Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

4/11/2012
05:06 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Pacific Northwest National Laboratory Creates New Sensor To Stop Attackers In Their Tracks

Tool determines which applications are communicating with external network

RICHLAND, Wash. - The good guys have a new, innovative tool to help them identify and understand cyber attacks.

Developed by a researcher at the Department of Energy’s Pacific Northwest National Laboratory, the new Hone cyber sensor determines how network activity on a computer is related to an application such as Internet Explorer or any running process. Finding these relationships enables cyber security experts to more quickly identify a potential problem and dissect how it works.

Currently, system and security administrators spend a lot of their time looking for unusual communication patterns between their computer systems and the external network. When they find suspicious communication, it isn’t immediately obvious which program is doing the communicating. So the administrators closely watch the computer in the hopes of seeing the program work again. But there’s no guarantee they’ll find it, as many dangerous programs only show up for a few seconds at a time and can be silent for days or months. Hone eliminates these time-consuming investigations by keeping a record of all communications that applications make. If an administrator later finds a program, the administer of the computer system will be able to immediately understand how the two are connected with Hone’s help.

Hone is unique because it doesn’t just observe communications between computers on a network. It also determines from which specific programs – such as web browsers, system updates or even malicious program – those communications are coming.

“Hone makes monitoring and understanding web-based attacks faster and easier,” said its inventor, PNNL computer scientist Glenn Fink. “The sensor isn’t a firewall or antivirus program that protects the host computer. Instead, it identifies the relationship between programs and their network activities, allowing system and security administrators to more quickly identify – and hopefully solve – problems such as cyber attacks.”

The sensor isn’t limited to investigating cyber attacks. Computer programmers could also use Hone to debug new networked applications they’re developing and firewall administrators could adapt Hone data to verify that only certain processes on their system can communicate to the network. And security researchers could use it to monitor what their machines are doing and identify threats such as computer viruses, spyware and stealthy rootkits, which are programs that attackers use to maintain covert access to a computer system.

Fink initially developed Hone’s rough framework as a postdoctoral researcher at Virginia Tech. PNNL researchers are currently using Hone to analyze computer traffic in a project that is examining how attackers use a scheme called “pass the hash” to break into computer systems.

Hone is available to for the Linux operating system in kernels 2.6.32 and later. Other versions are also being developed for Windows 7 and Windows XP. And a MacOS X version is planned. The data that Hone collects is provided in the PCAP-NG (Packet Capture-Next Generation) format, which can be viewed in the Wireshark network analysis program. In addition, PNNL is developing a way to visualize Hone’s date, which the lab hopes to license in the future.

Hone is essentially in the beta-testing stage, and has some room for minor tweaks and improvements. Fink and his collaborators are asking computer industry professionals to help them improve it by cloning the tool’s Linux version, which is available as an open source code online at https://github.com/HoneProject. Technical questions can also be directed to Fink at glenn.fink @ pnnl .gov.

# # #

Pacific Northwest National Laboratory is a Department of Energy Office of Science national laboratory where interdisciplinary teams advance science and technology and deliver solutions to America's most intractable problems in energy, the environment and national security. PNNL employs 4,800 staff, has an annual budget of nearly $1.1 billion, and has been managed by Ohio-based Battelle since the lab's inception in 1965. Follow PNNL on Facebook, LinkedIn and Twitter.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24259
PUBLISHED: 2021-05-05
The “Elementor Addon Elements� WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24260
PUBLISHED: 2021-05-05
The “Livemesh Addons for Elementor� WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24261
PUBLISHED: 2021-05-05
The “HT Mega – Absolute Addons for Elementor Page Builder� WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by ...
CVE-2021-24262
PUBLISHED: 2021-05-05
The “WooLentor – WooCommerce Elementor Addons + Builder� WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-priv...
CVE-2021-24263
PUBLISHED: 2021-05-05
The “Elementor Addons – PowerPack Addons for Elementor� WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scriptin...