Cybersecurity Gets Antsy

National Laboratory models new cybersecurity technology after the natural behavior of ants.

Ants can be annoyingly pervasive, difficult to contain, and extraordinarily efficient in accomplishing their goals – and that's exactly what researchers at one of America's National Laboratories want to see from a new type of cybersecurity software.

Glenn Fink is a researcher at the Pacific Northwest National Laboratory in Richland, WA. As a theoretical concept, he's been tinkering with the idea of modeling anti-virus software after behavior found in nature. He's studied bees, different types of molds, termites and other bugs, but he couldn't find the right patterns in organisms' behavior until he took a closer look at ants.

According to Finks' analysis, ants have an uncanny ability to find the quickest route to a food source and communicate that route to other ants in the colony. The search and communication capabilities persist even when the location of food changes and a new set of directions must be formulated. When tracking down and containing computer viruses and other cyber attacks, Fink says, Information Assurance professionals want exactly the same kind of behavior from their software tools.

He and his colleagues quickly started modeling experimental software on the behavior patterns of the little bugs, and they created a new tool called, appropriately, Digital Ants.

The Digital Ants are simple software programs deployed inside large computer networks. These ants don't look explicitly for computer viruses, but rather the symptoms of a potential cyber attack. Things like abnormal amounts of hits on a specific Web site at an odd time of day, or computer programs that fail to shut down when commanded are triggers that will catch the attention of a single Digital Ant. Once its virtual antenna has been raised, the Digital Ant will act as a beacon for its virtual kinsmen, and other Digital Ants will be drawn to the same unusual occurrence, just like a line of real-life ants marching towards a tasty morsel of food. Eventually, so many Digital Ants will be swarmed around a specific spot in a virtual system, humans will be able to instantly identify that something is wrong. Theoretically, all of this could happen in a matter of seconds, as Digital Ants can raise an alarm much faster than human observers could otherwise detect a problem.

The key, according to Fink, is that the Digital Ants are not programmed to hunt down viruses specifically, as malicious programs change constantly and can be cloaked in a number of effective ways. The manifestations of a cyber attack, however, are harder to hide, and the Digital Ants can be very efficient at detecting them. Like real ants, the digital variety can find what they're looking for quickly and can communicate well with colleagues even as a cyber attack moves rapidly throughout a computer network.

National Laboratory researchers say the project still has another five to ten years before it is commercially viable, but the concept is already garnering nationwide attention from the government, the military and plenty of private security companies.

Source: "Digital Ants: Ant-Based Cyber Defense"