Banking

Swarm Intelligence: Are digital ants the answer to malware?

Modeling Nature may be the best way to solve the malware problem. Learn how digital ants could be the answer.

One of my favorite topics is anti-malware technology, especially when it portends "outside-the-box" thinking. Collective Intelligence, leveraged in Cloud Antivirus is one such example. Recently, I came across another interesting concept and it's definitely unconventional.

PNNL's research

Research coming out of Pacific Northwest National Laboratory (PNNL) always interests me. First, one of the lab's mission is to resolve cyber-security issues. Second, their conclusions can be unorthodox. Case in point, Dr. Glenn Fink, Senior Research Scientist at PNNL believes Nature provides examples of how we can protect computers by using collective intelligence.

To help defend his position, Dr. Fink enlisted Dr. Errin Fulp, Associate Professor of Computer Science at Wake Forest University, specifically because of Dr. Fulp's ground-breaking work with parallel processing. Together, the two researchers developed software capable of running multiple security scans contiguously, with each scan targeting a different threat. A technique it seems, Dr. Fink acquired from studying behavior exhibited by ant colonies.

Why ants?

In the Wake Forest University article, "Ants vs. Worms" by Eric Frazier, Professor Fulp describes why the researchers chose to mimic ants:

"In nature, we know that ants defend against threats very successfully. They can ramp up their defense rapidly, and then resume routine behavior quickly after an intruder has been stopped. We are trying to achieve that same framework in a computer system."

All one has to do is watch a National Geographic special about ants to appreciate their collective capabilities. So, the doctors' reasoning does makes sense.

Swarm Intelligence

The researchers call their technology Swarm Intelligence and for a good reason. According to Wikipedia, Swarm Intelligence is a system:

"Typically made up of a population of simple agents or boids interacting locally with one another and with their environment. The agents follow very simple rules, and although there is no centralized control structure dictating how individual agents should behave, local, and to a certain degree random interactions between such agents lead to the emergence of "intelligent" global behavior, unknown to the individual agents."

The digital Swarm Intelligence consists of three components:

Digital ant: Software designed to crawl through computer code, looking for evidence of malware. The researchers mentioned that ultimately there will be 3000 different types of Digital Ants employed. Sentinel is the autonomic manager of digital ants congregated on an individual computer. It receives information from the ants, determines the state of the local host, and decides if any further action is required. It also reports to the Sergeant. Sergeant is also an autonomic manager, albeit of multiple Sentinels. If I understand correctly, the size of the network determines how many Sergeants are used. Also, Sergeants interface with human supervisors. The following slide courtesy of the researchers and the IEEE, depicts the collective arrangement:

In my world, Swarm Intelligence is complicated. So I needed to ask some questions:

Question: How do Digital Ants work? Are they similar to local anti-virus scanners? Dr. Fulp's answer: Ants migrate about the system checking for evidence. The evidence is typically a simple check (network statistics, process-table info), and different ant populations check for different things. If an ant finds something abnormal, it leaves a pheromone trail which will attract more ants to the same computer. Given more ants (which provide different pieces of information), a clearer understanding of the threat can be obtained. This is different from an AV program, since they have to continuously run all the scans (looking for the different pieces of evidence). Using our approach, the population of ants can change based on the threat level. Question: On the surface, the Digital Ant, Sentinel, and Sergeant relationship appears sophisticated. Could you please explain how it works? Dr. Fulp's answer: Ants are simple agents that check for a piece of evidence (malware) and leave pheromone (so other ants can locate the evidence) if malware is found. Sentinels reside on individual computers and interact with ants to discover any threats based on the ants' findings. Sergeants interact with Sentinels and can observe changes over multiple computers. Question: When Digital Ants are checking for evidence, how do they know if a particular parameter is out-of spec? Is an initial system footprint taken? Dr. Fulps' answer: Yes, the Sentinel has to be initially trained to understand "normal". Question: How are more Digital Ants created? Dr. Fulp's answer: If an ant is successful (its evidence is helpful in finding a threat) then it is duplicated, if not it dies. Of course a base population of ants is maintained. Question: You mention the Digital Ant gets rewarded or it dies. In software-speak; does that mean a counter/timer is incorporated in the Digital Ant? With death occurring when the counter/timer is not reset? Dr. Fulp's answer: The Digital Ant actually lives as long as it has "energy" which is supplied to it if it is rewarded. If unsuccessful, then the energy will exhaust and the ant terminates. Question: What is the software equivalent of the term pheromone? Is it a software tag or pointer informing other Digital Ants what to focus on? Dr. Fulp's answer: Yes, for the current implementation it is a file provided by the Sentinel, it can be digitally signed to prevent alteration by malware. Question: Is Digital Ant technology network-based or can it function on an individual computer? Dr. Fulp's answer: This technology is intended for use on a network, but could be a set of VMs in a single computer. Question: An anti-virus developer employs what they call Collective Intelligence; is Swarm Intelligence similar? Dr. Fulp's answer: Similar ideas, the difference being a collection of agents provides information that an individual agent cannot. Question: The Sentinel resides on the local host. What prevents it from being corrupted by malware? Dr. Fulp's answer: The Sergeant has to verify if the Sentinel is behaving correctly. The system is not perfect. One approach is to use digital signatures to prove the code has not been corrupted. Question: TechRepublic members were concerned about Collective Intelligence relying on a single "in-the-cloud" source for management and malware diagnosis. Is Swarm Intelligence a more secure approach? Dr. Fulp's answer: I think it is a more scalable and robust design. One drawback is speed, as these systems require some time to ramp-up and down. Still, I think it's a worthwhile approach for the massively parallel systems we will face in the future. Final thoughts

This past summer, Dr. Fink invited Dr. Fulp and Wake Forest graduate students Wes Featherstun and Brian Williams to PNNL to test the theory on a live network. The results were encouraging; every time Dr. Fulp introduced a worm into the network, the Digital Ants successfully located it. I find that uniquely telling; technologists are learning from Nature.

I would like to thank Dr. Fink, Dr. Fulp, Mr. Featherstun, and Mr. Williams for their part in Swarm Intelligence. A special thanks to Dr. Fulp for taking the time to answer my numerous questions.

About

Information is my field...Writing is my passion...Coupling the two is my mission.

88 comments
antonrosa
antonrosa

It's interesting to see how pheromones play a part in the activities of ants..

amdptt1
amdptt1

The cyber security problem is largely a software problem and is a direct result of our current computing paradigm - a legacy paradigm in my view. Given the status quo it could be extremely challenging to solve these issues. Notwithstanding, using bio-inspired models is the way to go to tackle cyber security issues but perhaps starting with ants may be a bit too high up the evolutionary trail. One might want to consider a somewhat less evolved bio model. Perhaps an approach that begins with the biocell model could prove a more fundamental place from which to begin. Here are some reasons: 1. The biocell is alive, self ?contained and produces most of what it needs. 2. Self- assembles. Has most of what it needs built-in 3. Is the common building block from which all natural solutions are built and uses common mechanisms across all natural solutions. 4. Has direct access to bodily functions and resources. Its internal mechanisms are not controlled by some central apparatus like an O/S. 5. A differentiated biocell knows what tissue, organ and body-part it has specialized in, and what bio-organism it has become a part of. There is an awareness of kind and specie. 6. Has the ability, at an early stage in its development, to differentiate and specialize into specific tissue, organs, and body parts of a bio-organism. 7. A flat architecture. A community of automata 8. Built-in immune response mechanisms. 9. Ability to recognize self, from non-self. 10. Contains its own source instructions (DNA) 11. Can create new and unique members of its specie by Meiosis. 12. Can clone itself - Mitosis 13. Processes and produces its own executable code (proteins) 14. All work-products of the biocell are active and alive and are fully owned by the cell. There appear to be no equivalent of ?data? in the cell. Only the cell has access to its internal work-products. The biocell model dares us to envisage a computing paradigms in which malware is a non-issue and cyber security and privacy less threatened. Your thoughts professors? adanns@hotmail.com

check_here
check_here

Thank you for sharing knowledge of this research effort, which I consider commendable. There has to be continuous thought process to improve on the prevailing threat conditions. This hast to take into consideration the evolving dimensions of malware (re-)generating new sets of malwares through interface with changing controllers servers (addresses). In other words, the pheromones left by one (set of) digital ant(s) must not only be digitally signed to ensure consistency, but also verified to remain so by subsequent ants. This is one area that digital malware differs from threats confronted by natural ant. All these has to be done while ensuring that system performance does not degrade beyond acceptable levels, no matter the amount of digital ants introduced into the system at any time. It will be great if the research can be implemented in such a way to help track code(s) regeneration by the amount of information contained in the pheromones. The more info provided, the better intelligence can be gathered, the higher the impact on performance. Striking a good balance is essential, and determines to a great extent, the success or otherwise of the proposal.

dogknees
dogknees

... is the word "the". Can't we get past the idea that there is a single fix for every problem no matter how complex? There is no "fix" for any of these. There are a number of things that together may help to resolve or reduce the problem. As long as people focus on trying to find one answer, we're not going to make progress. The way the title is worded just re-inforces this sub-conscious expectation of a single wonderful technology that will solve everything. Same as climate change, same as crime, same as email security,.....

salvador.serra
salvador.serra

Hello Michael, very interesting approach. Thanks for share it with us. You said that . . . "the Digital Ant actually lives as long as it has "energy" which is supplied to it if it is rewarded. If unsuccessful, then the energy will exhaust and the ant terminates? . . . When the "ant" is terminated, what's happens with this "lines of code" ? It means its "trashed to the garbage" ? How is the process to erase this garbage and, how is that checked ? My approach is that could be some "uncontrolled" software _ lines of code_ (a died Ant) as a "residue", remaining inside the system, but still "acceptable" and "recognisable" for the "Swarm". I will see that as a risk and as an opportunity for the malware to still "reside" in the system. I can imagine a "visitor" made with the strategy to look for these "terminated ants" and rewrite their "code" and use their "space" . . . Well, as I said, very interesting !!!! Regards

boxfiddler
boxfiddler

May or may not be the answer to malware. But with minor modification they're a great answer to regulating/censoring the flow of information, and/or infiltrating networks, personal PC's. Ants can be some deadly freaking little critters. etu (double word, this time)

Michael Jay
Michael Jay

Like you say this is cutting edge and not something that will likely be on the market soon. Some of the folks pointed to concern and I agree to a point because it is like fighting malware with a virus, the potential for bad guys to get a hold of your ants is there, but the concept is very good, and if executed as planed could be very effective. Thanks again.

Ocie3
Ocie3

that ants of different species have wars over territory, and fight until one colony or the other is entirely eliminated. They also kill earthworms that happen to burrow into their underground nest, and attack insects which attempt to invade the nest (usually searching for nutritious larvae to eat). Most larger creatures learn to give an ant bed a wide berth, but the ant-eater, of course, specializes in eating entire ant colonies. The ants have no effective defense against them. When ants are the same species, if memory serves, the rules of war can be somewhat different. The two colonies will fight until one becomes the clear winner, then some ants on the losing side more-or-less volunteer to serve as "slaves" for the winner (else they will be killed). The queen of the losing side, which lays all of the eggs for that colony, is always killed. I wonder how this would be applied (if has anything to do with the model at all) to finding, recognizing and eliminating malware. In my experience, the most difficult challenge is actually recognizing that an executable file, or a process, is malware. From the behavioral viewpoint (on which heuristics are based), there must be some "boundaries" or "rules" which, if violated, will cause damage to the computer system. If software violates (or attempts to violate) those rules, then it is by definition malware because it is damaging (or will damage) the computer system. So what I would like to know is how an "ant" identifies a file or a process as a "threat" (whether as the particular threat known to us as "malware"). From the Wake Forest article "Ants vs. Worms": [i]"Our idea is to deploy 3,000 different types of digital ants, each looking for evidence of a threat," Fulp says. "As they move about the network, they leave digital trails modeled after the scent trails ants in nature use to guide other ants. Each time a digital ant identifies some evidence, it is programmed to leave behind a stronger scent. Stronger scent trails attract more ants, producing the swarm that marks a potential computer infection."[/i] What constitutes "evidence of a threat"? It is worth noting that, so far, they are using the ant model only to detect threats, to discover "potential computer infection", then human intervention is needed to evaluate whether the threat is real or is illusory. The problem of the false positive is always with us. _____ This is an interesting article, perhaps more so because of the use of "parallel processing" to execute the model. It seems appropriate, since all of the ants are acting simultaneously and independently, until they begin building a pheromone trail(s) or leaving pheromones at a specific site, which leads to the formation of a swarm and collective action.

santeewelding
santeewelding

Great piles of computers everywhere, set ablaze.

Alvin.Reeder
Alvin.Reeder

I really like the knowledge and thought process shared in this article.

sammy.mah
sammy.mah

What's the difference between the Human Ant supervisor, and the current KingPin of the trojan's or worms? Who says ant's can't turn from good to bad? Same thing, especially if the bad guys get their hands on some good coding ideas, then it would be Ants(bad) vs. Ants(good).

Michael Kassner
Michael Kassner

I talked about Collective Intelligence, now there is Swarm Intelligence. It is a digital representation of an ant colony. It could solve the malware problem.

Michael Kassner
Michael Kassner

Thank you for sharing some insightful comments. Your approach is less likely to involve human interface. How would you get pertinent information to the user/administrator? Edit: Spelling

Michael Kassner
Michael Kassner

Your observations are appreciated. I suspect that the researchers are working towards that end. Right now, their effort is focused on trying to get bits of code to act properly in parallel. I am no expert, but it is my understanding that parallel processing is no simple task.

Michael Kassner
Michael Kassner

I look back and could not agree with you more. I guess, I let my enthusiasm for this technology over rule. Still, you have to admit that this approach has potential. Right?

Michael Kassner
Michael Kassner

I wish I had the answers, Salvador. I normally do not report on pure research, yet I felt this was so interesting that I had to write about it. The researchers have all sorts of questions and it is my understanding that they are not remotely close to done working on this.

Michael Kassner
Michael Kassner

You tweaked my interest, yet I am not sure what you mean. Could you explain to a confused one.

Michael Kassner
Michael Kassner

I like your analogy. Fighting fire with fire is on many occasions the best approach.

Michael Kassner
Michael Kassner

That you see the potential. Ocie, you have to remember that I am reporting about something that is cutting edge. The research team was willing to let me in. I feel we need to give them somewhat of a break. This is research at its highest level, not a business proposal. I became very excited, as this sort of communication is not normally given to very public forums.

toreador
toreador

Set ablaze - to kill the fire ants.

Michael Kassner
Michael Kassner

It was a great experience working with the researchers.

oeaguirre
oeaguirre

Hi, I am not a Phd on any of these topics, but several thoughts come to my mind after reading this and some of the comments. But first of all, thank you, Michael, for bringing it to us. Second, I dont see where these digital ants, d-ants, learn anything, real ants dont, and I dont expect digital ones to do, unless some sort of genetic algorithm would be inserted, which will make their "code" grow in time. They might include some sort of genetic/evolutionary algorithm, and allow them to "grow" up to certain level, although this would make them a little more complicated, they would 'develop' as in nature. I dont see any reward/punishment here, duplication is not a reward, letting them "live" longer will only allow them to fight some more, while letting them die will allow new ones to come into play, which I see could be good. But the problem I see is: real ants defend their territory against outsiders, which can be easily found by their smell, same as bees, but again, as with bees, "someone" can use the same pheromones and pass unnoticed. Which then brings me one of my questions: how to avoid the same behaviour to develop in this scenario? Next, just as some type of disease/condition cause our cells to start attacking our own body (and cells, are simpler than ants), would there be a possibility that could make the ants "think" something or all of the computer is "an outsider" ? how would they be able to counter if some malware can make this happen? And although at first the "Skynet" comments might look funny ... if something even not-so-close to that scenario comes to live, I dont think we'll be laughing. And if we could count with a "poison" against the bad d-ants, then wouldnt malware do the same? If those bad guys found a way to crack the encryption code of a blue ray (which is paid, commercial with a ton of space and all that), wouldnt they be able to also crack the code of a little d-ant? Sorry if I sound a "little" sceptic, but I cannot help to imagine these ... regards about GA/EA: http://www.cs.cmu.edu/Groups/AI/html/faqs/ai/genetic/part2/faq-doc-1.html

viper777
viper777

And if you want to use the same Ant technology to destroy things it shouldn't. Military applications weeding out personal details by letting it run free on a rogue's network? Sorry, I come from a Security point of view 8-)

wsmith
wsmith

They aren't calling this "Skynet" by any chance are they?

john.parker
john.parker

In nature ants are often attacked by other ants. Maybe I've just been in the InfoSec biz for too long, but I just can't avoid the idea that these systems would be highly vulnerable to individual and unique attack (or misdirection) at the Ant, Sentinel and Sergeant levels. Bite the head off the swarm leader and take over the swarm! Soldier ants been doin' it for centuries.

victorvmpm
victorvmpm

For what I could see it has some great ideas but, it's not only swarm colonies. It appears to be using 2 differents ai algorithms that I believe are: swarm colonies and qlearning! It is a very unique approach! The ants go where they sense something and by pheromones attract more ants but if the path is wrong they don't get energy and that's where qlearning comes. By punishing them or rewarding them they learn when they are working! This would make the software faster with a lot of tryouts. Nevertheless, it' my believe that cloud computing would make the software even better if all the learning and data is stored there. Making evil ants to avoid good ants is somehow possible appying a malware ant algorithm but, good ants would learn too and inevitably they would get caught. Is quite a fee thinking of the combination I wonder if that is really how it is done?

seanferd
seanferd

A slightly more technical take on this would be nice, rather than the metaphor. Unfortunately, I'm not finding any papers on this, just the same press release. Cool, though. I'd like to see if there are any other emergent properties of this system as the research progresses.

SgtPappy
SgtPappy

If your Ants are like my Ants we are doomed. They don't even know how to use a computer and you want them to find malware? Sergeant can you please tell the Sentinal, to tell my Ant Barbra to check out the file I just downloaded to see if it contains malware. On her way there please tell her to scent mark her path so my other Ants can follow. Oh wait, never mind you mean the creepy crawly ants with 6 legs (although some of my Ants are creepy). I recommend using the Texas Fire Ant. They are persistant, down right mean and pack one hell of a stinging bite. Now how do I get them in my computer? I know I'll have a picnic with my computer and leave a honey trail to my hard drive. This is completely tongue in cheek. Please don't start bashing me for picking on Ants who can't use a computer. This approach to anti-malware is very interesting. I'd like to learn more.

bckerr
bckerr

Same thing as heuristics method of doing things, just renamed really.

Craig_B
Craig_B

A very interesting article and concept. I believe if we look at nature we can solve many problems. This concept feels like it's in the early stages and will need a bit of work to figure everything out. Since it seems to depend on many elements what happens if one is broken? What happens if you loose network connectivity or it's blocked? What happens when the Ant-Eater virus comes along?

toreador
toreador

This sounds like a cool concept. Will I be building a colony server, like my anti-virus master server, or do you just let the critters go in the network and hope they do their job. What about bait to kill the buggers when they decide a home-grown application is malicious; how will we train them? I can think of lots of questions that need to be addressed before I buy into this scenario.

dogknees
dogknees

I'm not knocking the technology by any means. I'm a proponent of AI in all it's levels and forms. We need to get more of this stuff out of the labs and into the real world. Hive/group intelligence is a very active topic of research, driven by the Robocup robot soccer competition among other things. You need to get your players communcating and working together, so a kind of an overall hive-mind is actually in control. Early days, but I hope it gets somewhere. Of course, we have to be aware that if these things become ubiquitous we may be on the road to the first true AI. Billions of cooperating agents, mutating to suit the task and able to access vast amounts of storage and processing power may pass some threshold into true intelligence. But I'm not too worried about that yet. Regards

boxfiddler
boxfiddler

what others here have said about ants. Ants are as often as not cannibalistic. There is a desert ant that's a slave taker. Army ants are unrelenting. Think about it. :) (I think it's a desert ant. Been awhile since I studied up on ants.)

Ocie3
Ocie3

My questions were not meant as criticism of the research, just asking about something that, it seems to me, has to be addressed. Last night I listened to the Australian Broadcast Corp. (ABC) podcast "The Science Show" hosted by Robin Williams. One segment reported on recent research and discoveries about "the sex lives of ants". Contrary to one of my remarks, the queen is not the only ant who produces offspring in the colony. The queen does have a mating flight (they start off with wings, which they shed afterward), during which she mates with several drones, and she stores their semen internally for future use over the course of her reproductive life. So the eggs that she lays hatch ants which are genetically endowed by sexual reproduction. However, the other female ants (usually the queen's daughters) can lay eggs which produce offspring that are genetically identical to them -- asexual reproduction. I don't suppose that this has much to do with using Swarm Intelligence as a model to find malware, but the digital ants must be produced some way or another. ;-)

Michael Kassner
Michael Kassner

Your concerns apply to any software, especially anti-malware applications. I am not sure of the details, it was my understanding that individual digital ants are not supposed to completely mimic real ants. I think it is a mistake to take the analogy that far. Digital ants may not have any intelligence, I am not privy to all the details. I do believe the overall system has collective intelligence allowing the placement of appropriate digital ants where they need to be.

Michael Kassner
Michael Kassner

I am not following your train of thought. I'm old though, could you explain?

Michael Kassner
Michael Kassner

I guess both the good and bad guys would have to have soldier ants.

Curious00000001
Curious00000001

I have been unfortunate in that I have never heard og qlearning though I suppose everyone is familiar with the concept. One problem I see with this is what happens when the ants figure out that producing a false alarm rewards them in the same way as a real one?

Michael Kassner
Michael Kassner

That is why you are not going to find much. It's still at PNNL and Wake Forest. I felt privileged to get what I did.

Michael Kassner
Michael Kassner

Heuristics is a single pass filter. This approach has multiple filters plus intelligence.

koen.bossaert
koen.bossaert

ants find interesting things and attract more ants ... who find interesting things and attract more ants, giving high CPU loads and bandwith utilisation ... oh wait, there's ants to check for that too! That would be fun: malware with ant-honeypot capabilities to DoS the solution or hide in the noise.

Michael Kassner
Michael Kassner

Good questions and perception. This technology is quite new and I suspect awhile to production. I felt compelled to present it, to keep everyone up to speed as to what is coming.

Michael Kassner
Michael Kassner

Ultimately, the whole swarm is controlled by a human supervisor. I will pass your questions along to the researchers, to see what they can add.

LocoLobo
LocoLobo

Dig them out at high noon in the summer under the Arizona sky. I've done it. Doesn't completely kill them but thins them down for a few years. Watch your feet though!

boxfiddler
boxfiddler

already working on that? I figure ants will outlast cockroaches.

santeewelding
santeewelding

With a chainsaw or shotgun, either. Could give the malware people fits trying to counteract them. How about morphing the "ants" into killer bees?

Michael Kassner
Michael Kassner

I should have been more detailed. I realize that there are straight lines and planes in nature. My point was that we dig a straight ditch, whereas a river in Nature meanders though the path of least resistance.

Ocie3
Ocie3

I've always wondered why every earthquake fault line is "straight" although, of course, the fault constitutes the surface of a vertical plane. The plane itself is curved along its length by the curvature of the earth's surface. But I've never seen a mapping of earthquake fault lines on which one or more of them curves. The borders between tectonic plates are also straight, on the maps that I've seen. Maybe this is dictated by the fundamental crystalline structure of the rocks, which is cubical. The same can be said of ice, whether of a sheet on the top of the ocean or other large body of water, or of the layers in a glacier. When water freezes, its molecules form a lattice of straight lines. This puts it at odds with the liquid from which it forms and on which it floats, since liquid surfaces tend to be curved by surface tension. When a bee is searching for nectar, she wanders about, but when she finds a new and abundant source, she "makes a beeline" for the hive. After she has done her "wiggle waggle" dance to communicate its location, the other bees who go to the source also fly in a "straight line" which is, actually, an approximation of the "great circle route" but on a reduced scale that is not obvious.

Michael Kassner
Michael Kassner

I have been a strong proponent of not reinventing what Nature has already figured out. As an example, how many straight lines do you see in Nature? Yet we persist in thinking that is the right way.

Michael Kassner
Michael Kassner

I have been studying ants since I started research on this article. They are an amazing species. Violent though.

Ocie3
Ocie3

Quote: ".... .find a way to get the Texas Fire Ants to use the Trace Route command to track the original source of the malware through the Internet all the way back to the Hacker." With the model that the researchers are using, it is conceivable that their "ants" could eventually do what you have described, only I doubt that they would use the Trace Route command itself to carry out their counter-invasion.

seanferd
seanferd

It gets dumped in a lot of places that don't respond to ICMP packets, for security reasons no less. DiG would be a better tool than trace route, that is, if either of them worked the way you propose.

SgtPappy
SgtPappy

....find a way to get the Texas Fire Ants to use the Trace Route command to track the original source of the malware through the Internet all the way back to the Hacker. Then when they detect keyboard activity they could swarm out from between the keys and sting the hackers fingers. Now I'd pay big bucks for that.

Michael Kassner
Michael Kassner

Like I rather come down and try your barbecue instead.

toreador
toreador

Stick your toe in a fire ant mound and see a whole new vision of the world around you. If a team of developers can emulate a fire ant swarm with a digital ant swarm attacking malware the Internet will be a safe place for my kids to play.

Michael Kassner
Michael Kassner

Sounds like you have some experience with qLearning.

Michael Kassner
Michael Kassner

I don't think the digital ant is a sanctioned being capable of determining that. Remember that a digital ant is just software.

Ocie3
Ocie3

the "digital ants" do not have any individual ability to distinguish whether "evidence" of malware activity is a false positive. That is ultimately a matter of human judgment, since the ants are more like "sensors" that find events and conditions which the human operators of the computer system and/or network need to investigate. The ants are rewarded when they use their pheromones appropriately and when they respond appropriately to the pheromones left by other ants. That "trains" them to recognize anomalies which might be evidence of malware and to respond to such anomalies in a way that brings them to the attention of the Sentinels, Sargents and, ultimately, humans. There is no "swarm intelligence" that can plan and organize the ants to portray a false alarm; such "intelligence" is just how we characterize their collective behavior.

victorvmpm
victorvmpm

When the ants figure out the rewards would make it slower again but with continuing tryouts the qlearning would self adapt to the fast pattern. It's because of it's nature of self repeating pattern.

Michael Kassner
Michael Kassner

I have been following this technology and it is absolutely exciting. I have been in contact with researchers that are wanting to use that hardware to copy what engineers have been accomplishing with metamaterials. I posted about metamaterials awhile ago: http://blogs.techrepublic.com.com/wireless/?p=189 Sean, you are the man. I am so appreciative that you share your golden finds with us.

Ocie3
Ocie3

Off topic? Ants have antennae. ;-) Interesting link, though. Thanks.

seanferd
seanferd

show up everywhere, I consider it a release, intentional or not. Apparently, this wasn't intended as such. Your post has the most depth of anything I've seen so far. And I can't find the original write-up, either.

Michael Kassner
Michael Kassner

Are you referring to the Wake Forest post? I don't even know if that could be considered a press release. It was written by a WF student, If I understand correctly. Ant are fascinating, they are as sophisticated as the Borg.

seanferd
seanferd

I was only referring to describing it. That is, since it is still in testing, describe it in some conceptual and concrete terms rather than describe specific that are more subject to change. I guess they could be trying to protect their ideas, but PR with no other info bugs me. Flip the concept around if necessary: don't bother with a press release until you actually have something to say. I don't mean to be cranky, I just don't understand this method. Another option is to state that a paper or presentation is forthcoming, if not available now, if they are trying to work up an interest. At least define the metaphor a bit. I am glad that you got a hint of what "pheromone" is standing for, in some sense, at least.

Michael Kassner
Michael Kassner

It becomes a product. PNNL is a government lab. They could keep it for themselves, I guess.

seanferd
seanferd

there should be something more substantive to back it up. The working theory would be enough, or a decent abstract thereof. It doesn't need to be described as a product. Still, pretty cool.

Michael Kassner
Michael Kassner

It is my perception that true parallel processing with a light-weight program (Digital Ant) is a great deal less intrusive that a single pass approach that creates a bottleneck.

Gh0stMaker
Gh0stMaker

Part of the reason anti-malware does single pass is because of the amount of resources being used. It will be interesting to see how large of a footprint the technology leaves in the network environment to accomplish the scanning and cleaning process. Companies want secure networks, but baulk if it effects any real time performance. Err Mcafee or Symantec products

Michael Kassner
Michael Kassner

From our conversations, it was made clear to me. One of the reasons the research team embarked on this task, was that current technology is not adequate. Does that work?

santeewelding
santeewelding

I claim sole competence in saying of what I am aware, well or otherwise. Whereupon, what do you know, other than what I say? Put it differently.

Michael Kassner
Michael Kassner

I would have to remind you that the researchers are cognizant of what current AV applications are doing. Their desire is to improve on what exists.

Michael Kassner
Michael Kassner

That any processor loading incurred from the Ants will remotely equal that of an intrusive typical AV application. I also would like to mention that the researchers are well aware of what exists now, and are not making the same mistakes.

Curious00000001
Curious00000001

Did anyone think about what ants do to their surroundings? Ants will totally raze an area of anything edible before moving on to the next area. In this case I think that food will be CPU. If you are going to model something off nature i would pick something a little less destructive. On the other hand this behavior would be great for malware.

Michael Kassner
Michael Kassner

But, their approach is linear. Digital Ants are using parallel processing. Computers are trying to accomplish that as well. But software developers are not reworking code fast enough to leverage it.

teeeceee
teeeceee

Aren't botnets and maleware like Blaster and Sasser similar, in that they seek out and infect vulnerable hosts? The concept is great however. I can speak about an ants efficiency and stealth in defending its territory. Have you ever gotten too close to a fire ant bed?

Michael Kassner
Michael Kassner

Just like anything. the power of parallel processing is just starting to gain traction. I imagine it could help any type of software execution.

tracy.walters
tracy.walters

I can see where this could work well, and have other uses. Looking through a corporate network for problem applications or hardware, making sure updates are current, controls are in place. No unauthorized equipment on the network. By the same token, could this be how huge botnets are controlled and expanded? Other malware distributed?