Security engineers at the University of Tulsa have found a way to identify cyber attacks before they reach their target, enabling network administrators to take pre-emptive measures to protect their IT systems.
In a report published in the International Journal of Critical Infrastructure Protection, the engineers explained that slowing traffic by just a few milliseconds can give networks time to identify malicious data packets. The team have developed an algorithm that sends high-speed signals flying ahead of the malware to mobilise defences.
“Hyperspeed signalling uses optimal (hyperspeed) paths to transmit high priority traffic while other traffic is sent along suboptimal (slower) paths,” stated the report. “Slowing the traffic ever so slightly enables the faster command and control messages to implement sophisticated network defence mechanisms.”
One of the report's authors, Sujeet Shenoi, admitted to New Scientist magazine that adapting an existing network to run the algorithm would not be cheap. Investment in caching technology and new defence mechanisms would be required, and reserving a data pathway for the use of hyper-speed command and control signals could be seen as a waste of capacity.
Furthermore, the system is only as good as the threat sensors that pick up the impending attack. Most security systems can only detect threats from previously encountered malware, so unknown variants could still slip through the net, said Shenoi.
However, the report points to a new software program developed by computer scientists at Dartmouth College in New Hampshire and the University of Calgary in Canada, that allows infrastructure to effectively monitor itself.
The intrusion detection mechanism operates from within the kernel and detects changes in the sequence of code, allowing the infrastructure to identify potentially malicious programs. “We can also verify the operating system code to see if it has been modified by malware,” said Dartmouth's Jason Reeves.
The software, known as Autoscopy, is currently set up for power-grid-embedded computers, but could feasibly be used alongside the Tulsa team's hyperspeed algorithm, according toNew Scientist.