Towards Fully Automatic Defense Mechanism for a Computer Network Emulating Active Immune Response

  • V. Skormin
  • O. Shiryayeva
  • A. Tokhtabayev
  • J. Moronski
Part of the Communications in Computer and Information Science book series (CCIS, volume 1)


Modern information attacks are perpetrated by the deployment of computer worms that propagate extremely fast leaving little or no time for human intervention. This paper presents the concept of a fully automatic computer network security system capable of timely detection and mitigation of information attacks perpetrated by self-replicating malicious software. The system will detect an attack and synthesize and deploy specialized self-replicating anti-worm software for attack mitigation with a capability to alter the network topology to quarantine infected portions of the network. Special technologies allowing for the observability and controllability of the overall process will be implemented thus facilitating the deployment of advanced control schemes to prevent an overload of the network bandwidth. Particular components of this system have been developed by the authors or suggested in literature thus suggesting its feasibility. The implementation aspects of the described system are addressed. The technology described herein emulates immune defenses honed to perfection by million-year evolution to assure the safety and dependability of future computer networks. It presents a new paradigm in computer network security.


Computer network computer worms immune response information attacks automatic systems 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Skormin, V.: AFOSR CONTRACT # FA9550-05-1-0361, $ 599k, Principal InvestigatorGoogle Scholar
  2. 2.
    Skormin, V., Summervillev, D., Moronski, J., McGee, D.: Detecting Malicious Codes by the Presence of their Gene of Self-Replication. In: Gorodetsky, V., Popyack, L.J., Skormin, V.A. (eds.) MMM-ACNS 2003. LNCS, vol. 2776, pp. 195–205. Springer, Heidelberg (2003).Google Scholar
  3. 3.
    Kephart, J.O., White, S.R.: Directed-graph epidemiological models of computer viruses. In: Proceedings of the IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Los Alamitos (1991)Google Scholar
  4. 4.
    Kephart, J.O., White, S.R.: Measuring and Modeling Computer Virus Prevalence. In: Proceedings of the IEEE Symposium on Security and Privacy, IEEE Computer Society Press, Los Alamitos (1993)Google Scholar
  5. 5.
    Kephart, J.O., White, S.R., Chess, S.R.: Computers and Epidemiology. In: IEEE Spectrum, IEEE Computer Society Press, Loss Alamitos (1993)Google Scholar
  6. 6.
    Kephart, J.: A Biologically Inspired Immune System for Computers. IBM Thomas J. Watson Research Center, High Integrity Computing Laboratory (1994).Google Scholar
  7. 7.
    Kephart, J.O.: How topology affects population dynamics. In: Langton, C. (ed.) Artificial Life III. Studies in the Sciences of Complexity. pp. 447–463 (1994)Google Scholar
  8. 8.
    Kephart, J., Sorkin, G., Chess, D., White, S.: Fighting Computer Viruses, Scientific American (November 1997).Google Scholar
  9. 9.
    Kephart, J., Sorkin, G., Chess, D., Swimmer, M., White, S.: Blueprint for a Computer Immune System. In: The Virus Bulletin International Conference in San Francisco (October 1997)Google Scholar
  10. 10.
    Moore, D., Shanning, C., Claffy, K.: CodeRed: a case study on the spread and victims of an Internet worm. In: Proceedings of the 2nd Internet Measurement Workshop (2002)Google Scholar
  11. 11.
    Moore, D., Savage, S., Shannon, C., Staniford, S., Weaver, N.: Inside the Slammer worm. IEEE Security and Privacy (2003)Google Scholar
  12. 12.
    PastorSatorras, R., Vespignani, A.: Epidemics and immunization in scalefree networks. Handbook of Graphs and Networks: From the Genome to the Internet (2002)Google Scholar
  13. 13.
    PastorSatorras, R., Vespignani, A.: Immunization of complex networks. Physical Review E 65 (2002)Google Scholar
  14. 14.
    Boguna, M., PastorSatorras, R.: Epidemic spreading in correlated complex networks. Physical Review E 66 (2002)Google Scholar
  15. 15.
    Wang, C., Knight, J.C., Elder, M.C.: On Computer Viral Infection and the Effect of Immunization. In: Proceedings of the 16th Annual Computer Security Applications Conference (2000)Google Scholar
  16. 16.
    Zou, C.C., Towsley, D., Gong, W.: On the Performance of Internet Worm Scanning Strategies. Univ. Massachusetts Amherst Technical Report TR-03-CSE-07 (2003)Google Scholar
  17. 17.
    Zou, C., Gong, W., Towsley, D.: Code Red Worm Propagation Modeling and Analysis In: Proceedings of 9th ACM Conference on Computer and Communication Security (2002)Google Scholar
  18. 18.
    Kim, J., Radhakrishnan, S., Dhall, S.: Measurement and analysis of worm propagation on Internet Network Topology. School of Computer Science, University of Oklahoma, USA (2003).Google Scholar
  19. 19.
    Wang, Y., Chakrabati, D., Wang, C., Faloutsos, C.: Epidemic spreading in real networks: an Eigen value viewpoint. In: Proceedings of 22nd International Symposium on Reliable Distributed Systems, October, 2003 (2003).Google Scholar
  20. 20.
    Zou, C.C., Gong, W., Towley, D.: Worm Propagation Modeling and Analysis under Dynamic Quarantine Defense. In: Proceedings of WORM’03, October 2003 (2003)Google Scholar
  21. 21.
    Liljenstam, M., Nicol, D.M.: Comparing passive and active worm defenses. In: Proceedings of the First International Conference on the Quantitative Evaluation of Systems, September 2004 (2004)Google Scholar
  22. 22.
    Nicol, D., Liljenstam, M.: Models of Active Worm Defenses, Coordinated Science Laboratory, University of Illinois (2004).Google Scholar
  23. 23.
    Brumley, D., Liu, L., Poosankam, P., Song, D.: Taxonomy and Effectiveness of Worm Defense Strategies. School of Computer Science, Carnegie Mellon University (June 2005)Google Scholar
  24. 24.
    Kim, J., Radhakrishnan, S., Dhall, S.: Optimal Control of Treatment Costs for Internet Worm. In: Proceedings of WORM’04, October 2004 (2004)Google Scholar
  25. 25.
    Castañeda F., Sezer E., Xu J.: WORM vs. WORM: Preliminary Study of an Active Counter-Attack Mechanism. In: Proceedings of WORM’04 (October 2004)Google Scholar
  26. 26.
    Sidiroglou, S., Keromytis, A.D.: Countering network worms through automatic patch generation. IEEE Security and Privacy (2005).Google Scholar
  27. 27.
    Liang, Z., Sekar, R.: Fast and automated generation of attack signatures: A basis for building self-protecting servers. In: Proceedings of CCS (2005)Google Scholar
  28. 28.
    Liang, Z., Sekar, R.: Automatic Generation of Buffer Overflow Attack Signatures: An Approach Based on Program Behavior Models. In: Proceedings of ACSAC (2005)Google Scholar
  29. 29.
    Skormin, V., Summervillev, D., Moronski, J., McGee, D.: Biological Approach to System Information Security (BASIS): A Molti-Agent Approach to Information Security. In: Mařík, V., Müller, J.P., Pěchouček, M. (eds.) CEEMAS 2003. LNCS (LNAI), vol. 2691 pp. 435–444. Springer, Heidelberg (2003).Google Scholar
  30. 30.
    Tarakanov, A., Skormin, V., Sokolova, S.: Immunocomputing: Principles and Applications, Springer, New York (2003).zbMATHGoogle Scholar
  31. 31.
    Volynkin, A., Skormin, V., Summerville, D., Moronski J.: Evaluation of Run-Time Detection of Self-Replication in Binary Executable Malware. In: Proceedings of the 7th IEEE Systems, Man and Cybernetics Information Assurance Workshop (June 2006)Google Scholar
  32. 32.
    Skormin, V., Volynkin, A., Summerville, D., Moronski, J.: Prevention of Information Attacks by Run-Time Detection of Self-Replication in Computer Codes. Computer Security Journal (to appear)Google Scholar
  33. 33.
    Brown, L.D., Cai, T.T., DasGupta, A.: Interval Estimation for a Binomial Proportion. Statistical Science 16, 1101–1174 (2001)MathSciNetGoogle Scholar
  34. 34.
    Landau, Y.D.: Adaptive Control. The Model Reference Approach. Marcel Dekker, Inc.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • V. Skormin
    • 1
  • O. Shiryayeva
    • 1
  • A. Tokhtabayev
    • 1
  • J. Moronski
    • 1
  1. 1.Binghamton UniversityBinghamtonUSA

Personalised recommendations