Cyber-Security System Mimics Human Immune Response
Security experts want computers to monitor their health, much like humans do.
April 24, 2011 -- Computer scientists and IT engineers are increasingly looking to the human immune system as a model for preventing attacks by cyber-hackers. They hope that in the near future computers will be able to communicate among themselves, recognize threats, and be able to monitor their own health -- just like the cells inside our bodies.
"We want the machines to take a more active part in their own protection," said Bruce McConnell, senior counselor for cyber security at the U.S. Department of Homeland Security. "We want to use their brains to protect themselves, but always in the context of the policies of the system administrators and owners."
McConnell is co-author of a new DHS white paper, "Enabling Distributed Security in Cyberspace: Building a Healthy and Resilient Cyber Ecosystem with Automated Collective Action."
No, it's not the dawn of Skynet. But it may be a new way of looking at how computers can be protected, and at the broader questions of privacy versus security. McConnell and others point to a marked increase in cyber-threats from organized crime, terrorists, and nation-states looking for key military, financial and other classified intelligence.
The paper imagines a "healthy ecosystem" of computers that collaborate to fight threats, adapt rapidly, and identify and defeat problems. Right now, computers are not very good at catching things that they haven't seen before, McConnell said. In contrast, the human immune system has evolved to fight intruders that it doesn't recognize. "It says: "This is not me. Maybe I need to send something down there to take a look at it, and maybe quarantine it.'" McConnell said.
McConnell says a first step would be to get computers to recognize and react to threats automatically. "Right now it's manual," he said, meaning that a human manager has to contact another human manager via e-mail to warn of a virus or other threat. Ideally, that notification would be done instantly between machines at different government agencies.
Some experts are already working on this kind of interoperability on a small scale. One of the biggest obstacles in getting computers closer to working by themselves is figuring out a better way to authenticate interactions, according to Hart Rossman, vice president for cyber-security services at Science Applications International Corp (SAIC).
"Computers are limited by their programming," Rossman said. "If it doesn't model the known versus the unknown, they can't tell the self from the other."
Rossman says experts are looking at new models of "nature-inspired defense" as computer threats become a greater security problem for government agencies and a bigger cost to industry.
"The threat is growing," Rossman said. "There are more incidents and they are becoming more sophisticated. The latest buzzword is 'advanced persistent threats.' These are sufficiently advanced methods that are difficult to detect and take a long time to discern."
Rossman said the DHS paper is a positive response to threats that are on the rise, and is provoking discussion among cyber-security experts.
Another hurdle faced by computer experts in designing collaborative systems of either individual devices or networked computers is that of privacy. How much information should be shared in the name of security?
Angelos Stavros is a computer scientist at George Mason University. He says the more that computers share information in order to deter threats, the more individual privacy is reduced.
"Although we want the cell to be curable, we want it to have our private personality that cannot be wiped or automatically checked," Stavros said. "What is an attack? It is often in the eye of the beholder."