Computer Immune Systems
Main Page PeoplePapersSponsorsData Sets and Software

Natural immune systems protect animals from dangerous foreign pathogens, including bacteria, viruses, parasites, and toxins. Their role in the body is analogous to that of computer security systems in computing. Although there are many differences between living organisms and computer systems, we believe that the similarities are compelling and could point the way to improved computer security. Four examples of how we are applying ideas from immunology to today's computer security problems are a host based intrusion-detection method, a network based intrusion-detection system, a distributable change-detection algorithm, and a method for intentionally introducing diversity to reduce vulnerability. The analogy with immunology contributes an important point of view about how to achieve computer security, one that can potentially lead to systems built with quite different sets of assumptions, biases, and organizing principles than in the past.

Immunologists have traditionally described the problem solved by the immune system as the problem of distinguishing "self" from dangerous "other" (or "nonself") and eliminating dangerous nonself. The problem of protecting computer systems from malicious intrusions can similarly be viewed as the problem of distinguishing self from nonself. Nonself might be an unauthorized user, foreign code in the form of a computer virus or worm, unanticipated code in the form of a Trojan horse, or corrupted data.

What would it take to build a computer immune system with some or all of the properties of a natural immune system? Such a system would have much more sophisticated notions of identity and protection than those afforded by current operating systems, and it would provide a general-purpose protection system to augment current computer security systems. It would have at least the following basic components: a stable definition of self, prevention or detection and subsequent elimination of dangerous foreign activities (infections), memory of previous infections, a method of recognizing new infections, and a method of protecting the immune system itself from attack.

Computer Science Department
Farris Engineering Center
University of New Mexico
Albuquerque, NM 87131
Phone: (505) 277-3112 Fax: (505) 277-6927