Jump to content

Hypothetical Solutions: Forkbombs and more


Amaroq_Starwind
 Share

Recommended Posts

I recently watched a video about Forkbombs, and it made me think; would there be any viable way to create a program that could automatically detect new and unknown forkbombs, catching them in the act, and shutting them down?

Of course, forkbombs are far from the only threat that made me wonder about possible solutions. For instance, do any existing file scanners actually check Alternate File Streams, Named Pipes, or the like? What about using the Windows "Native API" to detect filenames and registry keys that are cleverly hidden from the rest of the operating system? Stuff like that.

But back on the subject of forkbombs... what methods would you propose to automatically detect a forkbomb and selectively shut it down without interrupting legitimate processes, and what obstacles might one encounter using those techniques? And how viable would such a protection system actually be?

(For those not familiar, a forkbomb is basically a self-replicating process that continues to grow until it overwhelms your system. For an extremely simple example, a script or command that repeatedly calls itself. For a less computationally-inclined analogy, something like a bacterium reproducing exponentially.)

Link to post
Share on other sites

For the record, I am not actually encountering any Forkbombs right now. I'm just trying to brainstorm potential new features for a security suite that would actually be useful, as well as possible ways those features could be implemented.

 

I'm also hoping that the Forkbomb Detection, Prevention and Remediation concept will end up becoming the start of something far greater.

Link to post
Share on other sites

I think one hypothetical solution for detecting 0-day forkbombs might be to just monitor the behavior of processes and shutdown anything that starts replicating itself abnormally.

Another could be to use machine learning to analyze scripts and sort the into three categories; Safe, Unsafe and Uncertain. Through semi-supervised training methods, combined with a library of confirmed bad scripts/commands, to teach the AI to detect things such as forkbombs im advance. But maybe that's a bit outside the scope of this particular thread?

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.