Software developed to stop zero-day attacks

By

Researchers at Intel and the Computer Security Laboratory at the University of California have devised a new way to counter zero-day attacks.


Researchers at Intel and the Computer Security Laboratory at the University of California have devised a new way to counter zero-day attacks.

Conventional antivirus software can detect known viruses, but is ineffective against new malware, or so-called zero-day attacks.

The new technique involves logging suspicious activity in individual computers on a network, and matching it against other connected systems.

"The question is whether I should shut down the network and risk losing business for a couple of hours for what could be a false alarm, or keep it running and risk getting infected," said Senthil Cheetancheri, a UC Davis graduate student who led efforts to develop the strategy.

"One suspicious activity in a network with 100 computers can't tell you much. But when you see half a dozen activities and counting, you know that something's happening."

The second part of the system is an algorithm that rates the cost of shutting down a computer against the cost of letting malware run loose on the network. The software can either allow the IT manager to make a decision, or be configured to take action automatically.

The system can also evaluate the importance of individual machines. For example, the cost of taking down a network server is much higher than for a seldom-used computer, so the algorithm would shut down the latter, less valuable, system first.

The team has developed an experimental detection engine and is now trying to make sure that it runs without hogging server time and bandwidth and interfering with other applications.
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
attackscomputerintellaboratorysecuritysoftwarezeroday

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?