2008 International Conference on Internet Computing in Science and Engineering
Survivable Network System: An Immune Approach
Huiqiang Wang1, Guosheng Zhao1, 2, and Jian Wang1
1
School of Computer Science and Technology, Harbin Engineering University, 150001 Harbin, China
2
Center of Computer Network and Information, Harbin Normal University, 150001 Harbin, China
E-Mail: zhaoguosheng@hrbeu.edu.cn
Abstract
Survivability has emerged as a new phase for the
development of network security technique, but an
accepted analysis and construction method is still lacking
for it. This paper presents the similarity between
biological immunity system and survivable network
system, and also provides a kind of new and feasible idea
for designing and implementing survivable network
system.
1. Introduction
Network survivability breaks limits of traditional
network security concepts, and emphasizes the abilities of
network and information systems to achieve their main
missions in a timely manner, while they are suffering
from attacks, faults, or accidents [1]. Most researches on
survivability early begin with the military domain [2].
With the increasing frequency of safe destruction,
survivability has been paid more and more attentions and
becomes the hot spot of current network security domain.
But the research on survivability is still at the initial stage,
at present has not formed perfect and mature theory
system and lacks unified criterion. It is still a puzzle for
analysis and construction of a survivable network system.
The nature organism's immunity characteristic gives us
a very good model when we solve the question of network
survivability. There exist various pathogens and viruses,
which start attacks and invasions to humanity's organism
continually, but human body has resisted and
disintegrated about 90% above attacks and invasions
because of immunity. As a result, the pathogens and
viruses that truly enter into everybody body interior are
not to 10%. That is to say, the biological immunity system
has very strongly protective function, and it will have
broad application prospect if we design survivable
network system using the biological immunity principle
for reference.
We should pay attention to how the network system
enables to automatically discover system leaks used by
attacks, and simultaneously independently eliminate
invasions, even repair these leaks after attack appears
based on the biological immunity principle. Because of
the similarity between network system and biological
system on mechanisms, establishing survivable network
978-0-7695-3112-0/08 $25.00 © 2008 IEEE
DOI 10.1109/ICICSE.2008.86
Authorized licensed use limited to: K.S. Institute of Technology. Downloaded on February 15,2010 at 19:08:09 EST from IEEE Xplore. Restrictions apply.
system based on immunity principle becomes an
interesting problem and has important research
significance and value.
2. Theory of biological immunity
We use the non-precise biological language to descript
work principle of biology immunity system
approximately, mainly withdrawing its basic thought, in
order to use for the design of survivable network system.
The immune system defends the body against harmful
diseases and infections. It is capable of recognizing
virtually any foreign cell or molecule and eliminating it
from the body. To do this, it must perform pattern
recognition tasks to distinguish molecules and cells of
body from foreign ones.
The architecture of immune system is multilayered,
which defenses provided at many levels. Once pathogens
have entered body, they are handled by innate immune
system and by adaptive immune response. The innate
immune system consists primarily of circulating
scavenger cells that ingest extra cellular molecules and
materials, clearing the system of both debris and
pathogens. Adaptive immune response is the most
sophisticated and involves many different types of cells
and molecules. It is called “adaptive” because it is
responsible for immunity that is adaptively acquired
during the lifetime of the organism. Because the adaptive
immune system provides the most potential from network
survivability viewpoint, we will focus on it in this
overview. More exhaustive description about biological
immune system may see literature [3].
3. Survivable network system
3.1. Characteristics
Critical characteristic of survivability is that the
systems can achieve their essential services when faces
the attack, failure and accident. While completes essential
services, the system should still maintain its basic
attributes, such as data integrality, confidentiality etc. In
order to ensure the ability of achieving essential services,
the survivable network system must have four critical
attributes [4], namely resistance, recognition, recovery,
329
and self-adaptation and evolvement, which are manifested
and guaranteed through making corresponding strategies.
Resistance carries on prevention of attacks as far as
possible through various technologies; But there always
exist part of attacks to be able to permeate each kind of
defense measure with development of attack technologies,
therefore the system must have a certain ability of
recognition attacks; If the occurred attacks have already
made influence to system, we must take effective
measures to recover the system and services timely;
Finally system should also have abilities of self-
adaptation and evolvement, which can make the system
carry on resistance and recognition for new and varietals
attacks, thus ensure survivability for network system
effectively.
3.2. Implement of survivable network system
At present, implement of survivability is mainly
focused on unofficial applications, and we have not
discovered realization examples for network survivability
based on practical applications. The emergent algorithm
proposed by CERT/CC research center is used to solve
survivability questions of boundless system. It regards the
survivability requirement and other holistic non-
functional attributes such as security as the systematic
emergent attributes, fully uses the characteristics of
boundless system, produces and maintains emergent
attributes through cooperation of system nodes to ensure
system survivability. But the emergent algorithm is
merely a development idea for realization of survivability,
demanding implement on concrete applications.
Now, technologies used for developing survivable
system mainly include: self-adaptation and
reconfiguration, diversity and redundancy, real-time
invasion monitoring, detection and response, intrusion
tolerance, acceptable performance reducing, access
control, isolation control and so on.
4. Survivable network systems based on an
Immune Approach
4.1. Organizing principles
In spite of there are several fundamental differences
between the biology and network systems, a study of
immune system reveals a useful set of organizing
principles that we believe should guide the design of
survivable network systems:
(1)Disreputability: Lymphocytes in the immune
system are able to determine locally the presence of an
infection, and no central coordination takes place. The
human immune system provides a good example of a
highly distributed architecture that greatly enhances
robustness.
330
Authorized licensed use limited to: K.S. Institute of Technology. Downloaded on February 15,2010 at 19:08:09 EST from IEEE Xplore. Restrictions apply.
(2)Multi-layered: In immune system, no one
mechanism confers complete survivability. Rather,
multiple layers of different mechanisms are combined to
provide high overall survivability. This is not a new
concept in network survivability, but we believe it is
important and should be emphasized in system design.
(3)Diversity: By making systems diverse, survivability
vulnerabilities in one system are less likely to be
widespread. There are two ways in which systems can be
diverse: the protection systems can be unique or the
protected systems can be diversified.
(4)Disposability: No single component of the human
immune system is essential—that is, any cell can be
replaced. Immune system can manage this because cell
death is balanced by cell production. Although we do not
currently have self-reproducing hardware, death and
reproduction at the process level is certainly possible and
would have some advantages if it could be controlled.
(5)Autonomy: The immune system does not require
outside management or maintenance; it autonomously
classifies and eliminates pathogens, and it repairs itself by
replacing damaged cells. Although we do not expect (or
necessarily want) such a degree of independence from our
computers, as network and CPU speeds increase, and as
the use of mobile code spreads, it will be increasingly
important for computers to manage most security
problems automatically.
(6)Adaptability: The immune system learns to detect
new pathogens, and retains the ability to recognize
previously seen pathogens through immune memory. A
computer immune system should be similarly adaptable,
both learning to recognize new intrusions and
remembering the signatures of previous attacks.
(7)Dynamically changing coverage: Immune system
makes a space/time tradeoff in its detector set: it cannot
maintain a set of detectors (lymphocytes) large enough to
cover the space of all pathogens, so instead at any time it
maintains a random sample of its detector repertoire,
which circulates throughout the body. This repertoire is
constantly changing through cell death and reproduction.
(8)Anomaly detection: Immune system has an ability
to detect pathogens that it has never encountered before,
i.e. it performs anomaly detection. We believe that the
ability to detect intrusions or violations is an important
feature of any survivable system.
(9)Imperfect detection: By accepting imperfect
detection, the immune system increases the flexibility
with which it can allocate resources. For example, less
specific lymphocytes can detect a wider variety of
pathogens but will be less efficient at detecting any
specific pathogen.
(10)The numbers game: Human immune system
replicates detectors to deal with replicating pathogens. It
must do so—otherwise, the pathogens would quickly
overwhelm any defense. Computers are subject to a
similar numbers game, by hackers freely trading exploit
scripts on the Internet, by denial-of-service attacks, and
by computer viruses. For example, success of one hacker
can quickly lead to compromise of thousands of hosts.
Clearly, the pathogens in network survivability world are
playing the numbers game—traditional systems, however,
are not.
These properties can be thought of as design principles
for a survivable network system. Many of them are not
new, and some have been integral features of survivable
network systems; however, no existing survivable
network system incorporates more than a few of these
ideas. Although the exact biological implementation may
or may not prove useful, we believe that these properties
of natural immune systems can help us design more
survivable network systems.
4.2. Design for survivable network system
One approach to design survivable network system
that incorporate the principles discussed in the previous
section is to design systems based on direct mappings
between immune system components and current network
system architectures. The function mapping between the
biological immunity system and the survivable network
system is showed in Table 1.
Tabel 1. The function mapping
Immune
Survivable network system
system
Isolate and Block the attacks towards system by firewall,
restrain encryption etc.; provide the network
pathogen environment not suitable for certain attacks
Detect attacks,intrusions,damage of services
Detect
by intrusion detection, virus detection,QoS
pathogen
monitoring etc.
Control influence scope of attacks by various
Restrain
measures, prevent the attack spreads in the
infection
overall system
Verify the alarm information sent out by some
Cooperated
detection units (e.g. abnormity detection),
stimulate
eliminates mistaken reports
Adaptation Study, recognize unknown attacks
Immune Recognize and abstract unknown attack
memory signature by study for unknown attacks
Eliminate Block, eliminate the attacks detected by
pathogen system
Recover the damaged services by restarting
Regeneration
the service programming or restoring to a
(recovery)
checkpoint established in advance
Various functions showed in Table 1 correspond to
concrete modules structure. There exist 7 modules in the
system structure, and we will illuminate as follows.
(1)Resistance module: isolates attack from the network
system through establishing barrier, which has coped with
the most attacks.
(2)Detection module: detects attack behavior, damage
of services against the system, and sends out alarm
331
Authorized licensed use limited to: K.S. Institute of Technology. Downloaded on February 15,2010 at 19:08:09 EST from IEEE Xplore. Restrictions apply.
information; the overall dynamic behavior of the system
is driven by detection module.
(3)Adaptation module: studies and recognizes new
attacks in the system, and automatically produce the patch
procedure or attack signature used for filtering this kind
of new attack and its simple variety, thus enhances
flexibility of the system.
(4)Executive module: concrete execution unit of
response and repair strategy, including recovery of
control, block, elimination and its influence against
attacks.
(5)Recovery module: Restores services which are
damaged in the system, and it belongs to a part of
response.
(6)Response and repair module: produces response and
repair strategy with attack and system state information.
(7)Coordination control module: coordinates each unit
in the system, and guarantees each kind of mechanism
effective coordination.
5. Conclusions
Because the similarity between biological immunity
system and survivable network system, as well as the
immunity system’s characteristics which are displayed in
process of information disposal such as distributional
protection, self-adaptation, haleness, easy expansibility,
fault-tolerant and abnormity detection etc., we proposed a
novel conception that construct the survivable network
system using the biological immunity principle. Although
at present actually constructing such a survivable network
system in this way exist some problems, it is extremely
effective through the analysis in section 4, which can
solve many questions for constructing a survivable
network system and is a very significant research
direction.
6. References
[1] R.Westmark. A Definition for Information System
Survivability. The 37th Hawaii Internal Conference
on Systern Sciences (HICSS'04), IEEE, 2004,
pp.2086-2096.
[2] T.Z.Jiang. A New Definition of Survivability of
Communication Networks. Military
Communications Conference: Military
Communication in a Changing World, IEEE, 1999,
pp.2007-2012.
[3] C.A.Janeway, P.Travers. Immunobioloy: The
Immune System in Health and Disease (the 3rd
Edition). London: Current Biology Ltd., 1996.
[4] R. Ellison, D.A.Fisher. Survivable Network Systems:
An Emerging Discipline. http://www.sei.cmu
/nublications/dcuments, 1999.