Future worms could evade a network of early-warning sensors hidden across the Internet unless countermeasures are taken, according to new research. In a pair of papers presented at the Usenix Security Symposium here Thursday, computer scientists said would-be attackers can locate such sensors, which act as trip wires that detect unusual activity. That would permit nefarious activities to take place without detection.

Internet sensor networks, such as the University of Michigan's Internet Motion Sensor and the SANS Internet Storm Center, are groups of machines that monitor traffic across active networks and chunks of unused IP space. The sensor networks generate and publish statistical reports that permit an analyst to track the traffic, sniff out malicious activity and seek ways to combat it.

Just as surveillance cameras are sometimes hidden, the locations of the Internet sensors are kept secret. "If the set of sensors is known, a malicious attacker could avoid the sensors entirely or could overwhelm the sensors with errant data," a team of computer scientists from the University of Wisconsin wrote in its award-winning paper titled "Mapping Internet Sensors with Probe Response Attacks."

But the Wisconsin researchers discovered that the sensor maps furnish just enough information for someone to create an algorithm that can map the location of the sensors "even with reasonable constraint on bandwidth and resources," John Bethencourt, one of the paper's authors, said in his presentation.