Biology fights computer viruses

Credit: GETTY IMAGES" /> Credit: GETTY IMAGES It's a jungle out there on the Internet. With countless viruses, applets, and attachments on the loose, you might say that the systems designed to protect our computers are facing the kind of challenges that confront animal immune systems in a crowded environment. That's why Stephanie Forrest, a professor of computer science at the University of New Mexico, Albuquerque, calls this "computing in the wild." She argues that c

Jul 1, 2006
Stephen Pincock
<figcaption> Credit: GETTY IMAGES</figcaption>
Credit: GETTY IMAGES

It's a jungle out there on the Internet. With countless viruses, applets, and attachments on the loose, you might say that the systems designed to protect our computers are facing the kind of challenges that confront animal immune systems in a crowded environment.

That's why Stephanie Forrest, a professor of computer science at the University of New Mexico, Albuquerque, calls this "computing in the wild." She argues that computer scientists could learn some powerful lessons from biology about how to develop security systems that can cope with this teeming software ecosystem. Forrest is a pioneer in computer immune system research, a field that aims to take the important attributes of biological immune systems and use them to enhance the protection of our computers.

For a start, computer security could use some of the autonomy that biological systems possess. "Our computer systems don't work well enough to be trusted to run without human supervision," Forrest says. "Biological systems do this routinely."

Second, online security lacks the kind of adaptability and self-repair that are a hallmark of functioning immune systems. This inflexibility means that computer security systems don't adapt to new classes of threats and often can't even adapt to minor variations on existing forms of attack. "Thus, when a new attack is devised and launched, computer security systems generally have no way of dealing with it," says Forrest.

Adaptability is all the more important given that security systems could soon be facing threats that undergo their own kind of evolution. "In today's Internet, it is well-known how to launch attacks that are self-replicating and can spread on their own," Forrest says. "It seems to me that the only missing ingredient of an open-ended evolutionary process is a well-crafted form of automated mutation."

On that note, another attribute lacking in computer security is diversity. "Most computer defense systems are homogeneous," Forrest says. "That is, all copies of them are identical - for example, virus databases. This means that a virus that can get by one virus scanner can get by all of its identical copies."

To explain the value of diversity, she makes a biological analogy. "Most ecologists believe that it is risky to plant large tracts of land with a single crop, because such monocultures are vulnerable to invasion, say by insects or disease," she says. "This is quite similar to the idea of diversifying code, where the analogy would be between a single species and a single loaded binary."

In April, Forrest described one tool that she and her team have come up with to insert a little diversity into computer systems as a way to stymie outside attacks. Called RISE, for Randomized Instruction Set Emulation, it is a system that scrambles binary code on loading, then unscrambles it again when it needs to be executed.

The system is still being developed but has already received a positive response from one of the biggest names in computer technology. "When I presented the work at Intel [last year], they were quite supportive, both of the general idea of automated diversity and of the specific implementation in RISE," she says.

Meanwhile, the field of computer immune systems is flourishing worldwide, says Peter Bentley from University College London, who studies computation based on biological principles. "Stephanie Forrest was perhaps one of the first doing research into the immune system and computers," he says. "Since then the whole field has really grown."

"The area is attracting interest because the immune system has this interesting capability of being able to detect something it hasn't seen before," Bentley says. "The trouble, it's just so complex."