Abstract
Modern information attacks are perpetrated by the deployment of computer worms that propagate extremely fast leaving little or no time for human intervention. This paper presents the concept of a fully automatic computer network security system capable of timely detection and mitigation of information attacks perpetrated by self-replicating malicious software. The system will detect an attack and synthesize and deploy specialized self-replicating anti-worm software for attack mitigation with a capability to alter the network topology to quarantine infected portions of the network. Special technologies allowing for the observability and controllability of the overall process will be implemented thus facilitating the deployment of advanced control schemes to prevent an overload of the network bandwidth. Particular components of this system have been developed by the authors or suggested in literature thus suggesting its feasibility. The implementation aspects of the described system are addressed. The technology described herein emulates immune defenses honed to perfection by million-year evolution to assure the safety and dependability of future computer networks. It presents a new paradigm in computer network security.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Skormin, V.: AFOSR CONTRACT # FA9550-05-1-0361, $ 599k, Principal Investigator
Skormin, V., Summervillev, D., Moronski, J., McGee, D.: Detecting Malicious Codes by the Presence of their Gene of Self-Replication. In: Gorodetsky, V., Popyack, L.J., Skormin, V.A. (eds.) MMM-ACNS 2003. LNCS, vol. 2776, pp. 195–205. Springer, Heidelberg (2003).
Kephart, J.O., White, S.R.: Directed-graph epidemiological models of computer viruses. In: Proceedings of the IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Los Alamitos (1991)
Kephart, J.O., White, S.R.: Measuring and Modeling Computer Virus Prevalence. In: Proceedings of the IEEE Symposium on Security and Privacy, IEEE Computer Society Press, Los Alamitos (1993)
Kephart, J.O., White, S.R., Chess, S.R.: Computers and Epidemiology. In: IEEE Spectrum, IEEE Computer Society Press, Loss Alamitos (1993)
Kephart, J.: A Biologically Inspired Immune System for Computers. IBM Thomas J. Watson Research Center, High Integrity Computing Laboratory (1994).
Kephart, J.O.: How topology affects population dynamics. In: Langton, C. (ed.) Artificial Life III. Studies in the Sciences of Complexity. pp. 447–463 (1994)
Kephart, J., Sorkin, G., Chess, D., White, S.: Fighting Computer Viruses, Scientific American (November 1997).
Kephart, J., Sorkin, G., Chess, D., Swimmer, M., White, S.: Blueprint for a Computer Immune System. In: The Virus Bulletin International Conference in San Francisco (October 1997)
Moore, D., Shanning, C., Claffy, K.: CodeRed: a case study on the spread and victims of an Internet worm. In: Proceedings of the 2nd Internet Measurement Workshop (2002)
Moore, D., Savage, S., Shannon, C., Staniford, S., Weaver, N.: Inside the Slammer worm. IEEE Security and Privacy (2003)
PastorSatorras, R., Vespignani, A.: Epidemics and immunization in scalefree networks. Handbook of Graphs and Networks: From the Genome to the Internet (2002)
PastorSatorras, R., Vespignani, A.: Immunization of complex networks. Physical Review E 65 (2002)
Boguna, M., PastorSatorras, R.: Epidemic spreading in correlated complex networks. Physical Review E 66 (2002)
Wang, C., Knight, J.C., Elder, M.C.: On Computer Viral Infection and the Effect of Immunization. In: Proceedings of the 16th Annual Computer Security Applications Conference (2000)
Zou, C.C., Towsley, D., Gong, W.: On the Performance of Internet Worm Scanning Strategies. Univ. Massachusetts Amherst Technical Report TR-03-CSE-07 (2003)
Zou, C., Gong, W., Towsley, D.: Code Red Worm Propagation Modeling and Analysis In: Proceedings of 9th ACM Conference on Computer and Communication Security (2002)
Kim, J., Radhakrishnan, S., Dhall, S.: Measurement and analysis of worm propagation on Internet Network Topology. School of Computer Science, University of Oklahoma, USA (2003).
Wang, Y., Chakrabati, D., Wang, C., Faloutsos, C.: Epidemic spreading in real networks: an Eigen value viewpoint. In: Proceedings of 22nd International Symposium on Reliable Distributed Systems, October, 2003 (2003).
Zou, C.C., Gong, W., Towley, D.: Worm Propagation Modeling and Analysis under Dynamic Quarantine Defense. In: Proceedings of WORM’03, October 2003 (2003)
Liljenstam, M., Nicol, D.M.: Comparing passive and active worm defenses. In: Proceedings of the First International Conference on the Quantitative Evaluation of Systems, September 2004 (2004)
Nicol, D., Liljenstam, M.: Models of Active Worm Defenses, Coordinated Science Laboratory, University of Illinois (2004).
Brumley, D., Liu, L., Poosankam, P., Song, D.: Taxonomy and Effectiveness of Worm Defense Strategies. School of Computer Science, Carnegie Mellon University (June 2005)
Kim, J., Radhakrishnan, S., Dhall, S.: Optimal Control of Treatment Costs for Internet Worm. In: Proceedings of WORM’04, October 2004 (2004)
Castañeda F., Sezer E., Xu J.: WORM vs. WORM: Preliminary Study of an Active Counter-Attack Mechanism. In: Proceedings of WORM’04 (October 2004)
Sidiroglou, S., Keromytis, A.D.: Countering network worms through automatic patch generation. IEEE Security and Privacy (2005).
Liang, Z., Sekar, R.: Fast and automated generation of attack signatures: A basis for building self-protecting servers. In: Proceedings of CCS (2005)
Liang, Z., Sekar, R.: Automatic Generation of Buffer Overflow Attack Signatures: An Approach Based on Program Behavior Models. In: Proceedings of ACSAC (2005)
Skormin, V., Summervillev, D., Moronski, J., McGee, D.: Biological Approach to System Information Security (BASIS): A Molti-Agent Approach to Information Security. In: Mařík, V., Müller, J.P., Pěchouček, M. (eds.) CEEMAS 2003. LNCS (LNAI), vol. 2691 pp. 435–444. Springer, Heidelberg (2003).
Tarakanov, A., Skormin, V., Sokolova, S.: Immunocomputing: Principles and Applications, Springer, New York (2003).
Volynkin, A., Skormin, V., Summerville, D., Moronski J.: Evaluation of Run-Time Detection of Self-Replication in Binary Executable Malware. In: Proceedings of the 7th IEEE Systems, Man and Cybernetics Information Assurance Workshop (June 2006)
Skormin, V., Volynkin, A., Summerville, D., Moronski, J.: Prevention of Information Attacks by Run-Time Detection of Self-Replication in Computer Codes. Computer Security Journal (to appear)
Brown, L.D., Cai, T.T., DasGupta, A.: Interval Estimation for a Binomial Proportion. Statistical Science 16, 1101–1174 (2001)
Landau, Y.D.: Adaptive Control. The Model Reference Approach. Marcel Dekker, Inc.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Skormin, V., Shiryayeva, O., Tokhtabayev, A., Moronski, J. (2007). Towards Fully Automatic Defense Mechanism for a Computer Network Emulating Active Immune Response. In: Gorodetsky, V., Kotenko, I., Skormin, V.A. (eds) Computer Network Security. MMM-ACNS 2007. Communications in Computer and Information Science, vol 1. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-73986-9_25
Download citation
DOI: https://doi.org/10.1007/978-3-540-73986-9_25
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-73985-2
Online ISBN: 978-3-540-73986-9
eBook Packages: Computer ScienceComputer Science (R0)