Print
Discuss
Send to friend
RSS feedsIs your PC virus free? Do you regularly run virus checking software? Do you virus check email attachments before saving them to disk or, heaven forbid, executing them? If you do, is your checker's virus list up to date? If the answer to any of these questions is 'no', ask yourself why.
Is it too much hassle? Yes, it often is, but don't despair. There's new research under way to make virus checking programs a thing of the past.
In future, you may just need to make sure your computer's immune system is healthy and it will do the rest.
Professor Stephanie Forrest and her colleagues and students at the University of New Mexico in Albuquerque are taking a new approach to combating the problem of computer viruses. They're copying the way our body deals with invaders, by creating a computer analog of the human auto-immune system.
Our immune system works by being able to distinguish things which are 'self', and therefore generally safe, from things which are 'non-self', and likely to be dangerous. There are two main strategies: 'innate immunity' and 'acquired immunity'. For innate immunity, cells called phagocytes patrol our bloodstreams, programmed to spot and kill invading microbes.
The phagocytes end up in the lymph nodes carrying the remains of any microbes, and stimulate our second line of defence, which is the acquired immunity.
This is the job of the lymphocyte, a kind of white blood cell. Each lymphocyte is programmed to recognise a particular protein, which it classifies as either 'self' or 'non-self'. The body creates massive numbers of lymphocytes, randomly programmed to recognise different proteins. Before they enter the bloodstream, however, they undergo a maturation phase in the thymus.
It's here that lymphocytes that happen to recognise 'self' proteins are weeded out and killed, leaving only those that recognise 'non-self' to be released into the bloodstream.
Autonomous programs
It's this approach that Forrest is trying to mimic, to implement an immune system for a computer, see www.cs.unm.edu/~forrest/. Instead of lymphocytes, she's using autonomous programs that run and check data coming across network connections, looking for unexpected code in memory. It's a challenging problem to apply the principles of a living immune system to a machine.
The machine immune system needs to have a reliable definition of 'self', must respond to attempted infections and remember new infections it comes across, and must itself - as a system - be immune from attack.
But what do the concepts of 'self' and 'non-self' mean for a computer? Forrest is experimenting with using a record of low-level operating system function calls to construct a 'self' profile for a given PC, based on the idea that most machines have users who tend to run the same programs regularly.
After performing a statistical analysis of the patterns of system calls over a period of time, a 'self' database can be constructed that reflects the normal usage patterns of the machine. 'Non-self' is then defined as any unrecognised pattern of operating system calls.
Whenever a program runs, its system calls are monitored and checked against the usage patterns in the 'self' database. If unusual patterns are detected, it could indicate viral attack. (Of course, the database would need to be updated when new, authorised software is installed.) Related research is concerned with immunising against hacker attacks coming from the internet by checking for uncommon data patterns in incoming TCP/IP packets.
It's unlikely that a machine's immune system can ever be anywhere near as sophisticated and reliable as our own, but it's an intriguing idea that your PC could soon stay virus free, and you won't have to lift a finger.
See also:
All Antivirus and Firewall Protection
del.icio.us
Digg this
reddit!
