Security Experts:

Researchers Model Security Software to Mimic Behavior of Ants

Researchers from universities and national laboratories in the United States are developing software that mimics ant behavior as a new approach to network security.

Image Source: Wake Forest UniversityErrin Fulp Digital Ants Technolgy at Wakeforest University

Errin Fulp, a computer science professor at Wake Forest University, is creating an “army of digital ants” that can roam computer networks looking for threats, and hopes the technology can transform how we think about cyber security. Fulp says the technology is different than traditional security software models because it adapts rapidly to changing threats. "In nature, we know that ants defend against threats very successfully," Fulp said. "They can ramp up their defense rapidly, and then resume routine behavior quickly after an intruder has been stopped. We're trying to achieve that same framework in a computer system."

Glenn Fink, a researcher at Pacific Northwest National Laboratory (PNNL), a Department of Energy laboratory that conducts research in cyber security, first came up with the concept of imitating ant behavior for computer security. Fink had been familiar with Fulp's work developing faster computer scans using parallel processing -- dividing computer data into batches like lines of shoppers going through grocery store checkouts, where each lane is focused on certain threats -- and invited him to join the project several years ago.

This summer, Fulp is working with scientists at PNNL in Richland, Washington to train the “digital ants" to turn loose into the power grid to seek out computer viruses trying to wreak havoc on the system.

If the approach proves successful in safeguarding the power grid, it could have wide-ranging applications on protecting anything connected to SCADA (Supervisory Control and Data Acquisition) networks, software systems that monitor and control industrial processes, such as those in nuclear power plants, and other industrial facilities such as water and sewer management systems to mass transit systems to manufacturing systems.

SCADA has been a popular topic in the security industry lately, as Stuxnet, the highly specialized malware that targets SCADA systems has kept the IT security industry spinning since it was discovered in July 2010.

“The power grid is probably more vulnerable to cyber attacks than security experts would like to admit,” said Fulp. “As the grid becomes more and more interconnected, it offers hackers more points to enter the system; for instance, inserting a virus or computer worm into a low security site, such as in your home's smart grid, to gain access to more secure systems up the line,” he added. "When that network connects to a power source, which connects to the smart grid, you have a jumping off point" for computer viruses, he said. "A cyber attack can have a real physical result of shutting off power to a city or a nuclear power plant."

So how will these cyber-warrior ants combat threats? "The idea is to deploy thousands of different types of digital ants, each looking for evidence of a threat," Fulp said. "As they move about the network, they leave digital trails modeled after the scent trails ants in nature use to guide other ants. Each time a digital ant identifies some evidence, it is programmed to leave behind a stronger scent. Stronger scent trails attract more ants, producing the swarm that marks a potential computer infection." When the digital ants detects a threat, it can bring that threat to the attention of human operators to investigate.

The concept has proven successful in testing on a small scale, but will it still work when it's scaled up to protect something as large and complex as the nation's power grid? Fulp and two of his students -- computer science graduate students Michael Crouse and Jacob White -- are working this summer with scientists at PNNL and from the University of California at Davis to answer that question. But even using PNNL's vast computer platforms, they can only rely on computer simulations to predict the ants' "behavior" up to a point.

That's where Fulp's colleague, Ken Berenhaut, an associate professor of mathematics at Wake Forest and an expert in mathematical modeling and simulation, comes in. Berenhaut, along with Wake Forest graduate student Ross Hilton, will use modeling to help determine what will happen as the ants move about the smart grid from the hot water heater in your house to the electrical substation to the power plant.

Berenhaut and Hilton are working to answer man questions: How do the ants migrate across different computer platforms and systems operating at different speeds? How many ants should you have patrolling a system? How long do they live? How do the ants scale up to identify a threat and then ramp back down? So while the concept is quite interesting, there are still many questions to be answered and challenges to overcome before this type of technology goes mainstream.

Fulp has received nearly $250,0000 in grants from PNNL/Battelle Memorial Institute for his ongoing research.

view counter
For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.