Swarm Intelligence in Action: Phalanx Project

Web threats are up 1564% since 2005, vulnerabilities continue to number in the thousands annually, malware infections have skyrocketed to over 8 million in November of 2007 alone, SPAM accounts for up to 90% of all email traffic, there is an estimated 3 million plus bot-compromised machines connected to the internet at any given moment, high-impact regional threats and targeted attacks have increased dramatically year over year since 2005, and there is a breach a day in what has become an orgy of disclosure, punctuated by a tsunami of useless loss statistics. This is all against a backdrop of new vectors of attack introduced by mobile computers, virtualization, SaaS, and other disruptive technologies.  Clearly the current reactive, ad-hoc, threat enumeration, information security model is broken and given the economics of malware and cybercrime it will only get worse…

Sample data from research on the underground digital economy in 2007 from Trend Annual Threat Report 2007 (here)

Pay-out for each unique adware installation – $.30 in the US

Malware package, basic version $1,000 – $2,000

Malware package with add-on services – $20 starting price

Undetected copy of an information stealing Trojan – $80, may vary

10,000 compromised PCs – $1,000

Stolen bank account credentials – $50 starting price

1 million freshly-harvested emails – $8 up, depending on quality

Recently I posted some thoughts on evolving information security to move towards distributed, collective intelligence or swarm intelligence, (here) and (here), and came across a project at the University of Washington called Phalanx – (here) via /.

Their system, called Phalanx, uses its own large network of computers to shield the protected server. Instead of the server being accessed directly, all information must pass through the swarm of “mailbox” computers.

The many mailboxes do not simply relay information to the server like a funnel – they only pass on information when the server requests it. That allows the server to work at its own pace, without being swamped.

“Hosts use these mailboxes in a random order,” the researchers explain. “Even an attacker with a multimillion-node botnet can cause only a fraction of a given flow to be lost,” the researchers say.

Phalanx also requires computers wishing to start communicating with the protected server to solve a computational puzzle. This takes only a small amount of time for a normal web user accessing a site. But a zombie computer sending repeated requests would be significantly slowed down.

This is a very interesting way to deal with the problem of DDoS attacks, it isn’t difficult to imagine how one could use a swarm of intelligent agents to cooperate and shield, or even work to identify patterns of behavior that are representative of malicious or nefarious actions and counter an attack in progress or impending attack before it has a chance to impact the environment.

2 thoughts on “Swarm Intelligence in Action: Phalanx Project

  1. Hi,
    Indeed an intelligent solution, but I do not see why you call this “swarm intelligence”. After all they do nothing else than putting a whole sh**load of dead weight (computers) in front of the server to protect it. There is no intelligence in this swarm whatsoever.

  2. Hey Zyxo,

    Good question – it may appear that all they are doing is designating a set of computers to effectively off-load a potential onslaught of traffic, this would be fine if you had 1. a bunch of computers that had to serve no other purpose and 2. The attackers couldn’t disable the offload computers – for this architecture to be effective and to be considered “swarm” they would have to have a mechanism to communicate and dynamically reallocate a group of computers to take on different tasks. For example computer group A (which would consist of multiple, non-logically connected computers) is acting as an offload set, computer A within Group A is being utilized so it is dynamically moved to Group B (which is acting as a proxy or relay for low-bandwidth communication between various groups), and Group C has a set of computers which are moving in and out of availability to perform certain tasks based on their own usage.

    The dynamic reallocation of resources, coupled with communication and cooperation between agents moves towards swarm intelligence – imagine how easy it would be to add offensive tactics to the mix, with a set of computers actively slowing down a DDoS, SPAM or other load-based attacks by targeting the systems generating the load – not knocking them off the grid or taking them out, but slowing them down through a series of digital “pokes”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s