Digital ants protect computer networks

Professor of Computer Science Errin Fulp is training an army of “digital ants” to turn loose into the power grid to seek out computer viruses trying to wreak havoc on the system.

If the approach proves successful in safeguarding the power grid, it could have wide-ranging applications on protecting anything connected to SCADA (Supervisory Control and Data Acquisition) networks, computer systems that control everything from water and sewer management systems to mass transit systems to manufacturing systems.

More news about digital ants:
From TG Daily: Digital ants check networks for viruses
From Tech2: Virus protection takes inspiration from ants
From InfoSecurity: Can digital ants protect computer networks?
From Gather Technology: Researchers hope to use digital ant antivirus to protect the grid
From International Business Times: Researchers working on digital ants to flush out virus in computer networks

Fulp is working this summer with scientists at Pacific Northwest National Laboratory (PNNL) in Richland, Wash., on the next steps in the digital ants technology, developed by PNNL and Wake Forest over the last several years. The approach is so promising that it was named one of the “ten technologies that have the power to change our lives,” by Scientific American magazine last year.

The power grid is probably more vulnerable to cyber attacks than security experts would like to admit, said Fulp, an expert in security and computer networks. As the grid becomes more and more interconnected, it offers hackers more points to enter the system; for instance, inserting a virus or computer worm into a low security site, such as in your home’s smart grid, to gain access to more secure systems up the line.

“When that network connects to a power source, which connects to the smart grid, you have a jumping off point” for computer viruses, he said. “A cyber attack can have a real physical result of shutting off power to a city or a nuclear power plant.”

The digital ants technology could transform cyber security because it adapts rapidly to changing threats, said Fulp, who has received nearly $250,0000 in grants from PNNL/Battelle Memorial Institute for his ongoing research.

Unlike traditional security approaches, which are static, digital ants wander through computer networks looking for threats such as computer worms, self-replicating programs designed to steal information or facilitate unauthorized use of computers. When a digital ant detects a threat, it summons an army of ants to converge at that location, drawing the attention of human operators to investigate.

“The idea is to deploy thousands of different types of digital ants, each looking for evidence of a threat,” Fulp said. “As they move about the network, they leave digital trails modeled after the scent trails ants in nature use to guide other ants. Each time a digital ant identifies some evidence, it is programmed to leave behind a stronger scent. Stronger scent trails attract more ants, producing the swarm that marks a potential computer infection.”

The concept has proven successful in testing on a small scale, but will it still work when it’s scaled up to protect something as large and complex as the nation’s power grid? Fulp and two of his students — computer science graduate students Michael Crouse and Jacob White — are working this summer with scientists at PNNL and from the University of California at Davis to answer that question. But even using PNNL’s vast computer platforms, they can only rely on computer simulations to predict the ants’ “behavior” up to a point.

That’s where Kenneth Berenhaut, an associate professor of mathematics and Z. Smith Reynolds Faculty Fellow, comes in. Berenhaut — an expert in mathematical modeling and simulation — and graduate student Ross Hilton, will use modeling to help determine what will happen as the ants move about the smart grid from the hot water heater in your house to the electrical substation to the power plant.

Among the questions to be answered: How do the ants migrate across different computer platforms and systems operating at different speeds? How many ants should you have patrolling a system? How long do they live? How do the ants scale up to identify a threat and then ramp back down?

“In nature, we know that ants defend against threats very successfully,” Fulp said. “They can ramp up their defense rapidly, and then resume routine behavior quickly after an intruder has been stopped. We’re trying to achieve that same framework in a computer system.”

PNNL, a Department of Energy laboratory, conducts cutting-edge research in cyber security. Glenn Fink, a senior research scientist at PNNL, first came up with the idea of copying ant behavior for computer security. He was familiar with Fulp’s work developing faster computer scans using parallel processing — dividing computer data into batches like lines of shoppers going through grocery store checkouts, where each lane is focused on certain threats — and invited him to join the project several years ago.

Fulp and two of his students, Wes Featherstun (’08, MS ’10) and Brian Williams (’08, MS ’10), then graduate students in computer science, worked at PNNL during the summer of 2009. Fulp and Crouse worked there again last summer.