Tuesday, May 13, 2008

Adaptive Protection

One thing that has fascinated me for the last few years has been the thought that instead of these centralised, hub like antivirus (and anti-malware, anti-spyware, etc.) systems and firewalls that work on a per computer/network basis, we could have an adaptive peer to peer system.

At this point in time I think there are three major uses for the internet. Number one is business, number two is socialising and number three is sharing data. Although I suppose three encapsulates both one and two.

The only downsides to the internet are crime and government. I'm not about to try and fix governance of the internet except to say that peer to peer trumps centralised control, and I'll hopefully convince you of that in this blog, if not this post.

There are two types of crime on the internet; mostly on the web and in email, but they also feature in other applications. The first is digital crime like trojans, spyware, etc. The second type is confidence tricks, like when on ebay someone sells you a DVD allegedly signed by Ron Jeremy and it's just a blank DVD with a squiggle on it, and there's nothing to prove it is what it is. The latter type of crime is rife in a walks of life. Digital crime, however, can only happen on computers.

So now we get to the point of my post: adaptive protection from digital crime.

Our current model for protection is one where we install some software, be it a firewall, script blocker, antivirus programme or whatever and allow it to run. Every so often the software will call home, either automatically, or because we tell it too, and it will update how it works. This is what we do and it means that we are always one step behind the attackers.

Let me throw some crazy, metaphorical idealism at you.

The internet is like fertiliser. It's not a living thing its self, it doesn't change as such. Its purpose is always to be the place where ideas can grow and evolve. The applications of the internet: bit torrent, web, ftp, usenet, gopher, finger, etc., are all lifeforms that evolve, or become endangered or extinct (to over extend the metaphor). Essentially we (users) behave like seed carriers; we increase the population of an application by spreading it around, getting others to use it, a lot like corn or carrots.

The other applications, the ones that are less than favourable for most users, are also able to flourish in this fertiliser. Like weeds, I suppose, or maybe bacteria or fungi. So like sensible farmers we deploy pesticides to kill them off, which work fine until they evolve and we have to make a better pesticide, and so on and so on.

We have one advantage over bio-technologists, though. If we start doing mad scientist type experiments to try and create programmes that can behave in a way that is adaptive and can help wipe out the undesirable programmes, we can't cause ecological disaster, like DDT or engineering resistant plants might.

My basic premise is that the best way to beat the viruses et al. is through co-operation and on the fly adaptation, via implementing a new internet application. Rather than an application that considers the internet as a place to guard against, create an internet application that wants to defend its turf.

It would have to be an application that runs in the background of your computer, and is able to understand what should be happening and what shouldn't, and how to prevent these things. Once recognition of a problem takes place and action is taken then the programme would need to propagate that information to neighbours to help them identify similar problems.

You cannot define all the rules up front. You can, however, define how to define rules, and let evolution take its course. This is one area I think that evolutionary computing will excel in. It is perfectly suited to coming up with solutions that involve iterative design over many generations.

I haven't done enough reading around operating systems to be able to implement such a system, but the idea is most intriguing. I also haven't read around in the adaptive protection literature, so I don't know how far along this research is. It is definitely something I will be getting involved in.