Abstract:

Many organizations are forced to widen their scope and to conduct their business on a global scale in order to keep up with the competitors. At the same time they are enlarging their networks and information systems to support their new business. It becomes more and more difficult to manage the vulnerabilities of those large distributed information systems. The traditional reactive behavior of security systems is expected not to be able to keep up with the complexity present in the new interconnected information systems and the emerging sophisticated attacks. Instead of having a few security systems, though well-equipped, waiting passively and to be surprised by each new attack or random failure, a new way of thinking about how to be security threats one step ahead is needed. Such a new way of thinking is inspired on complex adaptive systems and involves the idea of solving complexity by the individual constituents of the complex system itself. The constituents are the multiple security systems on the Internet that cooperate to achieve an integrated defense system. Self-defending information systems based on self-organization is as such proposed in this paper. Such a web of security is more effective since it is able to memorize, recognize and to adapt to new types of threats. It is also expected to be more efficient since each new threat is immediately dealt with by the system itself. Such a system is also more efficient as fewer resources are needed compared to traditional methods. Traditional methods require a new module or update for each threat (IDS, virus scanner, etc), whereas with self-organization the systems reconfigures itself after that all the means for defense and configurations have been settled once. In this paper we will present a design of such an integrated self-organizing defense system.