Slashdot Mirror

← Back to Stories (view on slashdot.org)

Virtual Immune Systems Headed for Market

Posted by Roblimo on from the biology-is-destiny-even-for-computers dept.

bughunter writes "This week's Science News cover story reports on the effort to model biological immune systems as a tool against computer viruses and other security threats. Although Science News is written for laypersons and secondary students, the article has several interesting quotes and clearly illustrates the principles behind adaptive immunity. The article also claims that Symantec will release an adaptive antivirus utility this summer."

13 of 83 comments (clear)

  1. Re:Ooookay. by Jordy · · Score: 2
    Define a virus' behavior for me.


    The definition for both biological and computer viruses is a entity (program) which inserts itself into another entity in order to propigate itself.

    Viruses can be good or bad... it all depends.

    define behavior that is considered "harmful" to a computer user


    Any time when system performance or integrity drops because of the virus.

    Name one thing that a human can do that a machine cannot.


    Humans are machines, so this is not a logical comparison.

    But if you want to compare today's computers against a human's brain, then it's pretty easy.
    The human brain is capable of analog operations, today's mainstream computers are not. There are a few chips coming out which are analog and not digital..

    --
    --
    The world is neither black nor white nor good nor evil, only many shades of CowboyNeal.
  2. only a weak analogy by jetson123 · · Score: 2
    Machine learning, pattern recognition, agents, and artificial intelligence are likely to become very important in security. But while the analogy to biology sounds nice, and people may even derive some useful inspiration from it, but it is pretty weak on the whole.

    If you do take the analogy serious, it actually doesn't look so good for computer security. Biological immune systems protect populations, not individuals. A species can afford to have a few percent of the population die from immune system related diseases (oops--misrecognized the Linux kernel as a virus) or to have a quarter of the population be susceptible to a particular virus.

    To deal with those issues, the "computer immune" system does something no biological system does: it uses a global repository for virus data.

    Finally, most organisms on this planet live perfectly happily without immune systems; it's far from clear that that's a good design point. They just have good, strong biochemical defenses built-in; perhaps that's the best analogy for computers after all.

  3. This just sounds like automation... by TheMeld · · Score: 2

    I admit that I didn't read the article in depth, but from what I gathered skimming over it, this sounds like someone has just gotten a bunch of big computers to do what, up until now, has been primarily done by hackers. Granted, finding a way to have a computer do the necessary complex pattern recognition that was previously the domain of hackers is a big and important step in many directions, not the least of which is virus protection, but when it comes down to it, this is the automation of a long standing technique, not a new technique.

    The pattern recognition skills, however, have near infinite applications. A system that can detect when a virus has deployed itself, and find the code that is responsible, could serve many purposes. For example, it could help find very deeply buried bugs in program. If the system is capable of finding some idea of how one prevents or cleans the virus, then it would be even more useful. Imagine a compiler/debugger suite that not only told you where your code had problems, but even told you what you probably had to do to fix it!

    The next, and truly awesome step would be one that can figure enough out that it can fix the code for you! That would rock! Imagine, the debug button on your ide would no longer launch a program to step through code. It would actually debug the software! Now that would be (c/dr)ool.

    --
    -Cheetah
  4. Url for Forest's Group. by locust · · Score: 2

    Here's the Link to Forest's research group.
    They have a bunch of papers online. The ones I read a while back were mostly theortical.

  5. Will this work? by aprentic · · Score: 2

    AFAIK most virus checkers already scan for viruses based on hashes of key parts of the virus. This doesn't stop someon from creating a completely new virus or from making minor changes to the part of the virus which is being scanned for.
    Is is even possible to create a virus checker that would adaptively search for "virus like" code without severly impeding the normal operation of the computer?
    I can imagine that there might be some sort of distributed database which would allow the first person who noticed an infection to notify everyone else quickly. After that the fix could be automatically sent out to innoculate/cure all the systems in the group.
    Maybe if all programs used some sort of cryptographic certification you could identify viruses based on their lack of certification.

    1. Re:Will this work? by jandrese · · Score: 2

      Sure, last time I looked at virus checkers (fprot for DOS), they had a "heuristic" mode that checked for virus like activity. This was faster and was supposed to be able to catch "virus like activity" such as writing to the boot sector of the disk and code with lots of unnecessary jmps (designed to fool virus checkers). Unfortunatly these techniques are not 100% foolproof and a carefully written virus can get around them. I never noticed any slowdown from using fprot, but I was running cheezy DOS programs on a P75, so speed wasn't an issue.

      Fortunatly, virus checking got infinitely easier when I switched to Unix. :)

      --

      I read the internet for the articles.
  6. Re:Our top story: there will be a meltdown next ye by dattaway · · Score: 2

    Don't worry about the Y2K media blitz, but worry about all those viruses running freely and mutating in a playground of consumer petri dishes. They will infest every popular consumer computer given time. Just sit back and wait. Coming soon to a computer near you. Have you been asked to reinstall a certain evil operating system lately? Damn glad I have user accounts on my computer for different installs!

  7. Re:Ooookay. by Signal+11 · · Score: 2

    You know, before I even hit submit for that post, I already knew some clueless fool was going to say the obvious... well then, without further ado...

    The definition for both biological and computer viruses is a entity (program) which inserts itself into another entity in order to propigate itself.
    I guess this means when I get a plugin for netscape, that's a virus? Or how about when I upgrade my system from windows 95 to windows 98? My my, by your definition, that would be a virus too. What about the "melissa virus" I described above. That was only an e-mail attachment. It didn't insert itself into anything.

    Any time when system performance or integrity drops because of the virus.
    So I should immediately upgrade to Linux, dispite corporate policy saying that I'll be fired if I do so? Afterall, running Windows *does* lower both system performance and integrity. Whups. Try coding something (anything), that can detect "system performance or integrity drops" - and determine that it's a virus, and not somebody playing solitare.

    Humans are machines, so this is not a logical comparison.
    Gosh, last time I took a shower, I didn't start rusting. Funny, maybe I missed something? And I guess when my HDD dies I should be sued for "wrongful death"? Sorry, but the distinction is obvious. If you can't tell the difference between a human and a machine, you've been spending too much time on hold.

    You know, the whole point of my post was that you can't code away stupidity. People need to use their computers responsibly. That means regular maintenance, an understanding of what to do when it breaks, and practicing safe hex. If you can't do that, return your computer, and stay the #$@! away from mine!

    --

  8. Re:A Bit of Background on Forrest's Work by Signal+11 · · Score: 2

    I have to agree with an earlier AC posting to this article. The approach is fundamentally flawed because it uses the past to predict what is happening in the present as it's guidepost. Such a system could easily be subverted by simply doing such operations at a very low frequency, and ramping it up until the system believes it is "normal". Such tactics can even fool people - as any sysadmin will tell you.

    Besides, how would you be able to tell the difference between a system administrator modifying sendmail's configuration files, and a systems' cracker trying to bypass security? They both look the same in my version of syslog.

    --

  9. Ooookay. by Signal+11 · · Score: 2

    Ooookay. I'm suprised nobody has posted this yet. Name one thing that a human can do that a machine cannot. Detect patterns. People have a remarkable ability to see patterns in data. Sometimes they are somewhat overzealous and see patterns where none exist. Computers are incapable of that. If they could, we would have the beginnings of *real* artificial intelligence. So what is this article about really? Symantec, Mcafee, and company just created a new buzzword. It's like "MMX" or "ActiveX" - mean-nothing phrases designed to lure people in.

    Now, let's assume that they really *did* have technology to "detect" viruses... Define a virus' behavior for me. Ummmm.... okay. That was a tough question. Let me give you another one - define behavior that is considered "harmful" to a computer user. Yes, installing windows 98, but I need more than that. Oh. Can't come up with anything their either? Bummer. Now you see the problem. If you can't even define a virus' behavior, how are you supposed to tell the computer how, short of creating real artificial intelligence?

    --

  10. A Bit of Background on Forrest's Work by The+Infamous+TommyD · · Score: 2

    Forrest (and her grad students, one of whom I've met) have discovered that relatively short patterns of self-like behavior are easy to spot and cover most normal behavior of a system.
    For instance, system calls in Sendmail. You might find 20 some patterns of system calls that correspond to almost all of legitimate behavior. But, when someone hacks or tries to hack Sendmail, the known patterns don't match anymore. After this happens for a bit, the system can sound an alarm.

    This works very well in several different areas and they have published many papers on the topic.

    Now, getting this to work for viruses might be a bit more difficult. But for misuse detection, it may be just what the doctor ordered.

    Also, I wish that more posters would read the article closely. Some of the responses are way off base.

  11. Re:Simple solution already exist by Trepidity · · Score: 2

    Actually, I'm surprised there aren't more Linux viruses. Perhaps nobody has bothered to write them, or perhaps the people in Bulgaria (the single largest producer of virueses) are all still running DOS.

    Playing around on my friend's Linux system, on which I have a normal non-privilaged account, I've rooted it at least 6 or 7 times. A virus could do the same thing. Once it has root access, Linux isn't any safer than DOS is.

    --
    10 PRINT CHR$(205.5+RND(1)); : GOTO 10
  12. Re:Ooookay. (addendum) by Signal+11 · · Score: 2

    No, grep does not qualify. I said *detect*, as in see a pattern without you telling it where to look. Take this example:

    Red. green. red. green.
    What's the next color?

    How about this: 2 3 5 6 7 9 10 11
    What's the next number?

    Get a computer to do that, and you'll be world-famous.

    --