A Department of Energy (DOE) lab is taking research done to develop a host-based security sensor and open-sourcing the software to encourage community feedback and participation.
"We'd love to have other people use this," says Glenn Fink, senior research scientist at Pacific Northwest National Laboratory, who invented Hone, a cyber-sensor that's currently available for the Linux operating system kernels 2.6.32 and later, with other versions in development for Windows 7 and XP, plus a Mac OX version planned. To encourage participation in development, PNNL has established the open-source Hone Project with the Linux version.
IN THE NEWS: Hospitals seeing more patient data breaches
While there are other host-based sensors, PNNL believes Hone may represent a potential breakthrough in identifying suspicious communications between monitored computers and network activity, whether it be from the Internet or the internal network. Fink said Hone can identify relationships between programs and network activities. As such, it might not only be able to identity cyberattacks accurately, but could also be adapted to limit how processes can communicate to the network. Fink said Hone is potentially of use in monitoring wireless networks.
PNNL is using Hone, which includes some visualization display, as part of a research project to understand how attackers break into computer systems. Since Hone is in an early stage of development, the DOE lab is inviting input from the public and open-source participation, and believes there is a potential for investing in it to evolve it further.
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security.