In a small lab at the end of a third-floor hallway in Deschutes Hall, Jun Li fights the spread of “zombies.” But these zombies don’t eat human flesh – they are the undead of the computer science world.
Zombies, in the terms of a University professor in computer science, are corrupted consoles that have been infected by Internet worms, or viruses, making them prone to spread the affliction to other computers and destroy their hard drives as well.
With the help of a $400,000 grant last month from the National Science Foundation, Li will have the resources to continue his research of finding better ways to recognize such codes before they affect other computer networks.
Li, operating out of the Network Security Research Laboratory in 360 Deschutes, began his work in 2003 with some financial help from Intel, at which time the subject was a wide-open field, he said.
“When I started this project, Internet worms were a very hot topic,” Li said. “A lot of people were trying to find a solution to this problem.”
Li has tackled the issue by taking a different approach than most, he said. Rather than monitoring the content of Web traffic in a network, Li instead monitors the behavior of the computers affected to identify the presence of a worm. The reason, he said, is that a worm can often change its form, making it nearly impossible to detect by simply monitoring what goes across a network.
“Even if a worm changes itself, we can still see that behavior,” Li said. And though he is not the first to take the behavior-based approach to worm research, he hopes his work will provide a better insight to recognizing them.
“We’re trying to push the envelope,” he said.
Many computers are vulnerable to the infection of worms, simply from inherent design or not being updated properly. But once a worm code is in a computer, the real danger is apparent. The worm can actually change form, self-replicate and spread to other consoles within a network on its own, Li said.
“It’s very similar to a biological virus in a lot of ways,” he said.
As for the specific nature of worms compared with viruses or a Trojan horse, Li said, most are simply different classifications of one another.
“The terminology is always fuzzy,” he said. “They’re all a type of malicious code. They’re all still a bunch of zeroes and ones.”
The main issue is not classification, but rather identification and detection, Li said.
Shad Stafford, a University graduate student who has assisted Li in his research since early 2005, said the mindset of the project has changed for him since he became involved.
“It’s been a good experience because I came in thinking I knew what I was doing, but as we worked I learned a lot about the process of research,” Stafford said. “It turns out now that what we started with isn’t quite like what we have now.”
Part of that difference lies in the method, he said.
“The steps that we go through to detect those worms are a little more complicated than we thought,” Stafford said.
To create an authentic environment for observing and detecting worms, the small group uses recorded network activity from a University in New Zealand, then uses a worm simulator to “infect” the pre-recorded data, Li said. From there, Li and his group of three student assistants can monitor how the network responds to it.
Li said he is always seeking new student assistants to join his research team. His newest recruit, computer science major Cameron Hertel, who just joined the project earlier this term, said he is grateful for the opportunity for research experience after Li approached him in a class he taught.
Even for the everyday computer user, there is still a risk of having a console become infected by a worm or virus, Li said. Some of the best ways to protect a personal computer, Li said, are simply the common recommendations of updating software regularly, having current virus protection programs and frequently changing passwords.
University Housing also offers a free Duckware CD each year with up-to-date virus protection, Hertel said.
Li said these can be a burden for any computer buyer, as they typically need updates right out of the box.
“That’s a challenging issue for companies, to produce software that’s both safe and easy to use,” Li said.
Contact the business, science and technology reporter at [email protected]
Finding zombies in the virtual world
Daily Emerald
February 7, 2007
0
More to Discover