Skip navigation.

Why anti mal* is doing it wrong

I had a presentation the other day at UNM on some of the work that I had done two years ago. It's fascinating that there is such a renewed interest.

A. Kozakiewicz, A. Felkner, P. Kijewski, and T. Kruk published a paper (4/2007) after my DefCon presentation entitled "Application of bioinformatics methods to recognitio of network threats." The conclusion of this paper was that these the bioinformatics techniques seem to have less resistance to polymorphism, however I maintain that was because of the simplicity of the scoring function they considered.

One of the starting papers in the field of using nature as a way to figure out how to do things correctly was a 1994 paper "Principles of a Computer Immune System" by A. Somayaji, S. Hofmeyr, and S. Forrest. This spends a lot of time considering the acquired immune system.

So, how does nature do things differently than anti mal*? There's a lot out there on this topic. I'd like to advance two points I've not seen elsewhere:

  • Natural systems don't "root" the individual hosts, but the hosts provide enough information (via MHC II molecules) to an immutable status of what each host is doing. Anti-mal* is the opposite, wanting hooks into everything and itself being readily disabled.
  • There is no hesitation to kill hosts that are suspected infected. Among many destruct mechanism is the FAS ligand activation pathway. Think of this as a lever on the outside that automatically shreds the cell and makes it easy for the acquired immune system to improve future defense. Note again that the cell is shredded; there is no "root" required for post mortem forensics.

These are just some ideas. I hope to be getting them together in a formal paper sometime soon. I look forward to comments.

If you like bio-inspired defenses...

Have you looked at any of the work on Artificial Immune Systems (AIS), particularly the recent work by Dasgupta's group at Memphis? I personally do not find them to be appropriate (it's beautiful at a high level, but the implementation is suspiciously inelegant, particularly the use of hyperplanes).

We shouldn't forget that natural immune systems are adapted to their environment. Meaning, their entire structure has been generationally optimized to do what it does. We can let it inspire us, just like many things have inspired other computational metaphors such as ACO and PSO, but I suspect it's going to be just as "off" in the end.