Carnegie Mellon Researchers Tap Biology To Fend Off Computer Worms, Virus Attacks


November 20, 2003

Carnegie Mellon University professors Mike Reiter and Dawn Song are studying cyberdiversity in a collaborative effort with the University of New Mexico. Their research is designed to ward off attacks by worms, viruses and other cyberintruders.

Reiter and Song seek to reduce computer vulnerability by automatically changing aspects of a computers software to render its software configuration different from other computers. Their goal is to ensure that an attack against one computer cant be automatically replicated against a large number of computers, thereby considerably slowing large-scale attacks.

We are looking at computers the way a physician would look at genetically related patients, each susceptible to the same disorder, said Reiter, a professor of electrical and computer engineering and computer science at Carnegie Mellon and associate director of CyLab, a Carnegie Mellon initiative focused on advancing cybersecurity technology and education.

In a population, one member may fall victim to a pathogen or disorder, while another might not have the same vulnerability, Reiter said.

Adapting this idea in biology to computers may not make an individual computer more resilient to attack, but it aims to make the whole population of computers more resilient in aggregate, said Song, an assistant professor of electrical and computer engineering and computer science at Carnegie Mellon.

We are trying to develop approaches to automatically diversify computers so that attackers will have less information about each individual computer and will have to attack each computer differently, she said.

The Internet worm Code Red, for example, infected more than 300,000 systems in less than 13 hours by attacking one major vulnerability. In the case of Code Red, that vulnerability was placing more data into a memory than the memory could hold.

Earlier approaches toward software diversity attempted to develop the same software using independent development teams, so that the independent versions would guard against different sets of vulnerabilities. But that approach was both costly and time consuming, researchers said.

The three-year, $750,000 research project, is being funded by the National Science Foundation, an independent federal agency that supports fundamental research and education across all fields of science and engineering.