Biologically Inspired Defenses Against Computer Viruses

previous

Next Introduction

Biologically Inspired Defenses Against Computer Viruses

Jeffrey O. Kephart, Gregory B. Sorkin,
William C. Arnold, David M. Chess,
Gerald J. Tesauro, - Steve R. White
High Integrity Computing Laboratory
IBM Thomas J. Watson Research Center
Yorktown Heights NY 10598

tex2html_wrap545

Abstract:

Today's anti-virus technology, based largely on analysis of existing viruses by human experts, is just barely able to keep pace with the more than three new computer viruses that are written daily. In a few years, intelligent agents navigating through highly connected networks are likely to form an extremely fertile medium for a new breed of viruses. At IBM, we are developing novel, biologically inspired anti-virus techniques designed to thwart both today's and tomorrow's viruses. Here we describe two of these: a neural network virus detector that learns to discriminate between infected and uninfected programs, and a computer immune system that identifies new viruses, analyzes them automatically, and uses the results of its analysis to detect and remove all copies of the virus that are present in the system. The neural-net technology has been incorporated into IBM's commercial anti-virus product; the computer immune system is in prototype.

Introduction
Background

Computer viruses and worms
Virus detection, removal and analysis

Generic Detection of Viruses

Feature selection
Classifier training and performance

A Computer Immune System

Anomaly detection
Scanning for known viruses
Virus removal
Decoys
Automatic virus analysis
Automatic signature extraction
Immunological memory
Fighting self-replication with self-replication

Conclusion and Perspective
References

previous

Next Introduction

back to index