A new technique for spotting cyber attacks
has been designed by a young American student – and could prevent
attacks against planes and power plants, by looking for abnormal
communications within computers, rather than sifting for malicious
software.
Patricia Moat, a doctoral student who talked of her ambitions in a student magazine at Binghamton University,
says, “This is like catching an intruder coming into your house. And it
excites me to do something most people have never done.”
Moat is working with a team funded by the Air Force Office
of Scientific Research, uses a system which scans for “system calls” –
communications between applications and a computer’s operating system,
such as Windows. IT can defend against attacks which other methods –
such as scanning for malware – can’t, according to Computer magazine.
Spotting ‘abnormal’ calls can be key to stopping disasters, according
to her supervisor Victor Skormin. Moat’s supervisor Victor Skormin says
that the approach can be used on many different computerised systems:
he gives the example of planes misdirected to land short of a runway, or
of power grids robbed of electricity, as reported by Homeland Security’s in-house magazine. “Actually, it’s a war taking place in cyberspace, and it requires many different weapons and defenses,” Skormin says. “There are many existing attacks that our application works against very successfully.”
Moat and Skormin’s technology monitor all the signals sent
between applications and the operating system – system calls happen
constantly, such as when an application accesses files – but looks for
abnormal calls, by comparing a system’s behavior with its state of
“normalcy”
By designing a system which looks for abnormal behaviour in the way
that many different systems operate, the tteam may be able to fend off
novel attacks – even ones built to attack one specific system.
No comments:
Post a Comment