Hot Zone: IBM researchers recently offered the...
Hot Zone: IBM researchers recently offered the first glimpse of a computer anti-virus technology modeled on biological immune systems.
The complex system goes far beyond traditional anti-virus software in its ability to identify new types of viruses and snuff them out almost instantly by devising a cure and distributing it around the world in minutes.
IBM has been working on what it calls the Immune System for Cyberspace for several years at its Watson Research Center in Hawthorne, N.Y. But the company hadn’t demonstrated the system publicly until last week at the annual Virus Bulletin International Conference in San Francisco.
IBM executives cautioned that the system is not yet scheduled for commercial release, although a pilot program with a small group of customers is about to get underway. Still, the technology is already considered a significant advance in an industry where hyperbolic claims often outstrip actual improvements.
Chris Le Tocq, an analyst at Dataquest in San Jose, said that if the technology is brought to market, it could help IBM climb out of the industry cellar. The company trails far behind Symantec and McAfee Associates, which together account for nearly 60% of anti-virus software sales.
The Internet enables viruses to spread far more rapidly than when they were primarily passed by the sharing of infected floppy disks.
“Viruses have the potential to spread in hours now, which means we have to respond in minutes,” said Jeffrey Kephart, who has the unusual title of manager of research in agents and emerging phenomena at IBM.
To devise the system, Kephart said researchers began with a fundamental question: How do biological systems defend themselves against viruses?
Most existing anti-virus software works by scanning computer files for known viruses. Some software also looks for virus-like behavior, such as an unexpected instruction to format the hard drive. But these approaches are unreliable and slow, requiring users to periodically download the latest list of new viruses.
Like the human immune system, IBM’s technology is designed to detect even unknown viruses. It does this by looking for clusters of tiny code fragments commonly found in viruses, as well as changes to specific locations of files that viruses commonly attack.
A sample of any suspected virus is automatically shipped to IBM’s lab in New York, where a computer analyzes the intruder, devises a cure if necessary, and distributes it to all computers that are part of the Immune System network.
