Subscribe to Newsletter
Google
  

Articles
Beware of the H-4
The Great Indian Talent Hunt
Yahoo!’s Got Peanut Butter All Over
CLINTON GLOBAL INITIATIVE
Google + YouTube = GooTube?
Companies That Can Change The World
Web 2.0
The Asian Work Challenge
First time flyers
If Compliance be the food of corporate security: Munch on
Reverse Migration
Shades of Ancient Rome in Call Centres
Mobile Business Studio
Jobs with Bonds - Not the best Bond
Business Process Management (BPM) technology
India beckon Returnees
VoIP
Unbound Compute for Enterprise Java
Indian job market
Phishing - Online fraud
Artificial Hygiene
Radio frequency identification (RFID)
Gartner's 2005 predictions for Asia-Pacific
Mobile gaming Boom
Wireless local area network
Internet security and Hacking
Optical networking
Outsourcing: A global Phenomenon
Emerging Grid computing
Using Linux in Embedded Systems
Windows XP Service Pack 2
IT outsourcing results in net US job growth
Encore for i-flex solutions
Aviva makes IT investment in efficiency
RIL announced unaudited results for the nine months
Riverstone Networks to deliver advanced Ethernet business services
Hughes Software Systems showcases Triple Play Capability
SAP Advances CRM Market Share in Asia-Pacific
AMD's new bag of chips
SARS gives India IT a cold
Intel moves inside out with Centrino
It's got under my skin
IT czars say business as usual
DNA Outside the Gene
BOT deals on the rise in outsourcing market
Ahoy, Space Ahead!
A Tale of Two Protocols
NAScent Leader: Storage Networking
Is Small the next Big Thing
Zero tolerance for downtime
VC Tree is still Green
Innovation @ the speed of thought
Silicon Valley's jobless rate 7.9 per cent
Beefing up Product Development
Unwiring the Enterprise: Wireless Lans
How is India Inc Surviving?
Bullish run for India chip industry
Next networking evolution
Indian handhelds come of age with Kaii
Digital Dividend for farmers
No full stops in IT
Flexed muscles do not mean war
Where is the job market heading?
Offshore projects help companies buck downtrend
Annual performance review
Fingertip Computing: Smart world of web services
Diary of a Start-Up
Sinha fails to walk the talk
Return of the Native
How VCs suck life out of a company
High volumes, low margins is IT's new reality
Performance on par: Infosys Q3 results
2001: Bitter-sweet pill
Markets, family decline Fiorina's offer
Growing power of back office boys
Vision Software
Professional clubs anchor techies
Honesty is the best downturn cure
Other India and The Road Ahead
Braving the Taliban's guns
India Inc. heaves at US' Onward India mantra

Broken promises: H-1B work contracts
Bye Uncle Sam, Europe's
here
H-1B workers feel pinch of US downturn
Pink slips make H-1B workers see red
Complete text of Budget 2001
Why Indian techies can laugh away slowdown fears?
Give your career a start-up boost
Stop b******* about the US Consulate
Why IT pros prefer US to Europe?
Home

ARTIFICIAL HYGIENE

With IT invading every walk of our life, our dependency on email and messaging, is increasing by day . Emails, 35 billion mails are exchanged every day, have become ubiquitous as an efficient way of communication. Human folk have increasingly become mobile and access to information from around the world is the key for success. Technological innovations in notebooks and mobile phones are trying to keep pace with the requirements. But all this remote point accessibility to information carries an inherent predicament of valuable notebooks and mobiles getting affected by ever present threat of Virus attacks. The digital device can get infected through avenues like floppy disks, email and it doesn't have the intelligence to stop getting infected or once infected stop propagating it to others.

Currently protection from email virus is ensured by various technologies like Mail Attachment Filter, Anti-virus systems in the mail server, perimeter security with Firewalls, IDS (Intrusion Detection System) . But all such protections are ensured at the entry point of the network. But within the network, protection of devices like note books, mobile phones and smart phones still remains a grey area.



AH - Artificial Hygiene
An Artificial Hygiene (AH) is a novel concept, designed by Prof Asoke K Talukder of IIIT-B, to provide protection to mobile computing devices. Even as mobile computing devices rely on interoperability and networking, the AH provides the much needed protection from virus threats. In the absence of an appropriate hygiene and protection system, when a virus infected notebook connects to its home base virus gets in to the internal system. Since most of the protection devices look for the external threats the internal enemy goes unnoticed.

An AH is designed to take care of such a scenario.. AH provides the support to the device to prevent itself from getting infected or having become infected, from infecting others. This will act as the second line of defence against the viruses within the digital society.

Normally for an email virus either SITR model ( Susceptible, Infected, Traced, Removed) or SEIR model (Susceptible, Exposed, Infected, Removed) method of protection is practiced. For digital epidemics through email AH uses SECITQC model where,

S Susceptible : Proportion of the population which is prone to the disease
E Exposed: Proportion of the population which is exposed to the virus but not yet infected
C Contaminated : The population which is infected by the virus
I Infectious : Proportion of the population which is infected and capable of infecting others.
T Traced : proportion of the population traced to have come in contact with the infectious device.
Q Quarantined : proportion of the population which has been quarantined
C Cured : Proportion of the population which has been cured of the disease/ virus
The SECITQC model traces the process after the device has been infected and remove it from the infectious chain

How does the AH identify the infection
A computer virus is uni-contact with nil incubation time. It is difficult to defend a device from an incoming novel virus attack. AH assumes that in spite of the best of security systems there will definitely be cases of infection. Thus AH monitors the characteristics of the virus after the contaminated state.

An infected digital device will cause a specific behavioural changes at the class level which AH identifies as "digital fever". Hence, in case of a novel virus, even if individual signature of the virus is unknown, AH will be able to detect the digital fever cause by the virus. As the email virus will use the network as it media for propagation, the following behavioural changes will be observed at the infectious states:

1. The email traffic on the network will increase.
2. Network connection (open) requests to email ports will increase.

Functioning of AH
AH attacks the problem in two ways.

1.Personal Artificial Hygiene ( Prevention)

AH uses the principle of prevention and checks the IP traffic transacted between all the nodes in the subnet. The AH process looks at all traffic to and from the SMTP ( Simple Mail Transfer Protocol) port from nodes in the neighbourhood. Any device which is found to be infected and sending an email virus, is identified to be dangerous. The concept of primordial prevention is used to protect a device from this infectious agent. In such scenario an ingress filter is used to stop all incoming IP packets from the infected node. Even though an email always passes through the mail server in a directed edge of a graph, an email virus containing 3rd generation virus may attack others in an undirected edge randomly. It warrants even more critical plan to achieve protection from an infected machine within a trusted network.

2.Public Artificial Hygiène ( Auto- Quarantaine/ Auto Isolation)

Public hygiene is ensured as the infectious device is not allowed to pass on the virus to other devices. The moment it is discovered that an email client system is sending a large number of packets to TCP port 25 (simple mail transfer protocol), it is assumed that the current system is the likely suspect. When AH detects that the payload of the email packet is carrying an attachment of type *.exe, *.pif, *.bat, *.zip, *.scr, or *.htt, or a binary file of unknown type, and the same attachment is being sent to multiple recipients with a rate >= 4 emails per second, it is considered as an email virus. This condition is defined as Digital Fever by Prof. Asoke K Talukder . After detection, the kernel of the computer is instructed to drop all outgoing packets destined for TCP port 25 through egress packet filtering. This method auto-quarantines the mail client in the infected computer. With an appropriate antidote virus is cleaned. Once the virus is eliminated, the traffic density will come down to normal and the fever subsides. This will allow normal flow of traffic on all ports including SMTP. If the antidote is not available presently the virus is quarantined until the antidote is available thus avoiding the spreading of virus.



Testing of Artificial Hygiene
The AH concept was tested through a software named as Safernet developed by Prof . Talukder and his team. Testing based on SECITQC model was performed in both LINUX and Windows environments. An existing Trojan was taken and renamed as "virus.pif". Mails with the virus file were sent to different known recipients as an email attachment through the "thunderbird" email client in the Linux system and "Outlook" email client in the Windows system. Without being aware of the type of the virus or its individual signature, AH was able to detect the virus and stop its propagation.

Safernet working
The SaferNet system for Linux uses the libpcap (packet capture library) library to track the movement of every Ethernet packet in the network. In case of Windows it uses the winpcap library. It checks the packet header of every outgoing packet to determine whether the packet is being sent to an SMTP port (TCP port 25). If so, the payload of the TCP packet is examined. The SaferNet checks for some mime headers related to attachments in the payload of the mail packet. If the attached filename is of a suspect type of the file instruction is sent to the kernel of the current computer to stop all outgoing TCP packets for destination port 25 for any destination IP address. This is done through the IP Tables interface using libiptc In case of Windows operating system the "Filter-Hook" interface is used to stop a desired packet. All other traffic is allowed; therefore, the user will be able to continue all network activity except sending mail. Also, the user is informed about the possible infection.

Future of Artificial Hygiene
AH technique assumes that emails are sent at 4 mails /second, which many internet sites use to detect mass download and abuse. By using statistical methods 4mails/second threshold can be improved there by improving the detection of viruses more accurately and also limiting false positives. AH technique can be used to contain spam also.

Preliminary work to apply AH principle on 3rd generation viruses, which use automated means for both propagation and activation, is being carried out by Prof.. Asoke K Talukder and his team.

Artificial Hygiene is unique as it uses the concept of Digital fever, which is virus neutral. SaferNet is being enhanced to stop propagation of worms also. Artificial Hygiene provides much needed hope of a hygienic digital society in the form of cleaner notebooks, handhelds, mobiles and the like.

(By Venugopal S)

Email this article | Respond to this article

---------------------------------------------------------------------------------------------------------






India Jobs | Immigration News | Career Resources
H-1B Resources | Weekly FAQs | Workplace Issues & Trends | Articles
Ask the Head Hunters | Tests Online | Home

About us | Advertise | Testimonials