INFORMATION SECURITY WITH FORMAL IMMUNE NETWORKS Alexander O. Tarakanov Russian Academy of Sciences St. Petersburg Institute for Informatics and Automation 14-line, 39, St.Petersburg, 199178, Russia tarakanov@togetherlab.nw.ru Abstract. We propose a biological approach to information security based on a rigorous mathematical notion of formal immune network. According to our previous developments, such networks possess all the main capabilities of artificial intelligence system, and could be considered as an alternative to the wide spread artificial neural networks or intelligent agents. We consider also the main distinctions of our approach from the modern information security by agent-based modeling and artificial immune systems. 1 Introduction Nowadays the natural immune system is treated by specialists as “the second brain of vertebrates'' [3]. In fact, the immune system possesses all the main features of Artificial Intelligence (AI) systems: memory, ability to learn, to recognize and to make decision how to treat any macromolecule (antigen) even if the latter has never existed before on the Earth. Of especial interest for computer science is the widespread theory of immune networks, formed by the interactions between specific proteins (antibodies) of the immune system. The existence of such networks is established now beyond all doubts, because their fragments and interactions have been detected experimentally by molecular immunology. It is worth to note that almost the similar networks under the name of molecular circuits have been even proposed as a possible molecular basis of neuronal memory in the human brain [1]. Based on biological principles of immune system, there arises a new and rapidly growing field of Artificial Immune Systems (AIS), offering powerful and robust information processing capabilities for solving complex problems [4]. Like Artificial Neural Networks (ANN), AIS can learn new information, recall previously learned information, and perform pattern recognition in a highly decentralized fashion. AIS have already been applied in several specific problems, including information security, faults detection, vaccine design, control of robots, data mining, etc. Among these applications, information security becomes increasingly important for everyday life. The matter is that the growing scale of computer networks and sophisticated software codes make them more and more vulnerable to alien intrusions, such as computer viruses, non-authorized access, intentional corruption, etc. Such intrusions could cause rather serious failures of computer-based information and control systems. The example of the well-known Y2K problem shows how deeply such failures could affect our society. In the same time, currently used computer security systems show insufficient speed, reliability, flexibility and modularity to satisfy the modern requirements [11]. That is why AIS seem to be the most perspective way to accept the challenge of modern information security on the basis of the highly appropriate biological prototype. In fact, computer viruses could be inferenced from J.von Neumann's studies of self-replicating mathematical automata in the 1940s. Although the idea of programs that could infect computers dates to the 1970s, the analogy between information security and biological processes was recognized in 1987, when the term "computer virus" was introduced by Adelman [7]. The idea of using immunological principles in information security started since 1994 when S.Forrest and her team have been working on a research project with a long-term goal to build AIS for computers. Nowadays several of such AIS are being under development, but all of them represent a set of heuristic algorithms, using ideas from genetic algorithms, ANN, agent-based modeling, etc. However, there exists a strong need for a proper mathematical basis of AIS in general, and, especially, of AIS designed for information security. The problem is caused by very specific objects and interactions of immune networks, which differ remarkably from any of genetic algorithm, cellular automata, ANN, or intelligent agent. On the other hand, such mathematical basis could raise AIS up to the level of the widely spread ANN, and even allow to speak about hardware implementation of AIS in a new kind of computer – immunocomputer [15]. Thus, our paper is intended to fulfill the existing gap. Our general goal is a rigorous mathematical basis of immune networks intended for information security assurance. This goal can be accomplished by developing the novel mathematical notion of formal immune network [15] and its application to the field of information security. We consider also main distinctions of immune networks from modern information security approaches by agent-based modeling and AIS. 2 Modern Information Security with AIS Though there are many security-related products and technologies, yet there exist no detection system that can catch all types of different violations in networked computer systems and the potential threats and vulnerabilities remain intractable. An influx of new approaches is needed to enhance security measures. Researches have been exploring various AI-based approaches for intrusion detection. Among them agentbased modeling seems to become more and more promising, because Internet evolves towards an open, free-market information economy of automated agents buying and selling a rich variety of goods and services. Over time, agents will progress naturally from being mere facilitators of electronic commerce transactions to being financial decision-makers in their own right. Ultimately, inter-agent economic transactions may become an inseparable and perhaps dominant portion of the world economy. Thus, in the agent-based systems, humans delegate some of their decision-making processes to programs that are in some sense intelligent, mobile, or both. "Intelligent" agents have reasoning capabilities, e.g., rule-based inferencing, probabilistic decision analysis, and/or learning. For example, an agent-based model of information security system is proposed in [8] based on ontology (a network with a sense of existence) where agents solve, jointly, the entire multitude of tasks of information security. The model introduces intelligent meta-agents that solve management and coordination of decisions of the subordinate security agents. Such approach to information security, as well as any other, has its strength and weaknesses in real world applications. The matter is that the intent of information security system is to provide the least amount of impact to the network performance. But securing of a network by filling it with complicated intelligent agents and ontology hardly corresponds to the intent. Moreover, any intelligent coordinating center, such as meta-agent, becomes the most vulnerable object of the network itself. Fortunately, we have the natural immune system, which solves the similar problems, but in the way that is radically different from those of traditional information security. The immune system involves many unreliable, short-lived, and imperfect components (mainly B- and T-cells), which circulate at various primary and secondary lymphoid organs of the body. There is no central organ or "meta-agent" that controls the functions of the immune system. The system is autonomous and selfregulatory by nature. It is not "correct", because it sometimes makes mistakes. However, in spite of these mistakes, it functions well enough to help keep most us alive for many years, even though we encounter potentially deadly parasites, bacteria, and viruses every day. Up to date, related works on the field of immune-based information security are concentrated on isolated ideas and mechanisms of the immune system (e.g. negative selection algorithm [7]). But now there is a larger vision in terms of a set of organizing principles and possible architectures for implementation. For example, the work [5] focuses on the investigating of immunological principles in designing a multi-agent system for intrusion/anomaly detection and response in networked computers. In this approach, the immunity-based agents roam around the machines (nodes or routers), and monitor the situation in the network (i.e. look for changes such as malfunctions, faults, abnormalities, misuse, intrusions, etc.). The types of agents and the scope of each agent type are considered to be similar in function and purpose as that of immune cells: monitoring agents (correspond to Bcells), communicator agents (correspond to proteins secreted from T-cells to stimulate B-cells and antibodies), decision/action agents (correspond to helper-, killer-, and suppressor cells). The immune agents can simultaneously monitor networked computer's activities at different levels (such as user level, system level, process level and packet level) in order to determine intrusions and anomalies. They can mutually recognize each other's activities, learn and adapt to their environment dynamically, and detect both known and unknown intrusions. The above example shows how fruitful it could be to translate the structure of the human immune system into information security. However, several biological solutions could not be directly applicable to our computers because of the serious differences in basic elements and mode of functioning. We also have a risk to overlook non-biological solutions that are more appropriate. So the success of the analogy will be ultimately based on our ability to identify the correct level of abstraction, preserving what is essential from an information security perspective and discarding what is not. Therefore, we propose another level of abstraction where the core consists in a proper mathematical basis of immune networks. Our approach is somewhat analogous to the proper mathematical basis of neural networks, abstracted from the features of their biological prototype and leading to the wide spreading of the ANN [19]. 3 Mathematical Basis of Information Security Immunologists traditionally describe the problem solved by the immune system as the problem of distinguishing "self" from dangerous "other" (or "nonself") and eliminating other [3]. Self is taken to be the internal cells and molecules of the body, and nonself is any foreign material, particularly bacteria, parasites, and viruses, as well as degenerated self-cells. Distinguishing between self and nonself in natural immune systems is difficult for several reasons. But the main reason is that the components of the body are constructed from the same basic building blocks as nonself, particularly proteins. Proteins are important constituent of all cells, and the immune system processes them in various ways, including the processing in fragments called peptides, which are short sequences of amino acids. The problem of protecting computer systems from malicious intrusions can similarly be viewed as the problem of distinguishing self from nonself. In this case nonself might be an unauthorized user, foreign code in the form of a computer virus or worm, unanticipated code in the form of a Trojan horse, or corrupted data, etc. In principle, information security could be completely specified based on the abstract representation of self and nonself as sets of bit strings, at that designated even as "proteins" and "peptides"[7]. For example, "protein" could be a sequence of viral bytes in a legitimate program, or a "signature" of computer virus. To preserve generality, in [9] it has been proposed to represent both the protected system (self) and infectious agents (nonself) as dynamically changing sets of bit strings, because in cells of the body the profile of expressed proteins (self) changes over time. In [7] "peptide" for a computer system is defined in terms of short sequences of system calls executed by privileged processes in a networked operating system. Preliminary experiments on a limited testbed of intrusions and other anomalous behavior show that short sequences of system calls (currently sequences of length 6) provide a compact signature for self that distinguishes normal from abnormal behavior. By this analogy proteins can be thought of as "the running code" of the body while peptides serve as indicators of its behavior [7]. More generally, from the viewpoint of computer science we can consider that natural proteins (and peptides) realize main functions of information processing and information security in the whole living Nature. In fact, namely the proteins recognize and execute programs (instructions) represented in the form of genetic code. Being the neuromediators and the receptors of neurons proteins control the electrical activity of the brain. Proteins also can be considered as the main components of the immune system: receptors of B-cells and T-cells, antibodies and messengers (factors, limphokynes). Apparently, proteins should play the key role both for immune and intellectual processes. In spite of exceptional complexity of proteins' behavior there exist convincing evidence for the following principles: function of any protein depends on its spatial conformation; this conformation, in its own turn, is determined by the linear sequence (word) of amino acid’s code of given protein. Based on the above postulates a mathematical notion of formal protein, or formal peptide (FP), has been introduced in [14]. This notion abstracts a biophysical principle of the free energy dependence over the space conformation of protein's chain. According to [15], the model of FP demonstrates such important features of protein, as a self-organized reaching of stable state (self-assembly, or folding), and its dependence from the number and the order (non-commutativity) of the links. The main condition for a protein to function is its binding with another protein (or molecule). Such binding is highly specific (selective), because it depends like "key and lock" on the existence of highly adjusted local shapes of interacting proteins. The proposed model also permits to determine in a natural way the free energy of interaction between FPs as a binding energy. As a result of interaction, a binding (recognizing) of FPs occurs, if binding energy is lower than some threshold; otherwise FPs do not bind. As a result of binding, protein can change its spatial shape (the so-called allosteric effect). Furthermore, by this effect protein can receive an ability to bind with such molecule (antigen, antibody, messenger, transmitter, etc.), which it couldn't bind before. Thus, new proteins are able to become involved in such process of subsequent binding, forming networks of binding (or molecular circuits). Based on this fact we have introduced the notion of (formal) network of binding, which implies any subsequence of binding between FPs with allosteric effects. For the modeling properties of immune networks we have supplied the networks of binding with the models of reproduction and death of cells. For this purpose we have introduced a notion of formal B-cell and defined a formal immune network (FIN) as a network of bindings, which includes B-cells [15]. Unlike cellular automata or artificial neural networks, with fixed elements and connections, FIN's elements (Bcells and FPs) are allowed to displace and to bind freely with each other. Namely, formal B-cell is a 4-tuple B = < P, Ip, Is, Im > , which includes formal protein P as a cell receptor, receptor state indicator Ip, cell state indicator Is, and mutation indicator Im. A behavior of the B-cell is defined by the following conditions: 1. B-cell can be only in the states Is = {0, 1, 2}; 2. State Is = 0 corresponds to death when B-cell is destroyed; 3. State Is = 1 corresponds to recognition when B-cell possesses the abilities of its receptor P; 4. Is = 2 corresponds to reproduction when B-cell is divided to the two copies with the cell states Is = 1 and the receptor states determined by the Im; 5. Transition from the state Ir=1 to the state Ir=2 occurs only as a result of binding between FPs. For example, consider the simplest variant of FIN - an one-dimensional integervalued network 1DN(n, nh), which is defined by the following conditions: 1. Ip = {0, 1,..., n-1} for every B-cell. Accordingly, designate the states of receptors as P(0), P(1), ... , P(n-1), and cell states as B(0), B(1), ... , B(n-1); 2. An integer-valued threshold of binding nh is given; 3. Energy of interaction between FPs is defined by the formula w(P(i), P(j)) = min { (i-j)mod(n), (j-i)mod(n) } . 4. B-cells form one-dimensional sequence (population) without gaps, with beginning (left) and ending (right); 5. If cell B(j) reproduces, then one of its copy remains on the former place, and the other copy is added to the end of the population; 6. If cell B(j) dies, then the other cells shift to the left and fill the gap. We have introduced and studied two kinds of 1DN: the so-called AB-networks and BB-networks. AB-network AB(n, nh) is defined as such 1DN, which possesses, apart from Bcells, also free FPs (antigens) of the n sorts: A(0), A(1), ... , A(n-1), with the following rules of displacement and interaction: 1. Population of antigens is displaced over the population of B-cells so, that to every B-cell no more than one antigen is corresponding. 2. Interaction is allowed only for the B-cell and the antigen over it. 3. B-cell dies, if there is no antigen over it, or if w > nh . 4. If w = 0 , then B-cell makes two precise copies of itself (without mutations). 5. If 0 < w nh , then B-cell makes two copies of its nearest sorts (with mutations). 6. The interaction brings no influence on the antigen. 7. Interactions are realized consequently from left to right. 8. When the end of population is achieved, interactions continue from the beginning. The following result has been proved for such networks: Theorem 1. If all antigens in a AB(n, nh) network are of the same sort, and at least one B-cell binds an antigen, then after a finite number of steps, for every antigen a matching Bcell will correspond. This result affirms, that even the simplest variant of FIN shows the mechanisms, by which FPs (antigens) control reproduction and death of B-cells. Besides, we have determined the conditions of arising and supporting of formal immune response, which implies the B-cells' intention for acceptation of antigen's sort [15]. We have studied also a case, when several sorts of B-cell are generated and stored by interactions between B-cells themselves, in the absence of any antigen. For this purpose we have defined a notion of BB-network BB(n, nh), as 1DN with population of B-cells satisfying to the following rules: 1. Interactions are allowed only between the neighboring B-cells with the numbers 2k-1, 2k , where k = 1,2, ... , is a number of the pair of B-cells; 2. If the last B-cell in population is odd (without pair) then it dies; 3. If w > nh , then the second B-cell in the pair dies and its place remains free; 4. If 0 < w nh , then the second B-cell in the pair reproduces with mutations, where the first copy remains at the former place, and the second copy is delayed; 5. After all pairs of the population have interacted once, B-cells are shifted to the left for filling gaps remaining from the died cells; 6. Then the delayed copies are added to the end of the population in the increasing order of their numbers. Theorem 2. For any initial population of any BB(n, nh) network only one of the three regimes is possible: 1) death of all B-cells, 2) unlimited reproduction of B-cells, and 3) cyclic reproduction of the initial population (formal immune memory). Theorem 3. For any n there exists such threshold nh that at least one cyclic regime is possible in BB(n, nh) network. In fact, there exists a number of cyclic regimes with several periods and dimensions of populations, including those, where the number of B-cells changes from population to population. Namely such regimes of FIN represent a mathematical model of self-maintaining immune memory, where several sorts of B-cell are generated and stored by interactions between B-cells themselves, in the absence of any external antigen [17]. The obtained results show that even the simplest variants of FIN demonstrate such important effects, as: immune response under the control of antigen; immune memory and generation of a new immune repertoire in the absence of outer antigen by means of the cyclic regimes of FIN. We have introduced also a notion of formal T-cell, which synthesizes FP of the definite type when all receptors of the T-cell become bound by FPs. It has been shown also in [15], that a special set of such T-cells, called T-FIN, is equivalent to an inference engine for problem solving and decisions making. In general, according to biological prototypes, the principal difference between the mathematical models of immune networks and the models of neural networks is determined by functions of their basic elements. If artificial neuron is considered as a summation with a threshold, then FP as the basic element of FIN ensures selfassembly (folding) of its stable states, as well as a free binding with any other element, as a function of their reciprocal states. Namely on the base of such interaction between FPs we have developed the mathematical concept of FIN. Theorems 1-3 demonstrate rigorously, that even the simplest variants of FIN possess the intrinsic properties of immune memory and immune response. 4 Information Security with FIN Consider an arbitrary column vector X = [ x1 ... xn ]T where upper case "T" is a symbol of transposing and components x1,..., xn are real values and/or integers. Let such vector represent a set of information security indicators. For example, it can be a bit string of a legitimate program, a signature of computer virus, a coded sequence of system calls, statistics of current activity of the network, etc. Consider a space {X} of such indicators, partitioned to k subspaces (classes) {X} 1,...,{X}k . For example, k = 2, where {X}1 is normal behavior and {X}2 is "infection". Then, having a concrete vector X, the task consists in determining it's class c = {X} c where c=1,...,k . Thus the problem is reduced to the well-known pattern recognition. The main feature of the FIN approach to pattern recognition consists in treating an arbitrary pattern as a way of setting the binding energy between FPs [14]. The idea follows from the principles of associative recognition of antigen by proteins (antibodies and cells' receptors) of the natural immune system [3]. A mathematical basis of the approach was considered in a rather detailed way in our previous works [10, 15]. It is based essentially on the properties of Singular Value Decomposition (SVD) of an arbitrary matrix over the field of real numbers. According to the approach the task of pattern recognition is solved as follows. 4.1 Supervised Learning 4.1.1 Folding vectors to matrices Fold vector X of dimension n1 to a matrix A of dimension ni nj=n. It has been shown strictly in [10], that such folding increases the specificity of recognition. 4.1.2 Learning Form matrices A1,...,Ak for all classes 1,...,k , and compute singular vectors of the matrices by the SVD: {X1,Y1} – for A1 , ... , {Xk,Yk} – for Ak . 4.1.3 Recognition Compute k values of binding energy for every input pattern A: w1 = – X1TAY1 , ... , wk = – XkTAYk . Determine the class to be found by the minimal value of the energy: c : w c min {w1 ,..., w k } . c 4.2 Unsupervised Learning Consider the matrix A = [ X1 ... Xm ] of dimension nm formed by m input vectors. Compute the SVD of this matrix: w11 w21 T T A s1 ... Y1 s 2 ... Y2 ... , w1 w2 n n (1) where s1, s2 are the first two singular values, and Y1, Y2 are right singular vectors. According to [10], there exists a rigorous correspondence between vectors and FPs. Thus, consider two FPs: {FP1, FP2} as antibodies, which correspond to the vectors Y1, Y2 . Consider also n FPs: {FP1,..., FPn}, which correspond to the strings of the matrix A . Then every string Ai , which represents the values of the indicator number i: i = 1, ... , n , is mapped to the two values {w1i, w2i} of binding energy between FPi and antibodies : w1i = w(FP1, FPi), w2i = w(FP2, FPi). Therefore, every vector with n components can be represented and viewed as a point in two-dimensional space of binding energies {w1, w2}. This plane could be treated also as a shape space of FIN, according to [6]. Such representation of initial data allows to classify vectors in a rigorous and visual way. The results obtained in [10, 15] show, that this approach to pattern recognition is rather effective. It is able to give fine classification and sharply focus attention on the most dangerous situations. It is worth to note also, that the approach was successfully used for processing indicators of the natural infections. Namely, it has allowed to detect nontrivial similarities in the dynamics of infectional morbidity and to predict a risk of the plague epizooty. According to [9], information security is supposed to address five issues: confidentiality, integrity, availability, accountability, and correctness. In the immune system, however, there is really only one important issue, survival, which can be thought as a combination of integrity and availability. Likewise, the immune system is not concerned with protecting secrets, privacy, or other issues of confidentiality. This is probably the most important limitation of the analogy, and one that we should keep in mind when thinking about how to apply our knowledge of immunology to problems of computer security. Nevertheless, being a mathematical abstraction, FIN could be also applied to the other issues of information security. Consider, for example, data hiding and encryption. According to [2], data hiding, a form of steganography, embeds data into digital media for the purpose of identification, annotation and copyright. It represents a class of processes used to embed data, such as copyright information, into various forms of media such as image, audio, or text with a minimum amount of perceivable degradation to the "host" signal; i.e., the embedded data should be invisible and inaudible to a human observer. Note that data hiding, while similar to compression, is distinct from encryption. Its goal is not to restrict or regulate access to the host signal, but rather to ensure that embedded data remain inviolate and recoverable. Let an arbitrary matrix A represent the initial data array. It could be an image, a folded audio signal, etc. Consider the SVD of the matrix in the form (1). Let us add to this sum a FP in the form sr+1Wr+1YTr+1 , where r is a rank of the matrix, WTr+1Wr+1 = YTr+1Yr+1 = 1, sr > sr+1 , and sr is a minimal singular value of the matrix. According to the mathematical properties of SVD, such FP only slightly disturbs the matrix. Although such disturbance is invisible or inaudible to a human observer, the presence of the "hidden" FP can be surely detected in the shape space of FIN. So FIN functions like the natural immune system, which verifies identity by the presence of peptides, or protein fragments. Consider now data encryption. In modern cryptography, the secret of keeping encrypted information is based upon a widely known algorithm and a string of numbers that is kept secret called a key. The key is used as a parameter to the algorithm to encrypt and decrypt the data. Decryption with the key is simple, but without the key is very difficult and in some cases nearly impossible. Therefore the "fundamental rule of cryptography" is that both sides of the message transfer know the method of encryption used [13]. As an example of encryption, consider a BB(n,nh) network from the previous section. According to Theorem 3, such network possesses a cyclic regime for any n . Specifically, in the network BB(10,2) for any sort i = 0, ... , 9 of B-cells the following populations repeating with the period 4 : (i+2) (i) (i-2) (i) . For example, 1979 187800 1770991 17980 1979 … . Consider now the numbers {10, 2} as a key, which define the network BB(10,2). Then the string 1979 could encrypt the string 1770991. Knowing the key, the data could be decrypted, say, as the string of the maximal length, generated by the network BB(10,2) from the given string 1979. Although the example seems rather simple, it shows the principal possibility of using FIN in cryptography. 5 Conclusion The developing of the FIN theory has already appeared to be useful in solving a number of important real world tasks, including detection dangerous ballistic situations in near-Earth space, complex evaluation of ecological and medical indicators in Russia, and prediction danger by space-time dynamics of the plague infection in Central Asia [10, 15, 18]. In addition, FIN could be successfully applied for synchronization of events in computer networks [15] and even for online virtual clothing in Internet [16]. The obtained results show, that FIN is rather powerful, robust and flexible approach to pattern recognition, problem solving, and modeling of natural systems dynamics. Thus, FIN could be effectively applied also for information security assurance. An advantage of FIN in this field could be seen as a sharp and surely focusing attention on the most dangerous situations, especially in the cases that are beyond the power of traditional statistics or AI (e.g. see [18]). Therefore, we should like to highlight three features, which determine perspectives of FIN approach to information security: highly appropriate biological prototype of immune networks; rigorous mathematical basis of FIN; possibility of hardware implementation of FIN by special immune chips. It is worth to note, that the theory of FIN gives a mathematical basis for developing special immune chips proposed to be called also as immunocomputers (IC). Besides, the properties of the biological immune networks admit to hope, that IC would be able to overcome the main deficiencies that block the wide application of neurocomputers [19] in those fields, where a cost of a single error could be too high. An important example of such field gives us information security. Thus, IC could raise the information security issues to a new level of reliability, flexibility and operating speed. Acknowledgement This work is supported by the EU in the frame of the project IST-2000-26016 "Immunocomputing". References 1. Agnati, L.F.: Human brain in science and culture (in Italian). Casa Editrice Ambrociana, Milano (1998) 2. Bender, W., Gruhl, D., Morimoto, N., Lu A.: Techniques for data hiding. IBM Systems J. Vol. 35, 3-4 (1996) 313-336 3. Coutinho, A.: Immunology: the heritage of the past. Letters of the L.Pasteur Institute of Paris (in French). 8 (1994) 26-29 4. Dasgupta, D. (ed.): Artificial immune systems and their applications. Springer-Verlag, Berlin Heidelberg New York (1999) 5. Dasgupta, D.: Immunity based intrusion detection system: a general framework. In: Proc. of the 22th National Information Security Conference. Arlington, Virginia, USA (1999) 6. DeBoer, R.J., Segel, L.A., Perelson, A.S.: Pattern formation in one and two-dimensional shape space models of the immune system. J. Theoret. Biol. 155 (1992) 295-333 7. Forrest, S., Hofmeyer, S., Somayaji, A.: Computer immunology. Communication of the ACM, Vol. 40, 10 (1997) 88-96 8. Gorodetsky, V.I., Kotenko, I.V., Popyack, L.J., Skormin, V.A.: Agent based model of information security system: architecture and framework for behavoir coordination. In: Proc. of the 1st Int. Workshop of Central and Eastern Europe on Multi-Agent Systems (CEEMAS’99). St.Petersburg, Russia, (1999) 323-331 9. Hofmeyr, S., Forrest, S.: Immunity by design: an artificial immune system. In: Proc. of the Genetic and Evolutionary Computation Conference (GECCO-99). (1999) 1289-1296 10. Kuznetsov, V.I., Milyaev, V.B., Tarakanov, A.O.: Mathematical basis of complex ecological evaluation. St.Petersburg University Press (1999) 11. Scormin, V.A., Delgado-Frias, J.G.: Biological Approach to System Information Security (BASIS), A White Paper. Air Force Research Lab., Rome, NY (2000) 12. Somayaji, A., Hofmeyr, S., Forrest, S.: Principles of a computer immune system. In: New Security Paradigms Workshop, ACM (1998) 75-82 13. Tannenbaum, A.S.: Computer networks. 3rd edn. Prentice Hall (1996) 14. Tarakanov, A.O.: Mathematical models of biomolecular information processing: formal peptide instead of formal neuron (in Russian). In: Problems of Informatization J. 1 (1998) 46-51 15. Tarakanov, A.: Formal peptide as a basic agent of immune networks: from natural prototype to mathematical theory and applications. In: Proc. of the 1st Int. Workshop of Central and Eastern Europe on Multi-Agent Systems (CEEMAS’99). St.Petersburg, Russia (1999) 281-292 16. Tarakanov, A., Adamatzky, A.: Virtual clothing in hybrid cellular automata. (2000) http://www.ias.uwe.ac.uk/~a-adamat/clothing/cloth_06.htm 17. Tarakanov, A., Dasgupta, D.: A formal model of an artificial immune system. In: BioSystems J. Vol. 55, 1-3 (2000) 151-158 18. Tarakanov, A., Sokolova, S., Abramov, B., Aikimbayev, A.: Immunocomputing of the natural plague foci. In: Proc. of Int. Genetic and Evolutionary Computation Conference (GECCO-2000), Workshop on Artificial Immune Systems. Las Vegas, USA (2000) 38-39 19. Wasserman, P.: Neural computing. Theory and practice. Van Nostrand Reihold, New York (1990)