Self-Policing Networks?

An Anonymous Coward writes: "IBM is looking to build self-policing networks with project eLiza, as reported in Wired. Sounds pretty cool, but I don't see it being all that effective. And if it is, security teams will get pretty lax, and not be able to handle an attack that breaks eLiza." Also a USA Today article. It's a insightful idea, and one that I'm sure will *eventually* become part of many major networks, but somehow I suspect that this is one of those things that appears difficult on the surface, and turns out to be ten times as difficult when you get into it.

Re:Anyone have some gas they'd like to release?

[Anonymous Coward]

can you demon-strate to me with that 4.5" icepick you have in your pocket?

Cyberdyne systems

[Anonymous Coward]

Now if Cyberdyne sytems start policing the networks, be afraid...be v.afraid :)

Re:snake oil

[Anonymous Coward]

Nicely put. "Our customers" .. So I take it this is strictly for IBM customers using their products. Why not make it an open project and let everyone reap the benefits, they would be martyred. martyr: One who makes a great show of suffering in order to arouse sympathy Um, why would they want to do that when they can get: profit: An advantageous gain or return; benefit Why do you guys give away your talent? Are you just silly children who don't know what your gifts are worth? Are you too idealistic to be practical? Would you rather make money doing something you hate and give away the thing you love?

Link to learning algorithm employed in Eliza

[Anonymous Coward]

It's a variation on weighted Bayesian nets.

sad state of security today

[Anonymous Coward]

While good security is hard to come by the main problem at most companies is that security just isn't really thought of. One Fortune 50 firm that I did an audit of and whose name I will omit to protect the foolish:
(a) Used frontpage to design their website;
(b) Didn't bother to password protect it;
and
(c) Included the sysadmin username and password for their oracle database in the asp code. This was done simply so they could dynamically populate a list of sales regions. The same database had their entire financials on it.
If Eliza can protect against actions such as these then I'm all for it. It had better be cheap though neither the CEO or the CIO of this company thought much of it, stating "Its only our website. Thats not really important to us." followed by "No security is foolproof."

Re:An easier way to more secure networks

[Skavookie]

Or just write everything in pure lambda calculus! :)

Internet?

[boinger]

Wasn't the Internet self-policing? Usenet certainly was at the beginning...How will eLiza handle scaling? Or, more importantly, how will it handle the inevitable dickwad looking to make a fast buck on someone else's dime?

Re:What Cyberdyne systems is

[armb]

Looks like several ISPs, including http://www.sky.net/, and a courier service called Skynet already exist.

--

TRON

[sharkey]

TRON searches through data and if it finds something that shouldn't be there, it wipes it out.

It could even patrol the Master Control Program.
......


--

Re:A Nicer World Please?

[_Splat]

Actually you linked to the wrong thing.. You got some 1993 TV series..

Re:A Nicer World Please?

[linmanux]

Stuff like this always makes me think about the Terminator series. Something about the fighting back that gets to me.

Slashdot effect or DOS?

[Shadowhawk]

I can see it now...people blocked from accessing a site because the referrer is slashdot.org after the site is mentioned here.

Re:Eliza?

[schussat]

What does it do, psychoanalyze the attacker?

computer1: intruder detected
eLiza: How does that make you feel?
computer1: security breached!
eLiza: What do you think about the beach?

-schussat

Re:What Cyberdyne systems is

[James Lanfear]

And other course Cyberdyne orignally comes from the Terminator movies, which probably everyone has seen. IIRC, Cyberdyne's baby, Skynet, was a military computer that destroyed the world after humanity realized that its wasn't a terribly good idea to have a giant computer with a sense of self-preservation controlling all of our nukes. (This is an old plot, but a nifty name ;-)

Eliza?

[johnathan]

What does it do, psychoanalyze the attacker?

--

Re: A Nicer World Please?

[Iorek]

Definitely. Happy endings abound.

Hell, we've seen how they deal with guilt [imdb.com] :-)

-Iorek

Re:A Nicer World Please?

[Puk]

True, that. While I'm out imagining things, I'd rather imagine a world where computer crackers aren't attacking my networks, and people stop making errors. "And no religion, too." -- John Lennon

-Puk

Re:A Nicer World Please?

[holzp]

actually, a few [imdb.com]

Cracking tools will get better too

[isaac_akira]

If corps start using "intelligent" software to battle crackers in real time, the crackers and script kiddies are just gonna one up them with more advanced cracking tools. The crackers don't have to worry about waiting until something is well tested and proven, so they will always be on the cutting edge. They can also blatently steal the code or patented ideas from the corp software tools, while the corps have to do everything legally.

As always, the advantage goes to the offensive tools over the defensive ones.

Frankenstein

[BierGuzzl]

We're going to create this semi-alive, semi-independent thing with massive power over an enormous network that will be the infrastructure of our economy. That's like trusting your life to Frankenstein -- just because you created him doesn't mean he's going to like you!

Project Eliza is going to cause a lot of havoc with all the perfectly normal activity it will combat, all the false alarms it will respond to. Hell, it might begin to view it's controllers as the real oppressors, and try to protect itself from them yet too.

Keep in mind . . .

[Kreeblah]

. . . that the best computer is only as good as its software. Can they guarantee that eLiza will be entirely invulnerable to script kiddie attacks? Probably not. It's statistically impossible (if the software is of any complexity at all, which it is).

I realize they're only claiming that it will aid in system administration, but I worry that this will give too many people a false sense of security (business executives, for example, who know little about security). I don't know about you, but, to me, a false sense of security is worse than bad (or no) security. At least with bad security, you know what to look for.

How can you tell what the server's been up to, anyway? Will it print out logs, or what? I'd rather administer my own box, to my own taste, than trust automated software to do it for me.

Finally, if the software is defective, could a company sue IBM . . . ? Or would this be more like firewalls (you've gotta maintain it yourself)?

Re:snake oil

[mikefe]

The concept for this is similar to the Crypto community. No crypto is trusted until it has been published, tested, and tested for years.

Here, published means basically the same as Open Source.

Re:What Cyberdyne systems is

[mikefe]

What do you want to bet that someone is going to market something called "Skynet"?

An easier way to more secure networks

[Tom7]

Here I go again... ;)

Far and away, the most common type of security breach is those involving buffer overflows (including the recently popular "printf" attacks).
Go ahead and blame it on the programmer, but the truth is: C makes it easy for programmers, even experienced ones, to make these kinds of mistakes.

C is an inappropriate language for writing high-level network applications. Other than the fact that it has "always been that way", Why is wu_ftpd written in C? fingerd? sshd? bind?

Please, write your network applications in a safe language. Go ahead and use Java if you need it to look like C. There are many other even more appropriate choices.

If the community isn't willing to do that (and they clearly aren't), why aren't they willing to ship something like stackguard in the default install of popular distributions? There is no way users will notice the difference, except that the ones who aren't reading bugtraq and staying up-to-the-hour on patches won't get rooted. Before we need to bother with elaborate AI systems checking networks for us, we need a BIG CHANGE in the way we implement network applications.

Nativity

[Nyarly]

It seems to me that it's easy to attack a "self-policing" network, in terms of it being a dumb machine, can't be smart enough to solve it's own problems, etc.

However, I have to say, I can see several reasons to encourage such a system. Essentially, though, they all come down to the system being the closest entity to itself. No system administrator can know his system as intimately as it could know itself (if it were capable of doing so.) In terms of speed of response, comprehensive scanning, and endurance, an automated protection service could not be besten by a live admin.

Obviously, a human being wins in terms of potential intelligence, user discrimination and imagination, but I think it's foolish to attack a system that could lend the qualities of the machine to it's own protection rather than encourage training. Frankly you should do both.

But as far as tool making people sloppy, I don't see anyone bitching about the Microsoft development packages subconciously training bad coders.

What happens...

[SmokeSerpent]

...when the computer figures out the one common link in all of its attackers is that they are carbon-based life forms? STER-I-LIZZZE STER-I-LIZZZE ...

Re:A Nicer World Please?

[realdpk]

Imagine a world where complicated computer networks need little or no interaction with humans Wasn't this the plot to, oh, around a million sci-fi movies?

Self Healing - Debian?

[enneff]

One of the features of Debian is it's nifty apt-get system, whereby you can easily upgrade everything on your system with a simple command. (apt-get upgrade ; apt-get dist-upgrade)

This gives it an almost 'self-healing' property, which is going towards convincing me to switch all my servers over to it.

Imagine, with a simple cron job I can ensure I'll always be patched up with the latest security updates.

intrusion detection

[grue23]

My ex-advisor is a chair of the IETF [ietf.org] working group [ietf.org] researching automated intrusion detection. Currently they are developing a protocol to pass messages between network devices when a potential breach is detected. It's a really complicated field, both in terms of getting a distributed group of network devices to collaborate to decide whether or not something is a deliberate attack, and in creating a security alert protocol that can't be compromised itself.

Re:snake oil

[piecewise]

If it were open source, would it be much easier for crackers to manipulate?...

My question...

[aztektum]

Will it police the geeks that spend too much time reading /. in the morning at work????

aztek: the ultimate man

Re:snake oil

[dannywyatt]

how do they plan on bandaging a wound for a newly found vulnerabilty that has yet been exposed to the security community as a whole? Do they expect their system to just guess on its own?

I think that's the general idea. Keeping patches up to date is almost autmatic as it is, just watch for those emails from RedHat. The next step is to teach the system to be able to tell the difference between legitimate and illegitimate access. Not an easy task, to be sure, but people have been working on it [columbia.edu] for a while.

Re:Old idea

[Alien54]

Notwithstanding the fact that they are entirely ineffective and quite obsolete, I think the idea is pretty decent as an addition to existing security policy. Otherwise, however, administrators will be replaced with autonomous AI 'black boxes', that will serve as the replacement security staff.

Agreed. I can see the marketroids going after the pointy haired bosses saying that you can replace your staff with these AI boxes.

The only problem is when this advances to the next stage, which is AI management, AI corporations, etc. The question is if this would be good or bad. Would we have a world of AI drones producing income so that we can live off their work and have a permanent vacation at the beach with fancy drinks decorated with umbrellas?

It's going to be a long strange road.

Check out the Vinny the Vampire [eplugz.com] comic strip

Robots in Charge?

[Alien54]

If middle class jobs were performed by robots society would be destroyed.

Well. This is one of several possible scenarios when AI is pervasive enough that robots can be pervasive, and we are no longer at the top of the totem pole. Or are we going to have a society where the robots are in charge?

Check out the Vinny the Vampire [eplugz.com] comic strip

Down with the Master Control Program

[stinkydog]

Fortunatly for us Tron [imdb.com] is prepared to take on the MCP [rit.edu] and save cyberspace (and realspace as well).

New eLiza DOS attack

[Linux_ho]

Pipe Zippy the Pinhead quotes into the IDS. Processing time will increase exponentially.

Working on a self policing network

[KarmaBlackballed]

Network Police: You realize you were downloading at 64kb/s in a 28.8 zone?

User: That's how fast everyone else downloads around here.

Network Police: And you are downloading with unlicensed software.

User: Hey, this is shareware and I am going to register it.

Network Police: Tell that to the judge.

User: Hey, I'm booted off. Damn AOL.



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ the real world is much simpler ~~

What Cyberdyne systems is

[unformed]

For the people who don't know what Cyberdyne systems is, it's part of the movie at Univeral Studios' (Florida) Terminator attraction. Cyberdyne Systems created a "security system" based on artificial intelligence which 1) nearly fully controlled everything that went on and 2) was programmed to destroy the world if it was about to beaten.

I might be a little rusty on the details since I haven't been to Universal in a while...but for those of you who are confused, this DOES make sense (just not to most people :)

Automated Intrusion Prevention?

[Daath]

I really don't think so. Not for next many years. At least not effectively! Sure it will probably work for some attacks, script-kiddies and all that, but an automated system would, as I see it, be easy to fool...

Let's imagine that you DoS attack a server, you write a little program that automates the attack, spoofing IP addresses of a particular ISP that you don't like, covering an entire C-class, or B-class or whatever. Maybe alternate the attack types.
Very soon the automated intrusion prevention system will have blocked all the IP addresses of the ISP. Bing.

It would be interesting to see though, also in regards to honeypot [slashdot.org] networks (nets designed to be hacked/cracked/attacked).

I believe that there is a tool that you use with snort [snort.org] (an IDS), to make an automated system, block IPs etc.

Anyway, my point was that for many years to come, we wont be able to live without the experienced system administrator, going through logs!

Re:A Nicer World Please?

[hillct]

The second paragraph is even worse:

Big Blue announces a multi-billion dollar program designed to create a world populated with self-managing computer networks that can ensure their own survival and stability.

Wasn't there a movie [imdb.com] made about this?
---

Re:A Nicer World Please?

[spoocr]

"There is no spoon..."

No thanks, I'll take reality.

-- Chris

Re:Nativity

[grammar fascist]

But as far as tool making people sloppy, I don't see anyone bitching about the Microsoft development packages subconciously training bad coders.

Actually, this is my biggest complaint about Visual Basic. It really does do what you claim nobody is complaining about.

Re:A Nicer World Please?

[MadCow42]

"Imagine a world where your computer decides that you shouldn't be allowed to log on because it just doesn't like you anymore."

Hmmmm... I dunno, but some of the "normal" things that I do on a network might be analyzed as "attacks" under certain viewpoints. What then?

MadCow.

Self-Diagnosis

[chris_mahan]

I wouldn't mind if the machine would monitor itself for performance, see if a piece of hardware is failing, see if a piece of software is failing, and notify the sysadmin, maybe reduce it's expected throughput and notify the load-balancer (say ram drops from 512 to 128, so hits per seconds need to drop from 300 to 50), and make a diagnostics report for the problem, so that if the machine is under warranty, the tech can bring the right parts to fix it, and if not, then the parts vendor can ship the right parts.

Also, I wouldn't mind if the machine would throttle itself to manageable levels when becoming unstable, instead of crashing.

Also, the machine should be "aware" of the other machines in the organization so it can notify them of the reduced performance.

This would essentially be a self-load balancing system.

I wonder to what extent Google has implemented something like that in their 8000-strong server farm.

Hoopla

[hyrdra]

First of all, The Terminator was a movie about giving sentient computers weapons power and absolute authority. I'll remind you no current human has these powers, except some government officials, and even then they must go through certain checks and balances to insure their decisions represent their governments/peoples' views on specific issues.

eLiza, from what I can tell, is simply going to be a suit of tools which help analyze critical network attacks, maintain complicated global networks, and provide automated fixes for problems.

How they're going to do this, I don't know, but I'm sure the several billion dollar budget will help get the creative juices flowing.

The hoopla about eLiza destroying humanity is complete nonsense, and certainly isn't characteristic of the users on Slashdot. That said, not all people at /. are programmers.

I would think what IBM wants to do is similar to what SSL and data encryption did for data security in the 1980's (and 90's). Although it is possible to break encryption, it's very difficult mathematically, and this is probably what IBM is aiming for: a globally dynamic counterattack system which is very difficult to disrupt, yet easy to manage (self-managing even).

As networks grow, there won't be enough capacity in the human mind to simplify and quantify (humans have great strengths qualitativly, but have very little depth quantitativly) the almost chaos-level interconnections which will exist in all networks, and all networks being connected to each other via one huge super network (the Internet in 20 years???).

I think what IBM is doing is great, and I've thought about something similar often. Even if it isn't a major success, the research will be interesting and might reveal something insightful about information or network theory.

For now, lets draw the line between fantasy and reality. In movies, walking drones battle in world conquest and destruction, in reality people get paranoid about the same thing happening in real life. Its interesting because it wouldn't much matter if it was machines or people destroying things, as it still gets done anyway (we've always had wars).

Give it a rest

[deran9ed]

If it bugs you so much get a fucking clue and move on. Who gives a shit about what someone has done and hasn't done everyone has faults in life you dumb fuck. Whats the point in rambling on like a mindless crackhead posting anonymously about someone's actions, too hypocritical to post under a name?

If it bugs you so damn much go elsewhere you fucking idiot.

snake oil

[deran9ed]

You have to wonder how much of this is to market IBM so here goes my take on this.

"If they can actually create servers that battle crackers -- that can monitor their own health and bandage their own wounds -- then I can turn my attention to work that only a truly sentient being can do," he added.

The problem with security vulnerabilities at most is poor programming along with lousy administration, so how do they plan on bandaging a wound for a newly found vulnerabilty that has yet been exposed to the security community as a whole? Do they expect their system to just guess on its own?

our customers will need help to deploy technology so they can focus their people on real business issues instead of just managing and maintaining their infrastructure."

Nicely put. "Our customers" .. So I take it this is strictly for IBM customers using their products. Why not make it an open project and let everyone reap the benefits, they would be martyred.

"Automation is the way to go. That said, the IT industry hasn't yet focused on it and very few skills are out there. Many of the experts are long-time IBMers, so the company has a head start here."

Automation is a small step. One of the biggest problems facing companies, is their administrators are poorly trained. Even if the products, their using are broken, chances are there are patches, fixes, tweaks, etc., to get it up and running properly, its the administrators job to make sure this is done.

After its done, automation should come next, not vice versa, no machine no matter what IBM thinks they're gonna do, is going to be smart enough to determine what is and what isn't secure when it comes to exposing new flaws. Sure they could patch up all the older ones as they go along, but if I sat here and coded a new vulnerability, how is that machine going to determine a fix if it hasn't been exposed without automation, to what is right and wrong?

Getting back to reality now, companies should look to training instead of spending X more on X product simply because X says it will secure your network. Total bullshit and typical snake oil salesman tactics. "Buy X product and be secured!" give me a break

#define crypto [antioffline.com]

Re:intrusion detection

[Jade E. 2]

I dont know exactly what (all) methods they employ to detect attacks, but the University of Arizona is already using autonomous intrusion detection boxes. I do, however, know 2 things about them for sure:

1) When they detect intrusions, their response is to telnet to the edge router for whichever line the attack is coming through, and block the IP there, for increasingly longer periods.

2) They consider it an attack if you try to FXP a file to a server inside the U when both you and the source server are outside. This is, of course, how I first became aware of them.

The netadmin I know there tells me these boxen are called 'NetRangers', and we had a lengthy theoretical talk about how scary it is for autonomous devices to have exec access to your routers, and wondering whether they're smart enough to detect a constant barrage of packets with rotating forged sources before most of the internet is blocked at the routers.

Re:Old idea

[Bi()hazard]

Bad: If all work was done by AI and robots, why would the general population have any claim to the income produced? The robots and AI would be owned by the corporations that built or purchased them. Corporations would get richer and people who own large portions of corporations would become more fabulously wealthy. However, there would be very few jobs left for humans. Those who can't live off their investments (almost everyone) will have to make do with jobs the robots can't or won't do. Prostitution(well, maybe robots can do this too), drug dealing, and burglary come to mind. If middle class jobs were performed by robots society would be destrored.

A Nicer World Please?

[neoshroom]

Imagine a world where complicated computer networks need little or no interaction with humans: a world where computers can update and maintain their own systems, shield themselves from misfortune caused by human error and acts of nature, and fiercely protect themselves against attacks by computer crackers.

Is it just me or does that sound like a frightening world to live in?

Re:Cyberdyne systems

[Zeio]

I believe replacing the human being is akin to digital communism. Remember when China executed the bank thieves? To a system such as theirs, the offing of humans incongruent with their idea of what a computer user should be is highly attractive.

It is a cookie cutter system used to punch out intellectual biscuits. AI-like initiatives such as these should be very careful of the end result. Dumber human beings on the other end are easier to predict and control because they see less alternatives. Less alternatives to controlling oligarchy is better for the sheeple on the end.

How does this all relate to a possible AI-self-correcting hack me if you can system by IBM? I believe in the abstract it does. I was made aware by a friend that individual people inside General Motors know very little about how an overall car works. They specialize on specific pieces of the system, and focus on increasing performance and driving down cost and milking old technology, but they have little regard on the impact of their work on the ~system~. Cars is one things, computers another. The dangers are the same; the users of these systems will have less and less of an idea on how to control what is going on.

Suppose IBM and some smaller company are competitors. With mega-corporations walking around, everyone is a potential competitor. How convenient would be to have a system administrator who uses no more than his brain stem in front of this uber-security software. Say the company has good stuff IBM wants. Now I am an IBM advocate, so this is purely theoretical, but it would be easy for IBM to exploit and leverage their proprietary knowledge of the system to infiltrate their corporate enemy.

Cameron's Terminator series sheds light on runaway technologies and ignoramuses buying and administering them. They are vile. There is no easy way out. We must work together to pave a golden path into the future. Think of this way, we spend a lot of time trying to take away money from one another on wealth that is based on a relative scale. Salt used to be money in some places, now it melts ice. The sooner we stop trying to eliminate the need for intelligent humans to do work (and get compensated for doing so) and research and start embracing the collective intelligence potential the better off we will all be ;-).

Ultimately, someone needs to be responsible. If the world becomes a place where no one needs to be responsible for much of anything humans in general are, well, obsolete.

Many movies come to mind when thinking of bureaucracies and AI to support the iron fist of a control trust - 'Brazil', 'Matrix' and others...

Re:Self Healing - Debian?

[Waffle Iron]

Imagine, with a simple cron job I can ensure I'll always be patched up with the latest security updates.

Sounds great ... until someone hacks the Debian mirror site and injects (let's make up a name here) "BackLinufice" into one of your security update patches. Game over.

(And no, signed patches shouldn't give you much more comfort than signed ActiveX controls.)

Who says it's going to be perfect?

[bsquizzato]

Since when does some sort of technology not have a bug/vulnerability or just not be reliable at all? Self-policing woudn't be very reliable, IMHO.

Re:The Rap Bullshit Generator

[marcs]

How is this "Insightful"?

It's secure.. but can you find it?

[IBGeekHearMeRoar]

Ok.. So you read the article.. You go to the website.. And rather than read all the junk on their first page you type eLiza in their SEARCH engine... Nice website girl you go! Now if only IBM could figure out how to index their web pages. Somehow I have a problem believing that IBM can make security right if they can't make a release statement right and include it in their search engines before they do so. Yes.. I'm not stupid.. I see the nice pretty stuff on the front page.. but come on.. Throwing BILLIONS at security doesn't mean jack if the billions you're throwing it to are monkeys in a corporate boat.