Building a better worm trap

-A A +A

Malicious software targeted by newly patented technology

By Roger Snodgrass

The danger of malicious computer codes circulating among computers and their networks has become a common situation for individuals and workplaces. Despite daily occurrences of identity theft and thousands of successful breaches within the federal government, many people remain oblivious of the dangers.

A Government Accountability Report published earlier this year reported a 206 percent increase in security incidents from 2005 to 2008.

Malware has the potential to pose security threats, which is where scientists from Los Alamos National Laboratory come in.

The laboratory announced Tuesday that a first patent had been issued on a new malware defense, known as support vector machine classifiers, or SVM, that appears to have a number of promising advantages over other systems currently being used.

Michael Cai of LANL’s International Space and Response Division described the development as an advance “from an expert-based system to an information based system.”

Laboratory officials believe the technology may have potential for commercialization.

The announcement included a invitation from David Siegel of the Tech Transfer Division for possible commercial partners.

“(T)here may be opportunities for exclusive field of use licensing,” he said.

The need for better protection exists on a wide scale, according to Market Research media, that forecast the U.S. Federal cybersecurity market would grow to $55 billion, a compound annual growth of 6.2 percent over the next six years.

Throughout the nuclear weapons complex, information technologists, administrators and scientists are fighting a daily battle against a variety of malicious assaults.

These include infected e-mails that can affect thousand of recipients with a click of the mouse. Among the agents are “trapdoors” that permit unauthorized access privileges to computer systems and software, “covert channels” that disclose private information, “worms” that waste system capacity, and “worms” that attack common programs.” “Trojan Horses” and “Logic bombs” can do all of these things at once.

After an incident at the Y-12 complex in Oak Ridge, Tenn., the Inspector General of the Department of Energy found that of 38 unclassified laptop computers taken inside a classified area in a breach of security, “the majority contained malaria.”

For several years now, the Department of Energy and its nuclear weapons agency, the National Nuclear Security Administration have been deeply involved in the growing demands for tighter cyber security and how to lower daily risks.

Los Alamos is the target of at least a million individual cyber attacks every day, which is nothing compared to the Pentagon’s 360 million daily probes. Many are pinpricks against a suit of armor, but the odds can’t rule out a few random strikes in every barrage.

A research project developed by Cai and James Theiler also of the LANL International, Space and Response Division and Maya Ghokale of the lab’s Advanced Computing Department have revived a method that seemed effective when it was explored in the 90s, but required more advanced computing systems, that are now available.

The method uses statistical analysis and pattern recognition techniques to identify suspicious codes, which they call “malicious executables.”

In a foundational paper, “Comparison of feature selection and classification algorithms in identifying malicious executables,” Cai, Gokhale and Theiler concluded that the SVM system has advantages in terms of accuracy and stability, among other metrics that were tested.

They concluded, their system has the capability to extract the most effective features from malware codes, to distinguish clean files from malicious files and “potentially to provide another layer of computer and network security to prevent future malware attacks.”

Appropriatelyy, October happens to be malware awareness month.