PC virus: It's all biology
2004-05-25 14:15
Troy - A man sneezes. Flu viruses are released. People close by catch it. They go to work, go shopping. More people are infected. Then more and - Whoosh! - it's an epidemic.
Computer viruses can spread like that, too.
The sometimes-striking similarities between biological viruses and their binary namesakes are a focus of a National Science Foundation-funded study.
Biplab Sikdar, a professor at Rensselaer Polytechnic Institute, believes he can learn how to choke off incipient internet attacks by looking at how plagues and flu viruses spread through human populations.
Scientists have long been aware that epidemics can follow patterns. In cases of very contagious diseases with a short incubation period, the number of people infected often starts small before hitting a point where the disease takes off at an exponential rate. It peaks, then phases out more gradually than it grew.
Sikdar says that sort of growth pattern also is a hallmark of computer attacks. And if computer epidemics follow discernible patterns, Sikdar believes it should be possible to recognise an attack in its early stages.
Hardware routers, which serve as the internet's traffic police, could be programmed to recognise sudden sustained spikes in instability and other signs of cyber-attacks. Routers could then be programmed to isolate the virus, he said.
Sikdar said his solution could protect even computers lacking antivirus software, the traditional method of shielding individual computers or networks.
The five-year $402 682 NSF grant comes through a programme designed to reward younger researchers. The cyber-bio connection is one focus. Sikdar, 29, also will look at the life expectancies of wireless networks and how small glitches on a router can create much larger systematic problems.
Steve Trilling, senior director of research at the computer security company Symantec Corp, said Sikdar's research follows a trend in computer security: Identify threats based on behaviour rather than a database of known threats.
Some viruses, like the recent Sasser and last year's Slammer, spread so quickly because they do not require users to click on an e-mail attachment. By the time antivirus companies can update their databases and get them to customers, it's often too late.
"So you really do need fundamentally more proactive mechanisms," Trilling said.
- AP