Towards fully automatic defense mechanism for a computer network emulating active immune response

Abstract

Modern information attacks are perpetrated by the deployment of computer worms that propagate extremely fast leaving little or no time for human intervention. This paper presents the concept of a fully automatic computer network security system capable of timely detection and mitigation of information attacks perpetrated by self-replicating malicious software. The system will detect an attack and synthesize and deploy specialized self-replicating anti-worm software for attack mitigation with a capability to alter the network topology to quarantine infected portions of the network. Special technologies allowing for the observability and controllability of the overall process will be implemented thus facilitating the deployment of advanced control schemes to prevent an overload of the network bandwidth. Particular components of this system have been developed by the authors or suggested in literature thus suggesting its feasibility. The implementation aspects of the described system are addressed. The technology described herein emulates immune defenses honed to perfection by million-year evolution to assure the safety and dependability of future computer networks. It presents a new paradigm in computer network security. © Springer-Verlag Berlin Heidelberg 2007.