Researchers are seeking to model advanced computer network security systems after the natural processes employed by the human immune system in defending against sickness and disease.
A recently released white paper from the Department of Homeland Security titled "Enabling Distributed Security in Cyberspace: Building a Healthy and Resilient Cyber Ecosystem with Automated Collective Action" explores how systems can be designed to detect threats and defend against them in an autonomous fashion.
"We want the machines to take a more active part in their own protection. We want to use their brains to protect themselves, but always in the context of the policies of the system administrators and owners," said senior counselor for cyber security at the U.S. Department of Homeland Security Bruce McConnell, co-author of the DHS paper.
The idea is to instill systems with the innate ability to recognize threats regardless of whether they have been encountered before, and then to communicate information about those threats to other systems automatically.
Currently computers are dependent on the intervention of their human counterparts to recognize malicious events, to provide instruction for the response, and to communicate the nature of the threat to other systems.
"Computers are limited by their programming. If it doesn't model the known versus the unknown, they can't tell the self from the other," says Hart Rossman, vice president for cyber-security services at Science Applications International Corp (SAIC).
The rapid development and deployment of zero-day threats leaves systems vulnerable to exploits for a period of time prior to the establishment of effective mitigation efforts, leaving networks susceptible to new strains of malware and innovative hacking methodologies.
"The threat is growing. There are more incidents and they are becoming more sophisticated. The latest buzzword is 'advanced persistent threats.' These are sufficiently advanced methods that are difficult to detect and take a long time to discern," Rossman said.
Key to the success of automated detection and mitigation systems will be the ability for individual computers to communicate information about the nature of an attack readily, just as individual cells in the body communicate information about the foreign invaders they encounter.
An obstacle to the development of collaborative security systems is in deciding how much information should be shared and under what circumstances.
The more systems can automatically share information, the less guarantee there is that privacy can be maintained for the users of those systems.
"Although we want the cell to be curable, we want it to have our private personality that cannot be wiped or automatically checked. What is an attack? It is often in the eye of the beholder," said Angelos Stavros, a computer scientist at George Mason University.