The new technique involves logging suspicious activity in individual computers on a network, and matching it against other connected systems.
"The question is whether I should shut down the network and risk losing business for a couple of hours for what could be a false alarm, or keep it running and risk getting infected," said Senthil Cheetancheri, a UC Davis graduate student who led efforts to develop the strategy.
"One suspicious activity in a network with 100 computers can't tell you much. But when you see half a dozen activities and counting, you know that something's happening."
The second part of the system is an algorithm that rates the cost of shutting down a computer against the cost of letting malware run loose on the network. The software can either allow the IT manager to make a decision, or be configured to take action automatically.
The system can also evaluate the importance of individual machines. For example, the cost of taking down a network server is much higher than for a seldom used computer, so the algorithm would shut down the latter, less valuable, system first.
The team has developed an experimental detection engine and is now trying to make sure that it runs without hogging server time and bandwidth and interfering with other applications.
_(37).jpg&h=140&w=231&c=1&s=0)
Cyber Resilience Summit
iTnews Executive Retreat - Security Leaders Edition
Huntress + Eftsure Virtual Event -Fighting A New Frontier of Cyber-Fraud: How Leaders Can Work Together
iTnews Cloud Covered Breakfast Summit
Live & Hands On Demo: Navigating the BMC AMI DevX Platform to Understand Code Faster Using AI
.jpg&h=271&w=480&c=1&s=1)
_(1).jpg&h=140&w=231&c=1&s=0)
