Swarms of digital ants may soon crawl all over the internet, scouting not for food, but computer worms and self-replicating programs designed to steal information or facilitate unauthorised use of machines. Security experts have successfully deployed a new type of network security software which mimics the habits of real-world ants.
Ants on earth, for instance, wander randomly but return to their colonies when they find food. But on the way back, they leave behind pheromone trails.
If other ants find the trail, they follow it and reinforce it. The idea of the ant colony algorithm follows this pattern. The digital ants wander through computer networks. When an ant detects a threat, other ants converge on the scene, drawing the attention of human operators who step in to investigate.
"In nature, we know that ants defend themselves against threats very successfully," Wake Forest Professor of Computer Science Errin Fulp, an expert in security and computer networks, said in a press statement, adding: "They can ramp up their defence rapidly, and then resume routine behaviour quickly after an intruder has been stopped. We were trying to achieve that same framework in a computer system."
Digital ants are an application of Swarm Intelligence or SI. Examples of this concept abound in nature, and include ant colonies, bird flocking, animal herding, bacterial growth, and fish schooling. SI, which refers to a general set of algorithms, was made popular in works of fiction like Prey from Michael Crichton, where a swarm of nano-robots attacks humans as experiments go wrong, and robotic sentinels in movies like The Matrix.
Using SI, these digital ants adapt to the variations of viruses that hackers routinely introduce. This is critical since security programs gobble up more resources, and antivirus scans take longer and machines run slower when anti-virus packages discover new threats and issue updates.
Glenn Fink, a research scientist at Pacific Northwest National Laboratory in Richland, Washington, came up with the idea of copying ant behaviour. PNNL, one of ten Department of Energy laboratories, conducts cutting-edge research in cyber security.
Fink was familiar with Fulp's expertise developing faster scans using parallel processing dividing computer data into batches like lines of shoppers going through grocery store checkouts, where each lane is focused on certain threats.
He invited Fulp and Wake Forest graduate students Wes Featherstun and Brian Williams to join a project there this summer that tested digital ants on a network of 64 computers. SI, the approach developed by PNNL and Wake Forest, divides the process of searching for specific threats.
"Our idea is to deploy 3,000 different types of digital ants, each looking for evidence of a threat," Fulp said. "As they move about the network, they leave digital trails modelled after the scent trails ants in nature use to guide other ants. Each time a digital ant identifies some evidence, it is programmed to leave behind a stronger scent. Stronger scent trails attract more ants, producing the swarm that marks a potential computer infection."
Fulp says the new security approach is best suited for large networks that share many identical machines, such as those found in governments, large corporations and universities.
And computer users need not worry that a swarm of digital ants will decide to take up residence in their machine by mistake. Digital ants cannot survive without software "sentinels" located at each machine, which in turn report to network "sergeants" monitored by humans, who supervise the colony and maintain ultimate control.