Newswise — Early this year, a new kind of worm, known as Storm, began to sweep through the Internet. It hasn't received much attention in the mainstream press, but it's far more sophisticated than previous worms, using peer-to-peer technologies and other novel techniques to evade detection and spread. The popular press hasn't paid attention to Storm, because it has yet to wreak devastating havoc on businesses, as some previous worms have. But we shouldn't be fooled by that relative quiet: Storm's designers appear to be biding their time, building an attack network far more disruptive than any yet seen.
Network security software products on the market today offer only limited defense. They use firewalls, which simply block access to unauthorized users, and software patches, which can be created only after a worm's or virus's unique bit pattern is discerned. By the time this laborious process of hand coding is complete, the infestation has had hours and hours to spread, mutate, or be modified by its creators.
A new kind of software program is needed, one that can detect intrusions from worms, viruses, and other attacks without the high rate of false alarms that plague many conventional Internet security products, and without the delays that let a worm span the globe in minutes. This new generation of algorithms is based on concepts related to the thermodynamic concept of entropy.
Often defined briefly as a measure of the disorder of a system, entropy as a cornerstone of thermodynamic theory goes back more than a century and a half. But as a construct of information theory it is only 60 years old, and its application to data communications began only in the last decade or so. The authors and other researchers at Intel, Microsoft, Boston University, and the University of Massachusetts are among those plumbing the mysteries of randomness and order in data flows to get a leg up on network attackers.
RSS