Network Inoculation: Antivirus shield would outrace cyber infections

9:55am, November 30, 2005
Sponsor Message

The best way to stop an epidemic might be to start one. That's the gist of a new strategy against computer viruses that was just unveiled by Israeli researchers. In their theoretical approach, when a computer network detects a new virus, it launches an internal counter-epidemic of self-propagating, protective messages. Upon receiving such a message, an uncontaminated computer immunizes itself against the virus.

If the new method proves practical, it could give rise to network-based mechanisms—perhaps covering the entire Internet—for containing viruses, says codeveloper Eran Shir of Tel Aviv University in Ramat Aviv. Those mechanisms might replace today's ponderous practice of keeping equipment safe by regularly downloading antivirus software.

"This is a great and very innovative proposal that has the potential to change our computer-virus–fighting strategies," comments network specialist Albert-László Barabási of Harvard University and the University of Notre Dame in Indiana.

In the new scheme, proposed in the December Nature Physics, network designers would scatter "honeypots" throughout a network. These are computers secretly armed with software that can trap and identify new viruses, then rapidly generate and broadcast the means to lock out the intruders. The protective message would fan out among the computers on links that only the antiviral mechanism could use.

According to simulations by the Israeli team, severely limiting the virus' spread in a network would require relatively few honeypots. For instance, in a simulated 200,000-computer network with one honeypot for every 250 computers, the virus would infect less than 1 percent of the computers, Shir says. Moreover, he notes, the larger the model network, the smaller the proportion of computers that the virus could overrun.

The idea of self-immunizing networks isn't new, says physicist Jeffrey O. Kephart of IBM T.J. Watson Research Center in Yorktown Heights, N.Y. Starting in the 1990s, he and his colleagues have developed self-protective network architectures and software. Those fully automatic setups capture and analyze a virus and generate an antidote to it within minutes.

What's most innovative about the honeypot scheme, Kephart says, is the shadow network that would transmit the immunizing messages. Those extra links could be as simple as a set of special e-mail addresses. They would enable the epidemic of immunization messages to take place "behind enemy lines," Shir says, and thereby gain the upper hand.

"I really think this paper is highly valuable," says Alessandro Vespignani of Indiana University in Bloomington. By introducing the idea of manipulating the network topology to improve antiviral response, "it's opening a different way of thinking," he says.

Could hackers commandeer the shadow network? Shir says that protective technologies already available, such as encryption methods widely used for financial transactions on the Web, make that unlikely.

Still, says Dietrich Stauffer of the University of Cologne in Germany, "past experience shows ... that new defenses can be broken by new weapons. I expect [the new technique] to help, but not to solve, the problem of viruses."

More from Science News