Researchers looking to root out computer attacks hope that speed kills.
Penn State University scientists said they've devised new anti-worm technology that can identify and contain worms milliseconds after an attack by analyzing data packets' rate or frequency of connections, and their diversity of connections to other networks.
That allows the technology they term "proactive worm containment" to react more quickly to security threats, university researchers said.
"A lot of worms need to spread quickly in order to do the most damage, so our software looks for anomalies in the rate and diversity of connection requests going out of hosts," Peng Liu, a Penn State information sciences and technology professor and lead researcher on the project, said in a statement.
Researchers say that many current security methods focus on "signature or pattern identification" and cannot respond fast enough to prevent worms from exploiting networks. Those approaches, they say, often miss worms that mutate automatically, bypassing the existing anti-worm controls.
Penn State's efforts, however, aren't the only ones seeking alternatives to signatures or patterns, with varying degrees of success.
Johannes Ullrich, chief research officer with the security research organization SANS Institute, cautioned that some home and small business networks might have too much innocent activity — such as instant messaging or phone calls over the Internet — that could be considered suspicious based on the speed of connections.
And the Penn State technique won't catch slower-spreading worms, although Liu said current technologies already pick those up.