Posting in Design
All these programs are small objects. You can deploy a lot when needed, cut their numbers when they're not, all under control of other software objects. Reports and commands to programmers are specific, action-oriented.
(This ant swarm is from a Web site called Daily Speculations, where you can learn more about the theory of insect behavior on which this story is based.)
Think of current anti-virals as playing a game of cops and robbers. Firewalls stand at the entrance to a system like TSA guards, inspecting code as it goes in-and-out. Scanners conduct regular inspections of the whole system -- they're cops raiding a joint with photos of the usual suspects.
The problem here is the same as you find in the real world. Bad guys disguise themselves. Cops can't be everywhere at once.
Many of the programs that do the most damage to computers and networks are classified as worms. They mimic animal behavior by copying themselves inside networks, without human intervention.
Glenn Fink at the Pacific Northwest National Laboratory, a Department of Energy research center, thought about this and asked, why mimic the behavior of human cops and guards at all? Why not model insect behavior?
Errin Fulp of Wake Forest and two of his graduate students spent last summer at PNNL, with Fink, coding and testing a solution based on this insight. Instead of big programs that carry the equivalent of mug shots (virus signatures), break the work down into smaller pieces and focus on maintaining safety, not catching crooks.
Having done extensive work in maintaining quality of service and detecting denial of service attacks, Fulp has broken the security task into three basic components:
- Ants patrol systems looking at specific conditions, like the connection rate of bits through a router. Fulp has 64 conditions that can be tested, and could in time have as many as 3,000, but each is a tiny program whose work does not slow the main system.
- Sentinels take reports from the ants, sort through them for potential problems and, if they find them, report them up the line. They also control the number of ants reporting to them, making new ones based on incoming data, destroying those that are not needed.
- Sergeants are the user interface. They turn the sentinels' reports into knowledge a human being can use to fix problems before they become real to users.
Fulp describes the results as "swarm intelligence," likening it to ant behavior in the wild. Ants swarm to anything that appears wrong and surround it, collecting data.
The key is that all these programs are small objects. You can deploy a lot of them when needed, cut their numbers when they're not, all under control of other software objects. Reports and commands to programmers are specific, action-oriented.
The Wake Forest work is aimed at protecting Internet-linked systems, but they can be deployed across networks without disruption, and could be the heart of new anti-viral program designs. Eventually they could even trace Internet threats to their source, allowing real cops to get to work with plenty of evidence for a warrant.
Oct 29, 2009
No one thought of it before, because imitating nature is a recent trend in systems. Not that it has never been done before, but now we are abandoning cartesian, procedural, mechanical approaches in many cases and learning many more lessons from nature about organicity, robustness and intelligence. I think this is great and exciting.
Yes, that is another possible analogy. The difference, in this case, is that a white cell has both detection and correction. It splats the disease cell and the remains are run through the lymphatic system. In this case, all these programs are specialists. Some do monitoring, essentially running a DDoS attack on attacking anomolies. Some manage the software objects, and some communicate with the user. Actually, I was thinking it's a bit like TRON.
This is one of those insights of such astonishing simplicity that you wonder no one thought of it before. Kudos to Mr Fink for thinking outside the conventional paradigm.