This rise in complexity and the resulting rise in human cost of configuration and maintenance of software applications has spurred interest in self-healing, hoping to shift much of the burden of this configuration and maintenance back to the software. The idea is that, like its biologically analogous namesake, a self-healing system would detect the presence of nonfunctioning or, more challengingly, malfunctioning components and initiate some response to continue proper overall functionality, preferably without any centralized or external force such as a system administrator required.
The most common implementation today seems to be one of reconfiguration: if a fault is detected, a spare hardware component is brought into play. However, one research project that is inspired very explicitly by biology is Swarm at the University of Virginia. Additionally, they can emit signals at various strengths and respond to the aggregate strength of signals in the environment. For example, a system set to grow to a certain size would start with a single cell that emitted a small amount of signal and with a program set to reproduce if the aggregate signal was at a certain threshold.
Until the total amount of signal exceeded that threshold, the cells would continue to divide, but they would stop once the threshold was exceeded. If cells were to fail or otherwise be deleted, other cells would respond by dividing again to bring the signal back to the threshold. This is indeed a primitive form of self-healing. However, this programming model is unlikely to catch on for complex tasks without significant higher-level abstractions available. Selvin, D. Evans, and L. The mammalian immune system is an information processor—this is clear from its ability to distinguish between self and nonself.
Recommended for you
Section 5. Some have thus been drawn to the architecture of the immune system as a paradigm of information processing that might be useful in solving a variety of different computational problems. Immunological approaches have been proposed for solving problems in computer security, semantic classification and query, document and e-mail classification, collaborative filtering problem, and optimization.
Computer and network security is intended to keep external threats at bay, and this remains an intellectually challenging problem of the highest order. It is useful to describe two general approaches to such security problems. The first, widely in use today, is based on the notion of what might be called environmental control—the idea that by adequately controlling the environment in which a computer or network functions, better security can be obtained. The computer or network environment is defined broadly, to include security policy who should have what rights and privileges , resources e.
In support of this approach, a number of reports 39 cite security problems that arise from flaws in security policy, bugs in programs, and configuration errors and argue that correcting these flaws, bugs, and errors will result in greater security. A complementary approach is to take as a given the inability to control the computing or network environment.
Note that there is nothing mutually exclusive about the two approaches—both could be used in the design of an effective overall approach to system or network security. For inspiration in addressing problems in computer security, some researchers have considered the immune system and the unpredictable and largely hostile environment in which it functions. A variety of loose analogies between computer security and immunology are intuitively obvious, and there is clearly at least a superficial conceptual connection between the protection afforded to. The discussion in Section 8. For a view of the immune system as information processor, see S.
Forrest and S. Segal and I. Cohen, eds. For an overview of various applications of an immunological computing paradigm, see www. This discussion is based on A. Somayaji, S. Hofmeyr, and S. One of the first papers to suggest that self-nonself discrimination, as used by the immune system might be useful in computer security was by S. Forrest, A. Perelson, L.
- Yaochu Jin - Resume.
- Portrait of Johnny: The Life of John Herndon Mercer.
- Case Study of It Chargeback in a Government Agency;
- Reward Yourself.
Allen, and R. This paper focused mainly on the issue of protection against computer viruses but set the stage for a great deal of subsequent work. The following examples are adapted from Somayaji et al. Protecting active processes on a single host.
Inspired by Your Shopping History
For this application, a computer running multiple processes might be conceptualized as a multicellular organism in which each process is analogous to a cell. An adaptive immune system could be a detector process that queried other processes to see whether they were functioning normally.
If not i. One approach to detection positive detection is based on the establishment of a profile of observed normal behaviors and using that profile to notice when a program behaves abnormally. Protecting a network of computers. For this application, each computer in a network might be conceptualized as a cell in an individual. Each process would still be considered as a cell, but now an individual is a network of computers. Another possible analogy for the network of computers is that each computer represents a single organism and population-level protections are achieved by the collective group through independence, diversity, and sharing of information.
An adaptive detector process could be implemented as described above, with the added feature that these detectors could migrate between computers, thereby enabling all computers on the network to benefit from the detection of a problem on one of them. Protecting a network of disposable computers. This application is similar to that described above, with the addition that when an anomaly is detected, the problematic machine can be isolated, rebooted, or shut down. If the true source of the anomaly were outside the network, a detector process or system could stand in for the victimized machine, doing battle with the malicious host and potentially sacrificing itself for the good of the network.
Note that this application requires that hosts be more or less interchangeable—otherwise the network could not afford the loss of a single host. The immune system exhibits a number of characteristics—one might call them design principles—that could reasonably describe how effective computer security mechanisms might operate in a computer system or network.
As in Section 5. For example, the immune system is: Distributed , in the sense that it has no central point of control. Instead, the components of the immune system interact locally to mount responses to foreign pathogens e. Diverse , in the sense that because of the ways in which pathogen detectors are produced, each individual human being can detect a somewhat different set of pathogens—a diversity that protects.
An alternative approach is to use a randomly generated detector or set of detectors, living for a limited amount of time, after which it would be replaced by another detector. Detectors that proved particularly useful during their lifetimes e.
This approach has been used by Forrest et al. This discussion of the immune system is based on S. A distributed, mobile agent architecture for security was also proposed in M.
- The Floodgates (The Barclay Family Adventures 2);
- Product description;
- Baltimore Noir!
- CSDL | IEEE Computer Society.
Crosbie and G. By contrast, computer system monoculture i. Autonomous , in the sense that it classifies and eliminates pathogens and repairs itself by replacing damaged cells without the benefit of any centralized control mechanism. Tolerant of error , in the sense that some mistakes in identification of pathogens false positives or false negatives are not generally fatal and do not cause immune system collapse, although they can cause lingering autoimmune disease.
Dynamic , in the sense that pathogen detectors are continually being produced to replace those that are routinely destroyed. These detectors, circulated through the body, provide whole-body protection and may be somewhat different in each new generation in that they respond to different pathogens.
Because these detectors turn over, the immune system has a greater potential coverage.
By contrast, protection against computer viruses, for example, is based on the notion that all threat viruses are known—and most antiviral systems are unable to cope with a new virus for which no signature is known. Computer systems must also adapt to new environments, as for example, when new software is added legitimately, as well as identify new threats. Imperfect , in the sense that individual pathogen detectors do not identify pathogens perfectly, but rather respond to a variety of pathogens.
Greater specificity is obtained through redundant detection of a pathogen using different detector types. By contrast, computer security systems that look for precise signatures of intruders e. Redundant , in the sense that multiple and different immune system detectors can recognize a pathogen. Pathogens generally contain many parts, called epitopes, that are recognized by immune system detectors; thus, failure to recognize one epitope is not fatal because many others are available for recognition.
Homeostatic , in the sense that the immune system can be regarded as one mechanism through which the human body seeks to maintain a stable internal state despite a changing environment. At a deeper level, it is instructive to ask whether the particular methods by which the immune system achieves these characteristics implements these design principles have potential relevance to computer security.
To address this issue, deeper and more detailed immunological knowledge is necessary, but some work has been done in this area and is described below. This point suggests that detection mechanisms are biased to be more tolerant of false negatives than false positives, because threats that are unaffected by one layer i. Somayaji and S. To detect pathogens, the immune system generates detectors that can bind to pathogens, and only to pathogens i. A detector binding to a pathogen is the marker of a detection event.
To vastly simplify a complex process, the immune system first generates detectors at random. Through a process known as tolerization, detectors that bind to self are destroyed, leaving only detectors that bind to nonself at the end; these detectors are called mature. Mature detectors are released throughout the body; if they do not bind to a nonself entity in some period of time several days?
Those that do bind to nonself entities are regarded as activated detectors. However, an activated detector must receive a second, independent signal created by the binding of another type of detector to the same pathogen costimulation to become capable of surviving for a long period of time. These long-term survivors are memory detectors that enable subsequent immune responses to be generated much more rapidly and are the basis for long-term immunity.
Memory detectors have lifetimes that range from days to the lifetime of an organism, and the underlying mechanisms governing their lifetimes are not well understood. In the context of computer security, Forrest and Hofmeyr have described models for network intrusion detection and virus detection. Each connection is defined by a triplet consisting of the addresses of the two parties in communication with each other and the port over which they communicate a total of 49 bits , and the set of all triplets normal triplets generated during a training period represents, by definition, normal operation of the network.
When the network operates outside the training period, the intrusion detection system generates random detector strings that are 49 bits in length.
Related Nature-Inspired Computing for Control Systems
Copyright 2019 - All Right Reserved