Chris Burroughs
(505) 277-1816
November 17, 1997
COMPUTER SCIENCE BORROWS IMMUNOLOGY THEORIES
The study of immunology, traditionally left to immunologists and biologists, is becoming a significant part of research in the University of New Mexico Computer Science Department.
Associate Professor Stephanie Forrest and her team of doctoral students are using the principles of immunology to build computer models of the human immune system and create computer security systems.
Over the past five years one doctoral student Derek Smith, working closely with Forrest and Los Alamos Laboratory Fellow Alan Perelson, has focused his energies on building a computer model of the human immune system and doing experiments in machina (in machine) to see how different vaccine strategies might work on mutating viruses. Scientists have historically studied viruses in vitro (in the test tube) or in vivo through experiments on live animals. Using a computer program to simulate the immune response to a mutating virus broke new ground.
"This was risky research because we didn't know when we started where it was going to lead," Forrest says.
It was risky, too, because of the possibility that the in machina research might be low in accuracy because live animals weren't involved in the testing. The computer immune system model developed by Smith, Forrest, and Perelson simulates a virus on a computer by breaking it down into its basic components and modeling only the patterns where the components molecularly bind. By looking at these patterns, the scientists can determine how the immune system responds to viruses that mutate and the effectiveness of potential vaccines.
One of the problems in studying some viruses, like common influenza and HIV, is that they are constantly changing. As a result, it takes many years using standard methods to tell how well vaccination works when viruses mutate. Smith's research is promising because it may one day give immunologists a better idea of how to design vaccines formutating viruses.
Smith has begun a collaboration with scientists at the U.S. Centers for Disease Control (CDC) to test his predictions and hopes to continue this line of research next year as a post doc at either UNM, Los Alamos National Laboratory, or the CDC.
Just as Smith was starting his research into computer immunology, Forrest was able to garner the support of the National Science Foundation which awarded $500,000 over five years to continue this line of research.
"We're starting to get support from some of the funding sources. Now we have to make it real to persuade biologists to pay attention. Ultimately, we would like to help the Center for Disease Control determine strategies for real vaccine strains," Forrest says.
Using computer science to simulate mutating viruses is only one aspect of immunology of interest to Forrest and several of the Ph.D. students she advises. They are also fascinated by the concept of taking the opposite approach -- modeling a computer virus or intrusion detection system after the human immune system.
"Natural immune systems protect animals from dangerous foreign pathogens, including bacteria, viruses, parasites and toxins. Their role in the body is analogous to that of a computer security system in computing. Although there are many differences between living organisms and computer systems, we believe that the similarities are compelling and could point the way to improved computer security," Forrest says.
In the human body, knowledge of intrusions by foreign objects is encoded in proteins. The question Forrest and her students continually ask is what is the equivalent of protein in computers?
Ph.D. student Anil Somayaji has come to the conclusion that a computer program's system calls are the missing link. He suggests that a "normal" profile of a computer program's pattern of system calls can be created. This profile can then be monitored with changes to the norm readily detected.
Somayaji notes that developing such a computer immune system is a matter of distinguishing "self" from dangerous "other" (or "non-self") and eliminating dangerous non-self. Protecting computer systems from malicious intrusions can simply be viewed as the problem of distinguishing self from non-self. Non-self might be an unauthorized user, a foreign code in the form of a computer virus or corrupted data.
Somayji does his security research on an isolated computer network in the Computer Science Department where he looks for "normal" computer program system call patterns and then sees how they change when a foreign body, such as a virus or illegal break-in, is introduced.
Forrest says that if such a computer immune system could be perfected, it would be a real departure from present virus and break-in detection methods.
"The current system involves computer administrators looking at log files and seeing if anything looks funny and tracking it down manually," she says.
The research, while still in its infancy, has attracted considerable attention in the computer security community.
"Initially, banks, the government and the military were the only ones who cared about computer security. With the advent of the Internet, everyone is concerned," Forrest says. "Our research came along at a time when others were just realizing that computer security was relevant to their personal and professional lives."
###