| COMPUTER
IMMUNE SYSTEMS |
| Natural immune systems protect animals from dangerous foreign pathogens,
including bacteria, viruses, parasites, and toxins. Their role in
the body is analogous to that of computer security systems in computing.
Although there are many differences between living organisms and computer
systems, we believe that the similarities are compelling and could
point the way to improved computer security. Four examples of how
we are applying ideas from immunology to today's computer security
problems are a host based intrusion-detection method, a network based
intrusion-detection system, a distributable change-detection algorithm,
and a method for intentionally introducing diversity to reduce vulnerability.
The analogy with immunology contributes an important point of view
about how to achieve computer security, one that can potentially lead
to systems built with quite different sets of assumptions, biases,
and organizing principles than in the past. Immunologists have traditionally described the problem solved by the immune system as the problem of distinguishing "self" from dangerous "other" (or "nonself") and eliminating dangerous nonself. The problem of protecting computer systems from malicious intrusions can similarly be viewed as the problem of distinguishing self from nonself. Nonself might be an unauthorized user, foreign code in the form of a computer virus or worm, unanticipated code in the form of a Trojan horse, or corrupted data. What would it take to build a computer immune system with some or all of the properties of a natural immune system? Such a system would have much more sophisticated notions of identity and protection than those afforded by current operating systems, and it would provide a general-purpose protection system to augment current computer security systems. It would have at least the following basic components: a stable definition of self, prevention or detection and subsequent elimination of dangerous foreign activities (infections), memory of previous infections, a method of recognizing new infections, and a method of protecting the immune system itself from attack. |
|
|
RESEARCH: |
COMPUTER IMMUNE SYSTEMS |
| Major
Sponsors: These projects result from the generous support of: The National Science Foundation, IRI-9711199 , The Office of Naval Research, N00014-99-1-0417, The Defense Advanced Research Projects Agency, N00014-96-1-0680, The Santa Fe Institute, The Intel Corporation, TheIBM Partnership Award |
 |
University
of New Mexico Computer Science Dept. Farris Engineering Building, Albuquerque, NM 87131-1386 |
505-277-7104 forrest@cs.unm.edu On-line PGP key |