In the 20th century it was said that the purpose of automobile brakes was to allow you to drive faster. Now that we’re on the precipice of driverless automobiles, automobile safety is shifting to focus on collision avoidance and Mobileye [NYSE:MBLY] is blazing the trail.
Could the same thinking be applied to Internet safety? A group out of California seems to have done just that by thinking about cyber security as simply a problem of network traffic collisions that need to be avoided.
Traditional security systems designed to flag bad stuff moving through the Internet have focused on either avoiding bad programs (the way that anti-virus software works using signatures to identify malicious program code) or examining program behavior (what is often termed heuristics). Signature-based solutions work well but only when signatures are known can a match be made. Heuristic systems, on the other hand, are noisy and either over- or under-compensate and result in frustrating and inconsistent results. They can detect probable behavior but are hard to rely on to take non-disruptive action.
A new idea has emerged that appears to offer a valid third-way. By learning what binds a set of digital data, new digital data can be evaluated in order to make a belong-or-not decision. It turns out that such process of marking good things is remarkably accurate in flagging bad things.
Just like airborne collision avoidance systems that have been used by commercial aviation since mid-1980s, an approach that is based on applying expertise to teach a system what belongs, what is normal, can enable the system to raise a flag and shout when it sees something that doesn’t belong. It’s a simple and elegant approach that seemingly builds off the classic Sesame Street song “One of These Things (is Not Like the Others)”.
To get more technical, assume you look at network traffic coming into or leaving a computer that is connected to the Internet. The set of good network traffic is well defined and understood. Anything outside of this set of defined good digital data clearly doesn’t belong and is immediately flagged. For example, the over 50 million computer virus samples circulating in the Internet today carry only 14 “strains” or markers. So if network traffic contains one of these markers then we know enough to avoid it. Knowing the specific virus is not important if you’ve avoided the collision or contact with it.
According to TrustPipe, the innovative company that has introduced this Internet collision avoidance system, there are fewer than 500 bytes (not kilobytes, megabytes or gigabytes but collection of less than 4,000 0s and 1s) of markers that cover the entire set (100%) of past viruses. If a marker is present then it’s a virus; if it’s not then it’s not a virus.
With an Internet full of bad traffic, it’s nice to know that a collision-avoidance system may soon be available to keep us safe. Perhaps TrustPipe will do for the Internet what Mobileye has done for automobiles.