Natural immune systems are sophisticated information processors. They learn to recognize relevant patterns, they remember patterns that have been seen previously, and they use combinatorics to construct pattern detectors efficiently. Further, the individual cells and molecules that comprise the immune system are distributed throughout our bodies, encoding and controlling the system in parallel with no central control mechanism.
The talk will describe a project that is incorporating principles and mechanisms from immunology into computer security. It will emphasize recent work on a lightweight intrusion-detection system for networked computers. In this system, normal behavior is defined by short-range correlations in a process's system calls---a much simpler approach than that used previously. Initial experiments suggest that the definition is stable during normal behavior and that it is sensitive to several common intrusions.