What about the security of computers to do with antibodies, antigens and lymphocytes? To answer the question, just ask another question: if computers are infected with viruses, why not give them an immune system?It was with this analogy in mind that Isabela Liane de Oliveira, who is a computer scientist, began studying immunology, to try to give computers their own “digital immune system.”
This is the basis of a relatively new line of research in computer science.Inspired by the immune defense mechanisms, researchers want to create intelligent systems capable of detecting cyber pests known generically as malware (Englishmalicious software ) that abound on the Internet.
Malware programs are usually created to damage the operation of a computer or steal sensitive data it almost always aiming criminal.
Depending on how you act and replicate themselves, malware can be classified as viruses, Trojans, worms (worms), spyware (spyware) etc..
“The differences between them are small, in practice we call all virus”, simplifies Cansian Adriano Mauro, head of the Laboratory of Computer Security UNESP in Sao Jose do Rio Preto, who supervised the research of Isabela.
While antivirus depend on a constant updating, so they can recognize each new malware that appears, the intent of this new line of research is to provide computer capacity to detect something strange and unknown, that may be inoculated as threatening places do no harm .
“As attacks change standard very quickly, the ideal is a system [of protection] with some degree of adaptability to accompany these changes,” explains Cansian.
Trap for malware
Drawing on an analogy with the immune system, the system developed by Isabela and Cansian aims at detecting new malware in computer networks – networks would be the equivalent to the body.
The first step is to capture the malware, which can be done in two ways. One is the simulation of a fully unprotected, it will work as a trap. The other depends on the collaboration of users, which may enable a program analyzer to connect to the email server and search your personal messages.
“These programs do not violate users’ privacy”, says Isabella. “Just look seemingly malicious codes, which are contained mainly in the links and attachments.”
By finding suspects, the immune system makes a digital copy of them.
Then, copies of collected malware is executed on a computer to own it.
The goal is to analyze the flow of data into the machine and network traffic. A Trojan horse, for example, can strive to capture the password to access the bank’s website and send it to the creator of the malware that may be on the other side of the world. Isabela notes that sensitive data, such as access to bank accounts, are never accessed or stored by the system for malware detection.
At this stage there is also the so-called “negative selection”, similar to what makes the immune system. In the human body, the immune cells are a kind of checking to ensure that the suspect is actually an alien element and is not being confused with something of their own body. This is important because some malware do things like any other program, to disguise their identity, Isabela explains.
If it is proved that the suspect is actually a malware, this whole outfit is removed, she explained, leaving only the part actually malicious code. With her are generated “signatures” that go into a database. They will act as receptors of immune cells, which have affinity with the foreign element.
Just as immune cells such as macrophages and T lymphocytes circulate through the bloodstream, the system developed by researchers monitors the network traffic.
And every time it detects a data stream (antigen) compatible with some of the signatures stored in the database (receiver), will automatically generate an alert to the network administrator, informing it of the measures that should be taken to eliminate this evil specific .
Layers of security
Such systems have been developed and tested by computer scientists in various parts of the world and are still far from becoming commercial solutions. “It’s really a research frontier,” says Cansian.
He said the idea is not to replace other security methods, but adding another defense mechanism, whose differential adaptability. “Good security should have multiple layers, if one falls, the other has.”
Although research such as Isabela have their results publicly, no one in the area like to talk a lot of details, “for obvious reasons”, according Cansian.
“The protection method is part of the security chain. You need this care for creation malware is already a big deal, a tool of organized crime,” he says.