A Cheap, Distributed Zero-Day Defense?

coondoggie writes "Shutting down zero-day computer attacks could be carried out inexpensively by peer-to-peer software that shares information about anomalous behavior, say researchers at the University of California at Davis.The software would interact with existing personal firewalls and intrusion detection systems to gather data about anomalous behavior, says Senthil Cheetancheri, the lead researcher on the project he undertook as a grad student at UC Davis from 2004 to 2007. He now works for SonicWall."

Could work on large corporate-type networks

[sweatyboatman]

The summary is misleading in that this isn't proposed as a defense. This is an early-warning system for detecting compromised machines on a network.

This isn't going to run on every computer in the world. Think of a corporate network with thousands of machines with fairly homogeneous usage. This could alert the sysadmin to a worm infection when the number of machines is numbered in the tens.

And since all it's doing is monitoring it shouldn't present a security risk (if well designed) greater than any P2P client.

This already exists

[charlesnw]

It's called dshield: http://isc.sans.org/howto.html [sans.org]