With funding from the Defense Advanced Research Projects Agency (DARPA), researchers from the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) aim to develop a new system that would help the cloud identify and recover from an attack almost instantaneously.
Typically, cyber attacks force the shutdown of the entire infiltrated system, regardless of whether the attack is on a personal computer, a business website or an entire network. While the shutdown prevents the virus from spreading, it effectively disables the underlying infrastructure until cleanup is complete. Electrical Engineering and Computer Science Professor Martin Rinard, a principal investigator at CSAIL and leader of the Cloud Intrusion Detection and Repair project, and his team of researchers aim to develop a smart, self-healing cloud computing infrastructure that would be able to identify the nature of an attack and then, essentially, fix itself.
The scope of their work is based on examining the normal operations of the cloud to create guidelines for how it should look and function, then drawing upon this model so that the cloud can identify when an attack is underway and return to normal as quickly as possible.
“Much like the human body has a monitoring system that can detect when everything is running normally, our hypothesis is that a successful attack appears as an anomaly in the normal operating activity of the system,” Rinard says. “By observing the execution of a ‘normal’ cloud system we’re going to the heart of what we want to preserve about the system, which should hopefully keep the cloud safe from attack.”