University of Utah scientists have developed software that can help virtual machines self-heal when under attack from malware.

Researchers claim the software not only detects and eradicates never-before-seen viruses and other malware, but also automatically repairs damage caused by them. The software then prevents the invader from infecting the computer again.

Dubbed Advanced Adaptive Applications (or A3) the open source software works in a virtual machine, the software monitors the VM’s OS and applications running on Linux.

The researchers created “stackable debuggers”; these multiple de-bugging applications run on top of each other and look inside the virtual machine while it is running, constantly monitoring for any out-of-the-ordinary behaviour in the computer.

Unlike a normal virus scanner on consumer PCs that compare a list of known viruses to something that has infected the computer, A3 can detect new, unknown viruses or malware automatically by sensing that something is happening in the computer’s operation that is not right. It can then stop the virus, carry out a repair of the damaged software code, and then learn to stop that bug entering the machine again.

A3 was co-developed by defence firm Raytheon BBN and was funded by Darpa though its Clean-Slate Design of Resilient, Adaptive, Secure Hosts programme. The four-year project was completed in late September.

The software was tested against the recent Shellshock bug. A3 discovered the Shellshock attack on a web server and repaired the damage in four minutes, according to Eric Eide, University of Utah research assistant professor of computer science.

“It is a pretty big deal that a computer system could automatically, and in a short amount of time, find an acceptable fix to a widespread and important security vulnerability,” said Eide. “It’s pretty cool when you can pick the Bug of the Week and it works.”

Now that the team’s project into A3 is completed and proven to work, Eide said the research team is looking to build on the research and figure out a way to use A3 in cloud computing.

If used in a cloud service, such as AWS, that a virus or attack could affect the operation of, A3 could repair it in minutes without having to take the servers down.