Security and the Sting (of ants)

An interesting breakthrough in the electrical power / smart-grid area may hold hope for increased security in the eCommerce market in the near future.  Errin Fulp, a professor of computer science at Wake Forest University, is training an army of “digital ants” to turn loose into the power grid to seek out computer viruses trying to wreak havoc on the system.  The approach is so promising that it was named one of the “ten technologies that have the power to change our lives,” by Scientific American magazine last year.

Connect the nation’s power grid to a network, thus creating a smart grid capable of intelligently controlling device to which it is connected, will help to deliver power efficiently and economically.  Practically, it’s a great idea but it is prone to attack as is any network enabled device.  A virus that infects the power grid could potentially shut down power to entire cities or regions.  Not a great scenario.

What Fulp has done is to create bits of code that wander specific networks looking for different types of threats.  Each “ant” is focused on a specific type of threat and when it locates evidence of a threat, other ants swarm to that location on the network drawing the attention of human investigators.

Says Fulp of his army of ants, “The idea is to deploy thousands of different types of digital ants, each looking for evidence of a threat,” Fulp said. “As they move about the network, they leave digital trails modeled after the scent trails ants in nature use to guide other ants. Each time a digital ant identifies some evidence, it is programmed to leave behind a stronger scent. Stronger scent trails attract more ants, producing the swarm that marks a potential computer infection.”

There are a number of questions and challenges facing Fulp and his team about how to best deploy and manage such an army.  The primary question that I have is how this technology may be applied to monitor things like fraud and privacy breaches in the world of eCommerce.  Imagine the possibilities:  Ants that roam a company’s internal network focused on certain types of data traversing the wire;  ants that monitor sensitive information, it’s source and destination; and perhaps ants that monitor internal activity for the occasional rogue administrator.

In years past I was able to work as a security consultant with one of the nation’s largest card issuers that had an entire division that issued branded store cards for large retailers.  Their biggest challenge was keeping the level of internal fraud down.  Apparently internal fraudsters would set up cards, send them to some random address to which they had access and then run up charges at the store.  Imagine having an army of these ants that would look for this type of behavior and leave a digital scent trail leading to the perpetrator.  Small technology, big sting. Pretty cool stuff.

Add Comment