligent Systems". In the public sector, Dr. Colon Osorio has been a member of the Council for Economic Advisors on Technology to the Governor of Puerto Rico, and has been chairperson or board member of several public and Fortune-500 corporations in the United States and Puerto Rico. Dr. Colon Osorio earned his BSEE from the University of Puerto Rico, Mayaguez Campus, and his MS and Ph.D. in Electrical and Computer Engineering from the University of Massachusetts, Amherst.