Biologically Inspired Defenses Against Computer Viruses

Jeffrey Kephart, Gregory Sorkin, William Arnold, David Chess, Gerald Tesauro, Steve White
Proceedings of IJCAI '95, Montreal, August 19-25, 1995, pp. 985-996
ISBN 3-540-60923-7
August 1995

Today's anti-virus technology, based largely on analysis of existing viruses by human experts, is just barely able to keep pace with the more than three new computer viruses that are written daily. In a few years, intelligent agents navigating through highly connected networks are likely to form an extremely fertile medium for a new breed of viruses. At IBM, we are developing novel, biologically inspired anti-virus techniques designed to thwart both today's and tomorrow's viruses. Here we describe two of these: a neural network virus detector that learns to discriminate between infected and uninfected programs, and a computer immune system that identifies new viruses, analyzes them automatically, and uses the results of its analysis to detect and remove all copies of the virus that are present in the system. The neural-net technology has been incorporated into IBM's commercial anti-virus product; the computer immune system is in prototype.

