Tuesday, December 06, 2005

Vaccinating the internet?

We talk a lot about viruses on this blog (especially influenza/A/H5N1) but so far I don't think we've talked much about computer viruses. There is a lot to be learned from them and I once had the idea that virologists and computer security experts should do a joint seminar where the computer folk set out the different mechanisms used by computer viruses and the virologists would try to match up the biological correlates (my idea was that biologists might find some new mechanisms this way).

Well it didn't happen, but computer security experts are starting to think more and more like public health scientists. An example is a recent report in New Scientist that researchers at Tel-Aviv University have used network theory to figue out how one might (in essence) vaccinate the internet:
Most conventional anti-virus programs use "signatures" to identify and block viruses. But experts must first analyse a virus before sending out the fix. This means that rapidly spreading viruses can cause widespread damage before being stopped.

[snip]

Part of the problem, the researchers [Eran Shir, and colleagues] say, is that countermeasures sent from a central server over the same network as the virus it is pursuing will always be playing catch-up.

They propose developing a network of "honeypot" computers, distributed across the internet and dedicated to the task of combating viruses. To a virus, these machines would seem like ordinary vulnerable computers. But the honeypots would attract a virus, analyse it automatically, and then distribute a countermeasure.

But the honeypots would be linked to one another via a dedicated and secure network. This way, once one has captured a virus, all the others will quickly know about the infection immediately. Each honeypot then acts as a hub of healing code which is disseminated to computers connected to it. The countermeasure then spreads out across the broader network.

Simulations show that the larger the network grows, the more efficient this scheme should be. For example, if a network has 50,000 nodes (computers), and just 0.4% of those are honeypots, just 5% of the network will be infected before the immune system halts the virus, assuming the fix works properly. But, a 200-million-node network – with the same proportion of honeypots – should see just 0.001% of machines get infected.
So far this is a mathematical proof of concept (Nature Physics DOI: 10.1038/nphys177). While I have yet to read the paper, it would seem to me the same principles might lead to more efficient means for distributing vaccines and pharmaceuticals to people. Our transportation and delivery systems also exist on a network (a system of nodes and connecting edges) and designing the most efficient way to deliver critical biologics to a population is a task yet to be undertaken.