The phony goat gets the worm

Mar 28, 2006

IBM researchers have designed a new way to detect and thwart attacks on computer networks. Code named "Billy Goat," the intrusion detection tool provides both early detection of worm attacks and fewer false alarms than other sensor systems.

The tool masquerades as a collection of servers on a network. Actual servers do not communicate with Billy Goat, but criminals who randomly attack servers are likely to stumble over it. As soon as Billy Goat is attacked, it identifies the attacking systems and fences them off electronically, isolating worms and viruses before they can propagate.

"Billy Goat uses a unique approach to detect malicious software by responding to requests sent to unused IP addresses, presenting what from a worm's-eye view looks like a network full of machines and services," says Dr. James Riordan, the lead designer of the system at IBM's Zurich Research Lab.

"In other words, Billy Goat creates a virtual environment for the worms. Such virtualization, by providing feigned services as well as recording connection attempts, helps Billy Goat trick worms into revealing their identity. This method allows the system to reliably and quickly identify worm-infected machines in a network."

Source: IBM

Explore further: NSA winds down once-secret phone-records collection program

Related Stories

NSA winds down once-secret phone-records collection program

16 hours ago

The National Security Agency has begun winding down its collection and storage of American phone records after the Senate failed to agree on a path forward to change or extend the once-secret program ahead of its expiration ...

Recommended for you

Domino's taking orders via tweet

May 22, 2015

Domino's on Wednesday launched perhaps the easiest way to satisfy a pizza craving this side of mind reading: order by tweet.

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.