BMNSM model with a top down behavioral alter security management model
7
Steven Sheridan
CPSC 6157 Network management Computer science department, Columbus State University, Columbus, GA
Submitted 4/26/2009
Abstract - With networks today growing more and more complex security is has to keep up. One of the places the computer world is looking to is the biological world for help with securing complex environments. Much of the network research on bio inspired security focuses on the human immune system. This is a great place to look at an individual level defense strategy. However in the biological world we face many different security threats not just virus threats. Each security threat found in the bio logical world has a different defense strategy depending on what level it is found at. This paper focuses on these different levels of bio logical security to create a Multidimensional Network Security Model based on the biological world but using a top down behavioral modification approach to prevent and stop threats from happening within the internet today.
I. Introduction
Computer security and Biological security have many of the same problems and issues. The fields run so close together that they even borrow terms from each other such a virus which means two different things in these two different fields. The major difference between the two fields is while computer security is relative new and still developing. Biological security has been around since human life has been on this planet. As a result the biological world have some great solutions that that have developed to address these security problems. This is why the biological world is such a good place to look for examples of how to address the issues we face in computer security.
This paper focuses on research done by Harbin Engineering University on bio-inspired Multidimensional network security model. This paper will go over the 3 levels that where identified by the Multidimensional network security model. Using the Harbin approach with the multidimensional model and modifying to use a top down behavior modification approach to create a good model for security in the modern internet.
II. BMNSM Model and Summary
The BMNSM breaks down human/biological world into 3 categories. The first category is individual. This is a single person in which the nervous system, circulatory system and immune system as well as others systems maintain the normal running of the body.
Next category is group. At this level a set of people cooperate, intercommunicate and compete between members. All interactions must obey rules and by laws of the group which enables the group to function properly.
Society is the final category on the top. Society is made up of many different groups there all the same interactions as within a group except they are done on a much larger level and normally between groups. The interactions in society are protected by laws and popularity of action with society as a whole.
The next thing we must define is Interactions. Interaction has three basic principles to it. The first is information exchange in which something is exchanged with another. On the individual level this would be the exchange of food into your body and air into your body. On the group and society level this would be information or goods.
Next basic principle is security of this information exchange. On the individual level the body protects you from harmful things like viruses from getting into your body. On the group and society level laws protect you from someone trying to harm you.
The last basic principle is recovery. Should something happen in the interaction to make it go wrong a recovery process is needed. At the individual level the body can rebuild from an infection. At the group and society laws or court systems are in place to make sure recovery happens should exchanges go wrong. A good example of recovery at the group or society level is if a group of people lose money to a scam they recover the money via the laws and court system.
From these basic principles the researches at Harbin Engineering University then tried to map these over into computer networks. The research states that individual level is a computer or end user. The group level being a LAN, WAN or MAN. The society level is the internet itself. They call this model the BMNSM model. The model’s theory is that each level of security can be modeled on human society and there for can be put into a nice state machine. A virus comes in over the network attacks at computer the computer detects it then destroys it and repairs whatever damage might happen. Each level of network has three states it can be in those are information exchange, security detection and state recovery.
While this is a good approach it does not address the issue of enforcement of security too well. Laws are enforced upon society to prevent damages from happening. Each person in society is not in charge of protecting themselves at every level. In computer world today a user is in charge of protecting themselves from any and all threats. For example, a mass DOS attack upon one network has to be defended by that one network not much help is given by anyone else on the internet to help prevent this attack.
The other failure that the research at Harbin failed to see is that crimes are behaviors and laws are made to modify, predict and prevent these criminal behaviors. In the biological world in order to prevent a killer from killing society has a system of punishments in place to prevent people from doing this behavior.
The last thing the research fails to point out is pattern detection of crimes or harmful behavior. When a killing occurs that person commit the crime has a certain behavior pattern that is unique from the rest of society and can be detected to bring them to justice. This is why police are trained to look for behavior differences in people on the streets. Since computer or for that matter any electronic device is used by humans it to will display behavior characteristics that can be analyzed for harmful or criminal behavior.
III. BMNSM top down approach
Adding a top down approach to the BMNSM model used by Harbin adds order of enforcement to his security model. One problem faced is computers and computer networks do not do is interact to make each other aware of a common threat. If an individual gets sick with TB for example they go in for treatment the doctor will then contact the CDC to make sure the type of TB they have will not be a major threat to society. If it is detected as a major threat then that person is isolated from society until society feels this threat is gone. When computers get a virus no system is in place to isolated make the internet is aware of the problem. Many of these computers remain on the net for years and remain vulnerable to other attacks. Having a network being self ware of a problem and able to disconnect those computers that has problems would greatly reduce the threat that everyone faces from a virus or hacker. To do these computers have to have a way of passing up the information to the society level and society needs a way dealing with the problem. With the top down approach the problem is detected at the society level and then punishment is pushed down from there.
How to detect the problem at the society level? At the society level many major problems can be detected. The T1 networks can see major traffic problems caused by DOS attacks. T1 networks can also detect different virus protocols moving in and out of the T1 networks. Detection for the T1 networks is pretty simple and because of the large amount of money they take in they can easily afford to upgrade these detection systems.
But wow to push down punishment with computer networks? The basic punishment of most laws in society is to isolate that individual from society so they can no longer be harmful to society and makes society aware that this person is harmful. A good example of this is sending a person to prison for a crime. The person punishment is isolation from society until they modify the harmful behavior they have. It also tags them in society as being a convict which makes society aware of the harm they can do. In the computer world society is the internet itself so isolating a harmful computer or group of computers from the internet is a great way to protect the internet as a whole. If this network cutting policy is enforced from the top down or from the T1 networks to the smaller networks massive attacks and viruses could be stopped faster. Since we have fewer T1 networks in the world it is easier for them to start the enforcement and then each network below would just copy the enforcement because of the fear of being cut off from the internet.
This Top down theory recognizes one simple fact of any bio logical society is that they have leaders that can then enforce laws all the way down to the individual level. The president can have someone arrested if he feels that person is threat to a society. That person is then excluded from society. The same process is at play at the world level when one country does not cooperate with the other countries they face sanctions or exclusion from the world process. The T1 act as the leaders of internet right now by determining which protocol standard they will carry by doing this they in fact create the standard for the entire internet. This same process would just apply with security as well with the T1 determining which network traffic is harmful and which is not. They enforce this by cutting off the harmful traffic from going across their network. Each network under the T1 then fallows the T1 networks lead and does the same.
IV. BMNSM model and behavior
The BMNSM model was based off another paper called biologically inspired approaches to computer security. In this paper it talks about biological diversity as a natural way that the biological world is able to combat biological threats. This paper also dismisses this same diversity in computer world because computers are all made pretty standard.
This is why the BMNSM model does not address the theory of diversity. However both papers have gotten the idea of diversity wrong. Diversity of the biological more so the human part of the biological world does not rely on genes it relies more on behavior. Many threats the biological world faces force behavior changes to effectively counter the threat. A good example of this is Aids and the spread of it. This virus spreads on behavior patterns of humans from unsafe sex practices to sharing of nettles with drug users. These behaviors make these people more susceptible to the aids virus. In order to slow or stop the Aids virus society put in place education and laws to try to prevent this behavior. This allowed for people to modify their behavior to prevent them from getting the aids virus.
Now we have to ask the question, why does this matter in the BMNSM Model? A threat on each level should not be looked as in terms of what actions to take, but it should be looked at in terms of how that person’s behavior made them more susceptible to that threat and how to alter that behavior.
A simple example of changing behavior is a user that uses file sharing to get files and then gets a virus that can then spread to others. A network administrator on the LAN could shut off the fire sharing system to prevent other users from getting the virus. The network administrator logs the shut down and reason. This information can also be data mined in the future to determine what behaviors make users more susceptible to viruses or other computer attacks. But the goal of altering the behavior of the user to prevent the future threat was done. The user will no longer download from file sharing networks.
Another application of looking at behavior is early detection. In the biological world we see this applied in police/government security forces do behavior profile on people to figure out if they are threat or not to the entire society. This profiling can be done on the internet as well to determine if a user is a potential virus creator or hacker. Behavior that can be looked at is a lot of network scans come from a computer or a high level of unusual network traffic comes from a computer. By applying the same behavior profiling police use each level of a network would be able to identify a user who is a potential threat to the network. This might help narrow down the search for a hacker when you have a good profile on what network traffic makes a hacker. What websites hackers go to and how they become a hacker. Each person on a network leaves a different network traffic signature from the websites we visit to the amount of traffic that comes from our computers can tell a network a lot about that computer and what it might be trying to do. Just like the example above where a killer leaves a pattern that is different from normal members of society so too does a hacker. As of now no network behavior studies exist on what network traffic was found on known hackers. This area will have to be researched more in order profiling to become more effective tool with computers. But it was worth noting here.
V. Putting it all together BMNSM model alter behavior from the top down
Taking the top approach to altering behavior is a really simple process. First at the very top society determines behavior that is dangers to society as a hole this behavior is normally outlawed such as drug use. Society will then make policy and laws to alter a person’s behavior to keep them from drug use. Outlawing the most harmful drugs or put in policies to help a drug user come off drugs are both examples of how society can alter behavior. In this example both meet the end goal of society of getting rid of harmful drugs by modify people behavior.