Advanced Technology Program ATP Home Page NIST Home Page

Project Brief

Open Competition 2 - Information Technology

Computer Immune System

Develop a system that will proactively protect computers and networks from attack, even if the virus or attack is unknown, as opposed to current protection systems that can react only to known threats.

Sponsor: Bit 9, Inc.

9 Beacon Street
Somerville, MA 02143
  • Project Performance Period: 7/1/2003 - 6/30/2005
  • Total project (est.): $2,529,315.00
  • Requested ATP funds: $2,000,000.00

Even though antivirus scanners and firewalls are common, computer security breaches are epidemic and growing. Viral outbreaks cost organizations over $10 billion annually. New viruses are proliferating, and even the most advanced systems cannot block malicious code that has not been previously identified. Antiviral scanners, intrusion detection systems, vulnerability scanners, and behavior-based defenses all look for the pattern or signature of a past attack. These methods fail because the patterns of past attacks change daily. To address the growing crisis in information security, the software company Bit 9, of Somerville, MA, is developing the Computer Immune System (CIS), which does not look for "what's wrong" as other systems do, but instead focuses on a new definition of "what's right." This proactive system identifies dangerous code and isolates it before it can execute. CIS technology differs because it is not virus or vulnerability specific. CIS does not require a priori knowledge of vulnerabilities or attack methods. It will enhance and complement existing computer security technologies. However, CIS requires considerable research and development to reach its technical goals and become marketable. Technical barriers include ensuring that the program is stable and does not overburden the computer or its user, that it scales to 1,000 systems reliably, and that it responds well to normal software upgrades. These and other challenges render CIS development too risky for most investors. ATP funding will accelerate development and lend credibility to the project, thus getting this capability to the marketplace sooner. If successfully developed, CIS could save businesses and government operations billions of dollars in lost productivity and data. Also, CIS will vastly improve security, which is critical for large organizations with thousands of computers, overburdened information technology staff, and highly sensitive data, such as federal defense and regulatory agencies, health care organizations, and financial institutions.

For project information:
Dr. Todd Brennan, (617) 491-1768
info@bit9inc.com

ATP Project Manager
Barbara Cuthill, (301) 975-3273
barbara.cuthill@nist.gov

ATP website comments: webmaster-atp@nist.gov
Privacy Statement / Security Notice NIST Disclaimer NIST Information Quality Standards
NIST is an agency of the U.S. Commerce Department