This antivirus has self-healing capabilities

Sheila Zabeu -

October 05, 2021

Immunity is perhaps one of the most quoted terms since the start of the pandemic. It is a set of defense mechanisms of an organism against foreign elements, for example, the coronavirus. However, we can also already say that there is software with this self-healing power against cyber viruses or other plagues that attack computer systems.

This cybersecurity solution with self-healing capabilities was jointly developed by the Dutch Organisation for Applied Scientific Research (TNO) and ABN AMRO, inspired by the human body’s immune system. “We based our work on how human cells fight viruses and bacteria and regenerate themselves and translated this into a cybersecurity concept. This software offers protection by limiting the options available to attackers,” explains Bart Gijsen, who led the Self-Healing Security project at TNO.

According to the researchers, a fundamental difference between computer systems and the human immune system is the principle of ‘dispensability – that is, from time to time, the body replaces its own cells and thus ensures, among other benefits, that any infected cells that went unnoticed have harmful impacts on the body for a limited time.

However, the principle of disability applied to cybersecurity, which would increase protection against undetected cyber attacks, was proving very difficult to implement so far.  The challenge was to develop a decentralized system that autonomously corrects itself and also recognizes when to do so.

The new proposal is to use Kubernetes. This container technology ensures ease of managing infrastructure, with options to restart and refresh applications. In the case of TNO’s self-healing software, functionality has been added to allow containers to refresh themselves at adjustable intervals. Such refreshing provides a simple way to ensure that any ongoing cyber-attacks are intercepted. In addition, the solution includes a detection technique that identifies containers with abnormal behavior and shuts them down immediately. This allows for much faster interventions if something is suspicious.

The software is open-source and available on GitHub.

What is Kubernetes

Google translation tool points out the word Kubernetes as being of Estonian origin, meaning Governors. Because it is long and difficult to pronounce, the word is sometimes quoted as K8s (8 replacing eight letters). Despite this, the meaning of governing is appropriate to name the open-source container orchestration platform, whose goal is to enable the operation of elastic server structures for cloud applications. The Kubernetes technology was originally developed by Google and is currently maintained by the Cloud Native Computing Foundation.

But what are containers? They are small software units precisely governed by this platform that automates management, calling up new containers when necessary and eliminating redundant copies. We can then imagine that an application can contain several containers running independently and presenting themselves as services to each other.

Because they are small, independent software units, these containers can be destroyed and recreated at any time without affecting their availability, precisely the technique on which the new cybersecurity method created by TNO and ABN AMRO Bank is based. Together, Kubernetes and containers make it possible to create software with self-healing capabilities.

Containers are hardware agnostic and do not suffer from portability issues often present in virtual machine scenarios. In other words, containers work well on any hardware, and your projects can be easily transferred from one environment to another. Containerisation ensures portability by bundling application code, configuration files, libraries, and other dependencies into one package.

Many cloud services offer Kubernetes-based platforms or infrastructure as a service (PaaS or IaaS). Some vendors also offer their own Kubernetes distributions. According to a study by ResearchAndMarkets, the preferred public cloud container service is AWS, followed by Microsoft and Google. An infographic in Portuguese is available on RedHat‘s website, pointing the way with important considerations for choosing a Kubernetes platform.