Center for Strategic Assessment and forecasts

Autonomous non-profit organization

Home / Defence and security / / Articles
A new approach to the organization protection against computer viruses
Material posted: -Publication date: 23-09-2002

The mass distribution of computer viruses, as well as an active discussion in the press of plans of information warfare with participation of hackers to suppress the enemy's control systems and data transmission has led to the fact that the question of the establishment of countermeasures and protection acquires a new quality. According to some foreign experts, the state, the losers in the information war, will be thrown back in its development for many decades.

Introduction to the problem

It is now clear that traditional methods of construction of systems of information protection will not bring the desired result. It is necessary to find fundamentally new approaches to solving this problem. This article is intended to give "food for thought" for developers of anti-virus systems, so they can look at your subject area from a different angle, namely from the side of Nature that created probably the most perfect protection system - the body's immune system.

Apologies for the style: he is more biomedical than a computer, and quite difficult to understand the techie - technical slang is problematic to describe a different subject area. I just wanted to show a new direction of development of anti-virus protection systems, and this is a fairly General ideas about genetics and immunology.

Those who will enjoy the beauty of the functioning of such a complex system, which is the body's immune system, the author invites to cooperation in the development of fundamentally new directions in computer science - evolutionary software development, which is based on the assumption of functional and structural similarity of computer programs and organic protein.

It should be noted that part of the immunology and Microbiology of this material is based on work [1].

 

Viral technologies of the XXI century

Already developed a number of algorithms allowing to write viruses, which are fundamentally impossible to detect by any of existing methods. Many say that self-modifying code in an arbitrary way to simply impossible, at least for the Intel architecture [2]. In any case, there are strict limits, which allow the same operation to implement a limited number of ways. These methods, known in advance that, in principle, allows to list all the key fragments of the virus, and it means unmistakably to recognize them.

However, if we assume that the processor architecture may be arbitrary, or even dynamically synthesized in the implementation process, as is done in [2], it is enough to write an emulator of the corresponding processor - a kind of virtual machine that will execute the virus code, built on certain principles. It is important that the implementation of virtual machines can be arbitrary. Today you can find software emulators of many popular in the 1980-ies of the machines: from "spectrum" to BK-0010. Must take into account the fact that emulators can be generated automatically.

As noted in [2], a virus written on a virtual machine, is very time-consuming to analyze with traditional methods. Hence, we need automatic tools to combat this kind of destructive programs. The only question is, what principles should be based this antivirus system? The answer is surprisingly simple: on the principles of the human immune system. Indeed, our body operates an excellent system that can deal with billions of pathogenic antigens. And somehow she on the shoulder and not such "polymorphic"!

 

A bit of theory

The immune system formed in the process of evolution as a means of protection from infection by microorganisms, have of all vertebrates (including humans). Invertebrates have a protective system more primitive: they are usually based on cells, solvent pathogenic antigens.

High specificity is a fundamental feature of all immune responses. The ability to distinguish someone else from her - the second fundamental property of the immune system.

Almost any macromolecule foreign to the organism of the recipient, can induce an immune response. A substance that can induce an immune response, called an antigen (i.e. antibody generator). The most amazing thing is that the immune system can even distinguish between very similar antigens, for example two proteins differing by only one amino acid.

Amazing ability to recognition makes the immune system almost unique among cellular systems, only more complicated nervous system. Both systems consist of a large number of cells organized in a complex network. In such a network between the individual cells possible positive and negative interactions, and the response of one cell is distributed in the system and affects many other cells.

Unlike neurons, are relatively rigidly fixed in space, cells, components of the immunological network that is constantly moving and only briefly interact with each other.

There are two main types of immune responses: humoral responses and immune responses of cell type.

Humoral responses are associated with production of antibodies - proteins called immunoglobulins. Linking with antibodies inactivate viruses. Associated antibodies serve as markers for microorganisms to be destroyed.

The response of the cellular type is the second type of immune responses. It is the formation of specialized cells that react with foreign antigen on the surface of other cells of the body. The reacting cell can kill a cell infected with a virus and having on its surface viral proteins, that is to destroy the infected cell before the completion of the replication process. In other cases, the cell reaction consists in the generation of chemical signals that stimulate the destruction of invading microorganisms by macrophages.

The specificity of the immune response responsible lymphocytes - one of the groups of white blood cells. The total number of lymphocytes in the human body is about 2 1012; the cell mass of the human immune system is comparable to the brain. Two major classes of immune responses are determined by two classes of lymphocytes: T cells responsible for cellular immunity, while b cells produce antibodies.

Most of the T-lymphocytes in the immune system plays a regulatory role, enhancing or suppressing the response of other leukocytes. These cells, called, respectively, T-helpers and T-suppressors, are combined in a group of regulatory cells. Other T lymphocytes, called cytotoxic T-cells kill cells infected with viruses. Since cytotoxic T-lymphocytes and b-lymphocytes are directly involved in protecting the body from infection, these two types of lymphocytes called effector cells.

The most striking property of the immune system is that it can respond to millions of foreign antigens, producing antibodies specifically interact with antigens. In addition, the immune system can produce antibodies to molecules created by man and not existing in nature. This and several other interesting facts have been explained with the so-called theory of clonal selection [1]. According to the above theory, each lymphocyte in the process of development acquires the ability to react with a specific antigen, has never met with him. This is because on the surface the cells appear proteins-receptors which specifically correspond to any antigen. If the cage will meet with the same antigen, its binding to the receptors activates the cell will cause its proliferation and maturation of her offspring.

Thus, a foreign antigen selectively stimulates those cells, which will be suited to specific receptors and therefore are bound to respond to this antigen.

Those portions of the antigen that interact with an antigen-binding portion of the antibody molecule or receptor on the lymphocyte, referred to as antigenic determinants.

A large part of the lymphocytes is in continuous circulation.

Constant circulation not only provides the meeting of the relevant lymphocytes to antigen, but also allows the lymphocytes need to meet each other: interactions between specific lymphocytes plays a crucial role in most immune responses.

The immune system, and nervous, has a memory. That is why it is possible to purchase a lifetime immunity to some diseases.

How the immune system distinguishes the body's own cells from "foreign"? One of the possible reasons that an organism inherits genes that encode receptors for foreign, but not self-antigens, so its immune system is programmed to respond only to foreign antigens.

Another reason is that the immune system might initially be able to answer on their own, and the foreign antigens, but in the early stages of development could learn not to answer them. Thus, the immune system can potentially react to the antigens in its own body, but learns not to do it.

I believe that training the immune system takes place by destruction of lymphocytes that respond to antigens own body.

Antibodies are proteins, and proteins encoded by the genes. Therefore, the diversity of antibodies is a complex genetic problem: how can the number of types of antibodies produced may exceed the number of genes in the genome of the organism? One of the important points regarding the creation of diversity of antibodies, lies in the fact that during development In cells of an organism's DNA undergoes restructuring.

It is experimentally shown that the frequency of somatic mutations in the gene sequences encoding the V-region, is estimated at 10-3 on a single pair of nucleotides, which is about a million times more likely to have a spontaneous mutation in other genes. This process is called somatic gipermetropiya. While in the V-regions after re-immunization rapidly accumulate point mutations.

Directed by the somatic antigen gipermetropiya performs fine control of the formation of antibodies as a result of maturation of affinity. Thus, affinity maturation is the result of repeated cycles of somatic gipermetropiya, followed by antigen-directed selection in the process of humoral response.

Antibodies not only protect the body from infections, but also play an important role in the regulation of immune responses themselves. Like the neurons in the nervous system, many lymphocytes, perhaps to a greater extent interact with each other than with the outside world, and then the immune response could be seen as a response independent antigen-reactive lymphocytes and how reverberate perturbation of the immunological network.

Diatopically the extent of this network in principle can be huge.

 

Artificial immune system ISC IBM

One of the most successful projects on the use of the above theoretical concept is the creation by IBM of the immune system of cyberspace (Immune System for Cyberspace, ISC), a working model of which was demonstrated in October 1997, held in San Francisco conference "Virus Bulletin'97".

IBM's antivirus technology is built on the basis of the model of the human immune system. Despite receiving several patents directly related to ISC, the work is not yet completed.

There is another proof of the relevance of this direction of work: in 1999, the American RAND Corporation, known as the nerve center of a number of law enforcement agencies of America, conducted a study which resulted in recommendations for choice of technologies that can provide the necessary level of information security the national information infrastructure and defense information infrastructure of the Ministry of defense. As the most promising technologies for the creation of systems of protection of information of new generation have been chosen technologies of formation the artificial immune system.

 

Conclusion

It is obvious that to create a system of information security of the computer network via a direct likeness of the human immune system is almost impossible and is not necessary. However, the fact that the immune system has reached perfection in the fight against pathogens and foreign antigens, suggests that many of the principles that have shaped the immune system, it is highly effective and can be used with the assumption that they will work not with biochemical antigens and with antigens of software, ie the information.

Along with this, the latest achievements in the field of creation of multi-agent intelligent systems allow us to hope that in the near future artificial immune system is established and its efficiency falls below the efficiency of its natural prototype.

 

Literature

[1] Alberta B., Bray D., Lewis J., Raff M., Roberts K., Watson J. Molecular biology of the cell: 3 vol. 2-e Izd., Rev. TRANS. from English. - M.: Mir, 1994.

[2] Kris Kaspersky, "Viruses: yesterday, today, tomorrow" // "Byte Russia", № 6, 1999, pp. 52-55.

Source: http://offline.computerra.ru/2002/430/15920/

Tags: threat


RELATED MATERIALS: Defence and security