December 29, 2015 | Category: Cyber Security, Guest Bloggers, Hardware & Software | Tags: , , , Views: 3491

Enhanced Information Security through Biomimicry

Photo Credit: 20150222_b via Jonathan McCabe cc

Life can be thought of as a biological problem solver. When looking for innovative answers to some of the toughest security questions, many of the best solutions are found through observation of biological systems. The obvious examples include ant colonies, bee hives, and termites, but we can also learn a lot from lesser known behaviors in nature such as the behavior of viruses, bacteria, mold, fish, and plants.

In the paper “Security—A Perpetual War: Lessons from Nature”, Mazurczyk and Rzeszutko present a table which uses analogies from nature to compare offensive and defensive IT capabilities to the offensive and defensive capabilities seen in biological lifeforms.

Phishing and Honeypots

The features are mapped out, you have essence features of the defensive or offensive techniques, the IT example, and the example from nature. Phishing for example uses similar techniques as used by the anglerfish, worms use similar techniques as used by the bolas spider, botnets use similar techniques as is used by ophiocordyceps unilateralis which is a fungus. These techniques are primarily offensive but defensive IT techniques also mirror biology. Honeypots for example use similar techniques as is used by the Lady’s slipper orchid.

Distributed Denial of Service Attacks

If we map out the different attack and defense techniques onto biological organisms then we can understand how each attack and defense technique can evolve within the IT ecosystem. Understanding this evolvability can be very important and inform us on how to better design defensive techniques going into the future. The DDOS (distributed denial of service) technique currently utilized in attacks disrupts the resource management capabilities and availability of the defense but we must remember that DDOS is just an evolved form of DOS (denial of service). The defensive techniques must also evolve along with the offensive techniques and in a way which is aware of how offensive techniques are likely to or are able to evolve from current technological trends.

It is possible that in the near future we will see malware, viruses, and worms, which make use of artificial intelligence along with biomimicry to become more effective. On the defense side it will be necessary to utilize artificial intelligence for anomaly detection. Detection capabilities currently are very insufficient as many attacks practically undetectable. Improved anomaly detection supported by enhanced machine intelligence may help improve the quality of intrusion detection systems and it is possible that machine intelligence will be cloud-based or even decentralized if we look at the current trends. In biology the masked birch caterpillar provides an example of an intrusion detection system (Mazurczyk, Rzeszutko, 2015) which we can find inspiration from for improvements to design.

Can the defensive security efforts catch up to the predatory cyber attacks?

Unfortunately at the same time if we look at current trends the potential risk of certain kinds of attacks are increasing while the potential to defend against them appear to be decreasing. Ransomware is evolving, is now becoming decentralized, utilizing advances in cryptography and blockchain technology. Can nature inform us on how to defend against these evolving threats? The predators in the IT ecosystem are evolving faster than the prey, but perhaps the defense side could use inspiration from nature to contain evolving threats.


About the Guest Author

Dana Edwards is a technological visionary, an information security expert and a
social futurist. Born and raised in Boston Massachusetts, he
obtained a Bachelors degree in ethics, social & political philosophy
from UMass, a Masters degree in Cybersecurity from UMUC, and is CompTIA
Security+ certified.

He has been fascinated by and continuously studied computer
technology and information security since 1997 when he received his
first computer. As a student, teacher and problem solver, he wishes to
share some of his knowledge with the world, and to inspire, conduct, and
promote innovative experiments in cybersecurity.

Connect with him via email or Twitter.


References

Guedes, R. N. C., Matheson, S. M., Frei, B., Smith, M. L., & Yack, J. E. (2012). Vibration detection and discrimination in the masked birch caterpillar (Drepana arcuata). Journal of Comparative Physiology A, 198(5), 325-335.

Mazurczyk, W., Drobniak, S., & Moore, S. (2015). Towards a Systematic View on Cybersecurity Ecology. arXiv preprint arXiv:1505.04207.

Mazurczyk, W., & Rzeszutko, E. (2015). Security–A Perpetual War: Lessons from Nature. IT Professional, 17(1), 16-22.

Subscribe to the TechRoots Blog




 
 

Related Post

18 Items for Your Linux Admin Toolkit