Cyberattack ,

The Darwin defense: can ‘genetic algorithms’ outsmart malware?

By Michelle Drolet
17 Nov 2017

Coming to a future near you: software code that mutates and evolves.

We often talk about computer systems and information security in biological terms. Threats and defenses evolve, viruses run rampant, and machines learn by emulating the neural networks in our brains. Cybersecurity is an endless war between attackers and defenders, just as biology is a war between predators and prey.

What if we could create an automated process of selection for computer programs, where the fittest would survive and adapt to become more robust, closing vulnerabilities and fixing bugs with each new self-producing version? That’s precisely what some researchers are working on and it may lead us to a future where software repair and security is automated, without the input of coders.

The malware mountain

Malicious software or malware is an enormous problem. The AV-Test Institute registers more than 250,000 new malicious programs every day. Trying to combat that threat is far from easy, especially with limited time and resources. Cybercrime damages will cost $6 trillion annually by 2021, according to Cybersecurity Ventures, up from $3 trillion in 2015.

In a competitive market where new features and devices are developed as quickly as possible, security often takes a back seat. The need to secure the IoT is a good example. We’re connecting billions of devices to our networks that offer new potential points of entry for hackers. Many of these IoT devices lack basic security provisions or they have not been properly configured to take advantage of the security they do offer.

A single default password may hand an attacker the keys to your digital kingdom. Even with a stringent update policy and a string of security patches, which is not the state of play for most businesses, much less your average homeowner, there is still risk. New vulnerabilities emerge all the time and updates can create as many bugs as they fix.

The Darwin defense

The concept of a genetic algorithm was pioneered by John Henry Holland, a professor of psychology, electrical engineering, and computer science. He recognized the potential of applying Darwin’s concept of natural selection to computers. Now, Stephanie Forrest of the University of Michigan, having earned her Ph.D with Holland, is applying these genetic algorithms to software.

The idea is to allow different versions of a computer program to mate and merge their code. Some of the time, the new versions work better than their predecessors. Each software version is judged on its ability to perform the functions it was originally created for. Weak versions that don’t perform well are culled. Promising new variants survive and mate. There’s also an element of unexpected innovation that comes through mutation, providing desirable new features.

These genetic algorithms are essentially evolving through selective breeding and artificial adaptation. New generations can develop quickly with no need for human intervention. This automated process has the potential to get great results far more quickly and cheaply than traditional software development, where repairing bugs and closing vulnerabilities is slow and difficult.

Automation and evolution

Traditional software development has given way to a much faster process and there’s a growing understanding that automation can introduce speed, consistency and free up talent to focus on areas where they can add more value. Artificial intelligence has benefitted enormously by borrowing from biology, so it stands to reason that security software could do the same.

As potential attack surfaces grow, there are countless risks to assess and remediate. There’s so much to consider, from third-party risk management to the growth of botnets. Cybersecurity professionals understand that this is a war that will never end. Hackers and cybercriminals continue to identify and exploit new avenues of attack. Just as innovation drives new software features, it leaves bugs and vulnerabilities in its wake.

Even with the help of a common set of principles, like NIST’s Cybersecurity Framework, it’s difficult to keep malware off your network. New vulnerabilities are discovered every day, but too many companies also fail to remediate for known issues. Patching is a real problem that needs to be addressed.

It’s easy to see the exciting potential of automated, evolutionary software development for rapid bug fixes and enhanced security.


This article was originally posted on CSOOnline >