Conclusion and PerspectiveThe development of the generic virus detector and the computer immune system were primarily motivated by practical concerns: human virus experts are on the verge of being overwhelmed, and we need to automate as much of what they do as possible. The generic virus detector was incorporated into IBM AntiVirus in May, 1994, and since that time it has successfully identified several new boot viruses. It is the subject of a pending patent. Most of the components of the computer immune system are functioning as very useful prototypes in our virus isolation laboratory; we use them every day to process the large sets of new viruses that arrive in the mail from other virus experts around the world. The immune system itself is the subject of a pending patent, as are several of its components, including automatic virus analysis and automatic signature extraction. Our eventual goal is to incorporate the immune system into IBM AntiVirus and, a few years from now, in networks inhabited by itinerant software agents. More implementation and more invention, guided in part by the biological metaphor, lie ahead. Although our primary motivation for developing a computer immune system is practical, it is interesting to adopt a more philosophical perspective. Consider the history of how humans have handled disease. For millions of years, our sole defense against infectious disease was our immune system, and it has done a good job of defending us from most infectious diseases. When we are suffering from the common cold, we may experience a few days of discomfort while the immune system figures out how to recognize and eradicate the virus, but we usually survive the attack. However, a minority of diseases, like smallpox or AIDS, are not handled effectively by the immune system. Fortunately, during the last few centuries, we have made tremendous advances in our understanding of infectious diseases at both the macroscopic and microscopic levels, and medical practices based on this understanding now augment the capabilities of our natural immune system. A few hundred years ago, disease began to be understood at the macroscopic level. In 1760, Daniel Bernoulli, the founder of mathematical physics, was interested in determining whether a particular form of inoculation against smallpox would be generally beneficial or harmful to society. Formulating and solving a mathematical model, he found that inoculation could be expected to increase the average life expectancy by three years. His work founded the field of mathematical epidemiology [Bailey1975]. Observational epidemiology received a major boost from John Snow, who in 1854 was able to deduce the origin of a severe cholera outbreak in London by plotting the addresses of victims on a city map [Bailey1975]. The macroscopic approaches of Snow and Bernoulli proved fruitful even before bacteria and viruses were identified as the underlying cause of infectious disease in the late 19th century. During the 20th century, research at the microscopic level has supplemented epidemiology. Electron microscopy and X-ray crystallography brought the structure of viruses into view in the 1930's, and the fascinating complexities of their life cycle and biochemistry began to be studied intensively in the mid-1940's. These advances established terra firma on which mathematical epidemiologists could build their models. Today, epidemiologists, in the detective role pioneered by John Snow, discover new viruses [Garrett 1994]. Biochemists, molecular biologists, and geneticists work to elucidate the secrets of viruses, and to create safe and effective vaccines for them. Epidemiologists use intuition and mathematics to develop plans for immunizing populations with these vaccines. The eradication of smallpox from the planet in 1977 is probably the greatest triumph of this multi-disciplinary collaboration. Interestingly, the history of man's defense against computer viruses is almost exactly reversed. Computer viruses were first understood at the microscopic level, thanks to the pioneering work of Fred Cohen in the early 1980's [Cohen1987]. As soon as the first DOS viruses began to appear in 1987 [Highland1990], they were dissected in great detail, and the first primitive anti-virus software was written. It was not until 1990 that the first real attempts were made to understand the spread of computer viruses from a macroscopic perspective [Kephart and White1991, Kephart and White1993, Tippett1990, Tippett1991]. Finally, in the mid-1990's, we are proposing to give computers what humans and other vertebrates have always relied upon as a first line of defense against disease: an immune system. The Center for Disease Control does not get worked up when a new strain of the common cold sweeps through a population. Instead, they concentrate their limited resources on finding cures for horrible diseases such as AIDS. Currently, the world community of anti-virus researchers (the computer equivalent of the CDC) squanders lots of time analyzing the computer equivalents of the common cold. Our hope is that a computer immune system will deal with most of the standard, run-of-the-mill viruses quietly and effectively, leaving just a small percentage of especially problematic viruses for human experts to analyze.
|