A new technique for spotting cyber attacks has been designed by a young American student – and could prevent attacks against planes and power plants, by looking for abnormal communications within computers, rather than sifting for malicious software.
Patricia Moat, a doctoral student who talked of her ambitions in a student magazine at Binghamton University, says, “This is like catching an intruder coming into your house. And it excites me to do something most people have never done.”
Moat is working with a team funded by the Air Force Office of Scientific Research, uses a system which scans for “system calls” – communications between applications and a computer’s operating system, such as Windows. IT can defend against attacks which other methods – such as scanning for malware – can’t, according to Computer magazine.
Spotting ‘abnormal’ calls can be key to stopping disasters, according to her supervisor Victor Skormin. Moat’s supervisor Victor Skormin says that the approach can be used on many different computerised systems: he gives the example of planes misdirected to land short of a runway, or of power grids robbed of electricity, as reported by Homeland Security’s in-house magazine.
“Actually, it’s a war taking place in cyberspace, and it requires many different weapons and defenses,” Skormin says. “There are many existing attacks that our application works against very successfully.”
Moat and Skormin’s technology monitor all the signals sent between applications and the operating system – system calls happen constantly, such as when an application accesses files – but looks for abnormal calls, by comparing a system’s behavior with its state of “normalcy”
By designing a system which looks for abnormal behaviour in the way that many different systems operate, the tteam may be able to fend off novel attacks – even ones built to attack one specific system.
Author Rob Waugh, We Live Security