Fighting Cyberthreats III

The increase of security threats from the Internet and what to do about them has been a hot topic this month. Cybersecurity expert Seymour Goodman from Georgia Tech was in town this week offering his idea of how to combat cyberthieves and hackers, and researchers at the University of California San Diego plan to give a paper this month on how to counterattack email spam.

Now the Defense Department's Defense Advanced Research Projects Agency (DARPA) has come up with a novel way to monitor malicious activity on the 'net, according to a post in Wired Magazine's Danger Room blog. The problem that Defense faces is it is having a hard time monitoring the increasing Internet traffic for malicious code. And the problem is only getting worse, with Internet traffic doubling nearly every nine months.

So DARPA is turning to what it calls Scalable Network Monitoring, a method of monitoring the Web traffic occurring at any point on a system, rather than scanning all Internet traffic for known malicious codes. The theory is this: If online traffic spikes at any one point, it could indicate that something untoward is occurring and should be investigated.

The theory is based on thermodynamics. An increase in activity in a spot increases temperature. Therefore, an increase in online activity, usually caused by a virus or a larger-than-expected flow of outgoing traffic, say, indicates a "hot spot." The Navy developed the method, which it calls the Therminator.