Digital Defense(2)

The Intelligent Security Systems Research Lab at The University of Memphis has built software prototypes that address that weakness. It's Security Agents for Network Traffic Analysis uses mobile software agents for intrusion detection in a network of computers. Agents monitor at multiple levels——packet, process, system and user——using neural networks to spot anomalous behavior and “fuzzy rules” to decide what action the agents should take in the face of an attack.

Stephanie Forrest, a computer science professor at The University of New Mexico, points out that diversity in biological and ecological systems leads to robustness and resilience. She's working on“automated diversity for security,” in which each system is made unique by arbitrary random changes.“That increases the cost of attack, because the attack has to be adapted for each computer,” she says.

Diversity can be created in a number of ways, such as by adding nonfunctional code, reordering code or randomizing memory locations, file names or system calls.

Other researchers are experimenting with a measure called Kolmogorov Complexity, the minimum number of bits a character string can be compressed into without losing information. Scott Evans, a researcher at GE Global Research, has used it to study attack scenarios.

Evans analyzed file transfer protocol logs and found that attacks, such as a stealth port scan, tend to be more or less complex than normal behavior by predictable amounts, allowing a defense tool to identify and block the attacks. The technique is attractive because it is adaptive and requires no attack signature database, Evans says.

Real-world application of some of these ideas lies years in the future, but Steven Hofmeyr, a former graduate student under Forrest, has already commercialized some of them. He's developed Primary Response, which monitors and protects applications at the operating system kernel level. It uses agents to build a profile of an application's normal behavior based on the code paths of a running program, then continually monitors those code paths for deviations from the norm.(The End)

參考譯文

數(shù)字防御 (2)

孟菲斯大學(xué)的智能安全系統(tǒng)研究實驗室建立了能解決這種弱點的軟件原型。它的 “網(wǎng)絡(luò)流量分析的安全代理”使用了移動的軟件代理，檢測計算機網(wǎng)絡(luò)中的入侵。代理在多個級別上——包、過程、系統(tǒng)和用戶——進行監(jiān)視，利用神經(jīng)網(wǎng)絡(luò)找出反常行為和用“模糊規(guī)則”決定代理在面臨攻擊時采取哪種行動。

新墨西哥州大學(xué)計算機科學(xué)教授 Stephanie Forrest指出：生物和生態(tài)系統(tǒng)的多樣性成就了強健性和恢復(fù)性。她在從事“安全的自動多樣性”研究，其中每個系統(tǒng)通過任意的隨機改動而具有性。她認為: “這就增加了攻擊的成本，因為攻擊必須適應(yīng)每個系統(tǒng)。”

多樣性可有多種方法生成，如加入不起作用的代碼、重新排序的代碼或者存儲位置、文件名或系統(tǒng)調(diào)用的隨機化等。

其他的研究人員在對一個叫 Kolmogorov復(fù)雜度的措施做試驗，即在不丟失信息的情況下一個字符串能壓縮成的最小位數(shù)。通用電氣公司全球研究部的Scott Evans就利用它研究攻擊情景。

Evans分析文件傳遞協(xié)議紀(jì)錄，以發(fā)現(xiàn)攻擊，如秘密的端口掃描，這種掃描比正常的行為多少要復(fù)雜些，這就讓防御工具能識別和阻斷攻擊。Evans稱，由于它是自適應(yīng)的，不需要攻擊特征數(shù)據(jù)庫，所以該技術(shù)很有吸引力。

其中有些設(shè)想變成真正的應(yīng)用還要幾年時間，但 Forrest 以前的研究生 Steven Hofmeyr 已將它們中間的一部分實現(xiàn)了商品化。他開發(fā)了一個叫 “ 初步響應(yīng) ” 的產(chǎn)品，它在操作系統(tǒng)內(nèi)核級上監(jiān)視和保護應(yīng)用程序。它采用代理來建立應(yīng)用程序正常行為剖析，而該剖析是基于運行中程序的代碼路徑，然后連續(xù)監(jiān)視代碼路徑，看看有沒有偏離。