University of Utah computer scientists have developed software that detects and eradicates new malware and viruses, automatically repairs damage caused by malicious software, and learns from the incident to ensure the culprit does not infect the system again.
The cyber-security software is named Advanced Adaptive Applications (A3); its four-year research project, completed in September 2014, was co-developed by US defense contractor Raytheon BBN, and was funded by a program of Defense Advanced Research Projects Agency (DARPA).
How A3 works
A3 operates in a virtual machine environment, a computer system that is designed to run multiple instances of an operating system and its applications. A3 watches over the virtual machine software, and is designed to protect servers or similar business-grade computers that run on the Linux operating system. It also has been demonstrated to protect military applications.
A big advantage of A3 is that the software program not only acts as an antivirus and anti-malware tool, but also automatically repairs damage caused by malware and prevents these malicious programs from infecting the system again.
"It is a pretty big deal that a computer system could automatically, and in a short amount of time, find an acceptable fix to a widespread and important security vulnerability," said project leader Eric Eide, Assistant Research Professor of Computer Science at the University of Utah, in an official news release.
New viruses are also detected
According to Eide, another major functionality of A3 is that it can detect new and unknown malware/virus programs by monitoring for malicious activity within the host computer's operating system.
A3 then runs a system scan, stops the malicious code from executing and spreading, and then initiates a repair for the software compromised by the virus.
A3 is also said to be capable of adaptively learning from a new attack, storing information related to the malicious program it removed, and preventing the same malware from infecting the host system again in future.
The engineers behind A3 have implemented within the software 'stackable debuggers' and have programmed several debugging applications to run on top of each other, monitoring the virtual machine's internals for suspicious behaviour.
A3's capability successfully passes real-time test
Researchers have tested A3 in real-time by using the 'Shellshock' malicious program, and the test process was demonstrated to officials from DARPA.
Eide reported that A3 was successful in detecting attacks launched by the Shellshock bug on a web server, and A3 undid the damage caused by the malicious program in just four minutes. A3 was also demonstrated to work successfully against six other types of malware.
"It's pretty cool when you can pick the Bug of the Week and it works," said Eide.
A3 is open source
With the entire A3 software code to be open-source, the program should make its way into computer systems ranging across sectors such as defence and e-commerce.
Home computers, which are a breeding ground for many types of malware, may therefore also see a variant of the software technology in future, but Eide says there are currently no plans to adapt A3 for home computers or laptops.
"A3 technologies could find their way into consumer products someday, which would help consumer devices protect themselves against fast-spreading malware or internal corruption of software components. But we haven't tried those experiments yet," said Eide.