[ Pobierz całość w formacie PDF ]
countered. The clonal selection theory gained favor in
can send a signal to neighboring machines. The signal
the 1960's, and is currently accepted [Paul, 1991].
conveys to the recipient the fact that the transmitter
Our automatic signature extraction method starts out was infected, plus any signature or repair information
looking like the template theory. Instead of generating that might be of use in detecting and eradicating the
a large random collection of signatures that might turn virus. If the recipient finds that it is infected, it sends
out to be useful someday, we take the collection of code the signal to its neighbors, and so on. If the recipient
994 INVITED SPEAKERS
is not infected, it does not pass along the signal, but
in London by plotting the addresses of victims on a city
at least it has received the database updates, effectively
map [Bailey, 1975].
immunizing it against that virus.
The macroscopic approaches of Snow and Bernoulli
Theoretical modeling has shown the kill signal to
proved fruitful even before bacteria and viruses were
be extremely effective, particularly in topologies that
identified as the underlying cause of infectious disease in
are highly localized or sparsely connected [Kephart and
the late 19th century. During the 20th century, research
White, 1993; Kephart, 1994b].
at the microscopic level has supplemented epidemiology.
Electron microscopy and X-ray crystallography brought
5 Conclusion and Perspective
the structure of viruses into view in the 1930's, and the
fascinating complexities of their life cycle and biochem-
The development of the generic virus detector and the
istry began to be studied intensively in the mid-1940's.
computer immune system were primarily motivated by
These advances established terra firm a on which math-
practical concerns: human virus experts are on the verge
ematical epidemiologists could build their models.
of being overwhelmed, and we need to automate as much
Today, epidemiologists, in the detective role pioneered
of what they do as possible.
by John Snow, discover new viruses [Garrett , 1994].
The generic virus detector was incorporated into IBM
Biochemists, molecular biologists, and geneticists work
Antivirus in May, 1994, and since that time it has suc-
to elucidate the secrets of viruses, and to create safe and
cessfully identified several new boot viruses. It is the
effective vaccines for them. Epidemiologists use intuition
subject of a pending patent. Most of the components
and mathematics to develop plans for immunizing popu-
of the computer immune system are functioning as very
lations with these vaccines. The eradication of smallpox
useful prototypes in our virus isolation laboratory; we
from the planet in 1977 is probably the greatest triumph
use them every day to process the large sets of new
of this multi-disciplinary collaboration.
viruses that arrive in the mail from other virus experts
around the world. The immune system itself is the sub- Interestingly, the history of man's defense against
ject of a pending patent, as are several of its components, computer viruses is almost exactly reversed. Computer
including automatic virus analysis and automatic signa- viruses were first understood at the microscopic level,
ture extraction. thanks to the pioneering work of Fred Cohen in the
Our eventual goal is to incorporate the immune sys- early 1980's [Cohen, 1987]. As soon as the first DOS
tem into I BM Antivirus and, a few years from now, in viruses began to appear in 1987 [Highland, 1990], they
were dissected in great detail, and the first primitive
networks inhabited by itinerant software agents. More
anti-virus software was written. It was not until 1990
implementation and more invention, guided in part by
that the first real attempts were made to understand
the biological metaphor, lie ahead.
the spread of computer viruses from a macroscopic per-
Although our primary motivation for developing a
spective [Kephart and White, 1991; 1993; Tippett, 1990;
computer immune system is practical, it is interesting
1991]. Finally, in the mid-1990's, we are proposing to
to adopt a more philosophical perspective.
give computers what humans and other vertebrates have
[ Pobierz całość w formacie PDF ]