Professional Documents
Culture Documents
Authorized licensed use limited to: K.S. Institute of Technology. Downloaded on February 15,2010 at 19:08:09 EST from IEEE Xplore. Restrictions apply.
and self-adaptation and evolvement, which are manifested (2)Multi-layered: In immune system, no one
and guaranteed through making corresponding strategies. mechanism confers complete survivability. Rather,
Resistance carries on prevention of attacks as far as multiple layers of different mechanisms are combined to
possible through various technologies; But there always provide high overall survivability. This is not a new
exist part of attacks to be able to permeate each kind of concept in network survivability, but we believe it is
defense measure with development of attack technologies, important and should be emphasized in system design.
therefore the system must have a certain ability of (3)Diversity: By making systems diverse, survivability
recognition attacks; If the occurred attacks have already vulnerabilities in one system are less likely to be
made influence to system, we must take effective widespread. There are two ways in which systems can be
measures to recover the system and services timely; diverse: the protection systems can be unique or the
Finally system should also have abilities of self- protected systems can be diversified.
adaptation and evolvement, which can make the system (4)Disposability: No single component of the human
carry on resistance and recognition for new and varietals immune system is essential—that is, any cell can be
attacks, thus ensure survivability for network system replaced. Immune system can manage this because cell
effectively. death is balanced by cell production. Although we do not
currently have self-reproducing hardware, death and
3.2. Implement of survivable network system reproduction at the process level is certainly possible and
would have some advantages if it could be controlled.
At present, implement of survivability is mainly (5)Autonomy: The immune system does not require
focused on unofficial applications, and we have not outside management or maintenance; it autonomously
discovered realization examples for network survivability classifies and eliminates pathogens, and it repairs itself by
based on practical applications. The emergent algorithm replacing damaged cells. Although we do not expect (or
proposed by CERT/CC research center is used to solve necessarily want) such a degree of independence from our
survivability questions of boundless system. It regards the computers, as network and CPU speeds increase, and as
survivability requirement and other holistic non- the use of mobile code spreads, it will be increasingly
functional attributes such as security as the systematic important for computers to manage most security
emergent attributes, fully uses the characteristics of problems automatically.
boundless system, produces and maintains emergent (6)Adaptability: The immune system learns to detect
attributes through cooperation of system nodes to ensure new pathogens, and retains the ability to recognize
system survivability. But the emergent algorithm is previously seen pathogens through immune memory. A
merely a development idea for realization of survivability, computer immune system should be similarly adaptable,
demanding implement on concrete applications. both learning to recognize new intrusions and
Now, technologies used for developing survivable remembering the signatures of previous attacks.
system mainly include: self-adaptation and (7)Dynamically changing coverage: Immune system
reconfiguration, diversity and redundancy, real-time makes a space/time tradeoff in its detector set: it cannot
invasion monitoring, detection and response, intrusion maintain a set of detectors (lymphocytes) large enough to
tolerance, acceptable performance reducing, access cover the space of all pathogens, so instead at any time it
control, isolation control and so on. maintains a random sample of its detector repertoire,
which circulates throughout the body. This repertoire is
constantly changing through cell death and reproduction.
4. Survivable network systems based on an (8)Anomaly detection: Immune system has an ability
Immune Approach to detect pathogens that it has never encountered before,
i.e. it performs anomaly detection. We believe that the
4.1. Organizing principles ability to detect intrusions or violations is an important
feature of any survivable system.
In spite of there are several fundamental differences (9)Imperfect detection: By accepting imperfect
between the biology and network systems, a study of detection, the immune system increases the flexibility
immune system reveals a useful set of organizing with which it can allocate resources. For example, less
principles that we believe should guide the design of specific lymphocytes can detect a wider variety of
survivable network systems: pathogens but will be less efficient at detecting any
(1)Disreputability: Lymphocytes in the immune specific pathogen.
system are able to determine locally the presence of an (10)The numbers game: Human immune system
infection, and no central coordination takes place. The replicates detectors to deal with replicating pathogens. It
human immune system provides a good example of a must do so—otherwise, the pathogens would quickly
highly distributed architecture that greatly enhances overwhelm any defense. Computers are subject to a
robustness. similar numbers game, by hackers freely trading exploit
330
Authorized licensed use limited to: K.S. Institute of Technology. Downloaded on February 15,2010 at 19:08:09 EST from IEEE Xplore. Restrictions apply.
scripts on the Internet, by denial-of-service attacks, and information; the overall dynamic behavior of the system
by computer viruses. For example, success of one hacker is driven by detection module.
can quickly lead to compromise of thousands of hosts. (3)Adaptation module: studies and recognizes new
Clearly, the pathogens in network survivability world are attacks in the system, and automatically produce the patch
playing the numbers game—traditional systems, however, procedure or attack signature used for filtering this kind
are not. of new attack and its simple variety, thus enhances
These properties can be thought of as design principles flexibility of the system.
for a survivable network system. Many of them are not (4)Executive module: concrete execution unit of
new, and some have been integral features of survivable response and repair strategy, including recovery of
network systems; however, no existing survivable control, block, elimination and its influence against
network system incorporates more than a few of these attacks.
ideas. Although the exact biological implementation may (5)Recovery module: Restores services which are
or may not prove useful, we believe that these properties damaged in the system, and it belongs to a part of
of natural immune systems can help us design more response.
survivable network systems. (6)Response and repair module: produces response and
repair strategy with attack and system state information.
4.2. Design for survivable network system (7)Coordination control module: coordinates each unit
in the system, and guarantees each kind of mechanism
One approach to design survivable network system effective coordination.
that incorporate the principles discussed in the previous
section is to design systems based on direct mappings 5. Conclusions
between immune system components and current network
system architectures. The function mapping between the Because the similarity between biological immunity
biological immunity system and the survivable network system and survivable network system, as well as the
system is showed in Table 1. immunity system’s characteristics which are displayed in
process of information disposal such as distributional
Tabel 1. The function mapping protection, self-adaptation, haleness, easy expansibility,
Immune fault-tolerant and abnormity detection etc., we proposed a
Survivable network system
system novel conception that construct the survivable network
Isolate and Block the attacks towards system by firewall, system using the biological immunity principle. Although
restrain encryption etc.; provide the network at present actually constructing such a survivable network
pathogen environment not suitable for certain attacks
Detect attacks,intrusions,damage of services
system in this way exist some problems, it is extremely
Detect effective through the analysis in section 4, which can
by intrusion detection, virus detection,QoS
pathogen solve many questions for constructing a survivable
monitoring etc.
Control influence scope of attacks by various network system and is a very significant research
Restrain
measures, prevent the attack spreads in the direction.
infection
overall system
Verify the alarm information sent out by some
Cooperated
detection units (e.g. abnormity detection), 6. References
stimulate
eliminates mistaken reports
Adaptation Study, recognize unknown attacks [1] R.Westmark. A Definition for Information System
Immune Recognize and abstract unknown attack Survivability. The 37th Hawaii Internal Conference
memory signature by study for unknown attacks on Systern Sciences (HICSS'04), IEEE, 2004,
Eliminate Block, eliminate the attacks detected by pp.2086-2096.
pathogen system [2] T.Z.Jiang. A New Definition of Survivability of
Recover the damaged services by restarting Communication Networks. Military
Regeneration
the service programming or restoring to a
(recovery) Communications Conference: Military
checkpoint established in advance
Communication in a Changing World, IEEE, 1999,
pp.2007-2012.
Various functions showed in Table 1 correspond to
[3] C.A.Janeway, P.Travers. Immunobioloy: The
concrete modules structure. There exist 7 modules in the
Immune System in Health and Disease (the 3rd
system structure, and we will illuminate as follows.
Edition). London: Current Biology Ltd., 1996.
(1)Resistance module: isolates attack from the network
[4] R. Ellison, D.A.Fisher. Survivable Network Systems:
system through establishing barrier, which has coped with
An Emerging Discipline. http://www.sei.cmu
the most attacks.
/nublications/dcuments, 1999.
(2)Detection module: detects attack behavior, damage
of services against the system, and sends out alarm
331
Authorized licensed use limited to: K.S. Institute of Technology. Downloaded on February 15,2010 at 19:08:09 EST from IEEE Xplore. Restrictions apply.