If Steven Goldsmith of Sandia National Labs in Albuquerque gets his way, one day every computer on the Internet will be part of a massive, cooperative security force. At the heart of the system are intelligent agents-artificial intelligence programs that interact with their environments. The agents watch the network, looking for irregularities such as those produced by intruders gently probing security defenses over a long period of time. Upon detecting abnormal activity, the agents can swing into action by closing data ports, rejecting viruses or cutting a computer commandeered by a malicious insider off from the network.
The strength of the strategy is that it is distributed, requiring no specialized security computers-machines that become favorite targets for attack. In addition, the agents can share information and form a consensus about the nature of an irregularity. The Linux-based system will be ready for use in government and businesses next year, with consumer versions available in three years.