Could you immunize systems against future threats?

The idea of imitating the human immune system to build a self-defending computer system is the subject of our latest MSc thesis from Royal Holloway University of London.

Think of the power of the human immune system, capable of building up defences against new and unknown threats - and then imagine how it would be if computer systems could defend themselves in the same way, instead of needing to be told what to do and just recognizing signatures.

The idea of imitating the immune system to build a self-defending computer system intrigued Devid Pipa so much that he made it the subject of his recent MSc thesis at Royal Holloway University of London. An article by him on the subject appears today on

The 25-year-old, who got interested in security while doing his BSc in computer science, also at Royal Holloway, says it took him several weeks to come up with a subject for his thesis, and it was only after looking through past years' papers that he spotted a thesis on a similar subject that sparked his interest.

"My supervisor said it was a very hard subject to tackle, but that made me even more determined," he says. With no medical background Pipa had to do some considerable reading first to learn the fundamentals of human immunology. Luckily, his mother is a doctor and put him in touch with a friend who helped him.

Having done that, he then had to plough through existing research on self-defending computer systems before drawing his own conclusions. He says that the problem with most IT defences is that they are built to tackle specific threats, and so are unprepared when a new threat arrives.

On the other hand, the human immune system is flexible and when confronted with a new threat, finds ways to beat it and defend against it in future. "There are 6.8 billion humans around at the moment so the immune system must be pretty successful," he says.

As the article outlines in some detail, many of the human system's mechanisms could be replicated within a computer system, although he also concedes that the computer power needed to do it is huge. Furthermore, to replicate some of the more subtle mechanisms would still need some further work.

Nevertheless, Pipa says his research should be of interest to software engineers working on behaviour-based systems, and anyone building software that needs to go through a training and testing phase. "And of course, I'd like it to be of interest to other MSc students, especially if they reference my work," he says.

The work has certainly been good enough to impress Information Risk Management of Cheltenham, which has recently recruited Pipa to work as a penetration tester.

To see his article – 'Intrusion Detection – Immunologically Inspired Approaches' – click HERE. The article also provides a link through to the full thesis.

Read more on Identity and access management products