Hello Crook-ga,
Here is an article on trying to simulate the immune system on a
computer:
In Machina - Computer Science Borrows Immunology Theories (by Chris
Burroughs)
http://www.unm.edu/~quantum/quantum_fall_97/derek.html
The concept by Smith, Forrest and Perelson:
"The computer immune system model (...) simulates a virus on a
computer by breaking it down into its basic components and modeling
only the patterns where the components molecularly bind. By looking at
these patterns, the scientists can determine how the immune system
responds to viruses that mutate and the effectiveness of potential
vaccines."
And on algorithmical strategies to determine what is a virus, and what
is not:
"In the human body, knowledge of intrusions by foreign objects is
encoded in protein fragments. (...) Ph.D. student Anil Somayaji has
come to the conclusion that a computer program's system call patterns
are the missing link. He suggests that a "normal" profile of a
computer program's pattern of system calls can be created. This
profile can then be monitored with changes to the norm readily
detected.
Somayaji notes that developing such a computer immune system is a
matter of distinguishing "self" from dangerous "other" (or "non-self")
and eliminating dangerous non-self. Protecting computer systems from
malicious intrusions can simply be viewed as the problem of
distinguishing self from non-self. Non-self might be an unauthorized
user, a foreign code in the form of a computer virus or corrupted
data."
The following article goes into great detail on describing the
approach:
Warriors Within - How Your Immune System Combats Disease (by Alan
Perelson)
http://www.santafe.edu/sfi/publications/Bulletins/bulletin-winter95-96/perelson.html
"The immune system continually generates large numbers of highly
diverse antibody bearing cells. Those that are capable of recognizing
self--the proteins native to the body--are eliminated, leaving a
collection of defenders that recognize and attack non-self molecules
not native to the body. The Forrest-Perelson system uses strings of
computer code that fail to match the computer's native code, in a
system closely analogous to that used by the immune system. Antibodies
that match the "self" are eliminated, while those that fail to
recognize self are kept on hand to be compared with the program at any
time. If a match is indeed later found, the program or set of
antibodies has changed, presumably through viral infection."
-----
Also, the IBM Thomas J. Watson Research Center invests great research
in this topic. Please see the following articles on the subject:
The Virus Wars (by Robert Buderi)
http://www.theatlantic.com/issues/99apr/9904compuvirus.htm
On the Digital Immune System:
"The idea is to create digital white blood cells -- much as human
beings develop antibodies to biological agents -- that will be
permanently available on line. In theory, automatic virus-scouting
programs will transmit suspect codes directly to the immune center,
where they will be analyzed and debugged and the cure beamed back
before mere mortals even know there's a problem."
Anatomy of a Commercial-Grade Immune System (by the IBM Thomas J.
Watson Research Center)
http://www.research.ibm.com/antivirus/SciPapers/White/Anatomy/anatomy.html
Here especially the middle part on virus detection, "Immune System
Architectural Overview", should be of interest:
"Heuristics can detect a new, previously unknown virus either by its
appearance, by simulating how it will behave when run, or by actually
observing the behavior of the program or system."
Computers and Epidemiology (by the IBM Thomas J. Watson Research
Center)
http://www.research.ibm.com/antivirus/SciPapers/Kephart/Spectrum/Spectrum.html
Blueprint for a Computer Immune System
http://www.research.ibm.com/antivirus/SciPapers/Kephart/VB97/index.html
It is stressed in this research paper that in order for the protection
system to work, it "must be capable of detecting the presence of a
high proportion of viruses that are unknown to it specifically." The
details of generic disinfection heuristic are discussed here. For
algorithmical details and mathematical approaches, please see "Generic
disinfection implementation" a bit down on that page.
A Biologically Inspired Immune System for Computers (by Jeffrey O.
Kephart)
http://www.research.ibm.com/antivirus/SciPapers/Kephart/ALIFE4/alife4.distrib.html
The reliance on robust pattern matching is explained further in the
following paper:
Automatic Extraction of Computer Virus Signatures (by Jeffrey O.
Kephart and William C. Arnold)
http://www.research.ibm.com/antivirus/SciPapers/Kephart/VB94/vb94.html
On the Extraction/Evaluation Algorithm:
"Suppose that we have just obtained a sample of a new virus imbedded
in some host (infected) executable program. We wish to find a good
signature for that virus: one that will appear in every instance of
the virus, but is extremely unlikely to appear just by coincidence in
code not containing the virus."
-----
A broad but detailed overview can be found in the following papers
(needing Adobe Acrobat Reader):
Principles of a Computer Immune System (by the University of New
Mexico - Department of Computer Science) [PDF]
http://www.cs.unm.edu/~immsec/publications/principles.pdf
Immunity by Design: An Artificial Immune System (by Steven A. Hofmeyr
and Stephanie Forrest) [PDF]
http://www.cs.unm.edu/~immsec/publications/gecco-steve.pdf
Engineering an Immune System (by Steven A. Hofmeyr and Stephanie
Forrest) [PDF]
http://www.cs.unm.edu/~forrest/publications/EIS.pdf
And, focussing on anomaly intrusion detection:
Intrusion Detection using Sequences of System Calls (by Steven A.
Hofmeyr and Stephanie Forrest) [PDF]
http://www.cs.unm.edu/~immsec/publications/ids.pdf
Also, see this research in Word format:
Information Security with Formal Immune Networks (by Alexander O.
Tarakanov, Russian Academy of Sciences) [DOC]
http://solvayins.ulb.ac.be/fixed/Immune/T2.doc
-----
For general background and historical information, see:
Beyond Virtual Vaccinations - Developing a digital immune system in
bits and bytes (by Damaris Christensen)
http://www.sciencenews.org/sn_arc99/7_31_99/bob2.htm
-----
Here is a good introductory comparison chart, highlighting the
differences and similarities between human, and computer viruses. I
hope it can serve as inspirational information:
Human Viruses and Computer Viruses - A Comparison
http://library.thinkquest.org/C005965F/viralinfo/human_vs_digital1.htm
-----
I wish you the best of luck in your quest, and hope this was of help!
Search strategy:
"human immune system" "computer virus"
"digital immune system"
"computer immune system"
digital "immunological system"
"artificial immune systems"
Further articles and references:
UNM Computer Science - Computer Immune System
http://www.cs.unm.edu/~immsec/
USA Today - Virus researchers: Internet needs immune system
http://www.usatoday.com/life/cyber/tech/2001-02-27-virus-weise.htm
Symantec Virus Glossary
http://www.symantec.com/avcenter/refa.html
Wired.com - IBM Takes Macro Viruses to the Cleaners
(by Jennifer Sullivan)
http://www.wired.com/news/topstories/0,1287,8938,00.html
Times Computing - Closing in for the kill
http://www.timescomputing.com/19990415/nws1.html
Creative Technology - Fighting the Flu - The Computer Virus
http://www.colorado.edu/che/chen1000/computer_virus.html
University of Arizona - Introduction to Immunology
http://www.biology.arizona.edu/immunology/tutorials/immunology/page2.html
Artificial Immune Systems at the Institute of Computer Science,
Polish Academy of Sciences, Warsaw
http://www.ipipan.waw.pl/~stw/ais/
Books:
Artificial Immune Systems and Their Applications
Editor: Dipankar Dasgupta
Springer-Verlag, Inc, November 1998
http://www.msci.memphis.edu/~dasgupta/ais-book.html
Table-of-Contents at:
http://www.msci.memphis.edu/~dasgupta/AIS-TOC.html
To be ordered at AllHeart.com:
http://www.allheart.com/3540643907.html |
,
0 Comments
)