For half a century, developers have protected their systems by coding rules that identify and block specific events. Edit rules look for corrupted data, firewalls enforce hard-coded permissions, virus definitions guard against known infections, and intrusion-detection systems look for activities deemed in advance to be suspicious by systems administrators.
But that approach will increasingly be supplemented by one in which systems become their own security experts, adapting to threats as they unfold and staying one step ahead of the action. A number of research projects are headed in that direction.
At the University of New Mexico in Albuquerque, computer science professor Stephanie Forrest is developing intrusion-detection methods that mimic biological immune systems. Our bodies can detect and defend themselves against foreign invaders such as bacteria and parasites, even if the invaders haven't been seen before. Forrest's prototypes do the same thing.
Her host-based intrusion-detection system builds a model of what is normal by looking at short sequences of calls by the operating system kernel over time. The system learns to spot deviations from the norm, such as those that might be caused by a Trojan horse program or a buffer-overflow attack. When suspicious behavior is spotted, the system can take evasive action or issue alerts.
News source: ComputerWorld - Future Watch: Immune computer systems
1 Comment - Add comment