Abstract

An active network allows packets to contain a mixture of code (algorithm) and data. The ratio of code to data can vary as the packet travels through the network. Such networks can also be vulnerable to attack via the transport of virus or worm code. A mitigation of this problem has been attempted via the use of active network probes to detect vulnerabilities in an active network. A complexity estimate of active protocols being transported within the network by active packets is obtained. In addition components within the active network contain probe points through which bit-level I/O can be collected. Kolmogorov Complexity estimates based upon simple inverse compression ratios have used to estimate vulnerability. The intent has been to experiment with better complexity measures as the research continues. Consider the complexity of bit-level input and output strings concatenated together. That is, observe an input sequence to an arbitrary process (i.e. a potentially vulnerable process) at the bit-level and concatenate with an output sequence at the bit-level. This input/output concatenation can be applied to entire systems or to components of a system. If there is low complexity in the I/O observations, then it is likely to be easy for an attacker to “understand” and usurp that component.