NEWS & VIEWS COMPLEX NETWORKS

Behind enemy lines Computer viruses can spread through networks with alarming speed. But there is hope that those fighting the plague can keep up with the pace.

Figure 1 Jumping the queue. A computer virus initially creates its network of infected nodes (red), until it hits a ‘honey pot’ (yellow). The honey pot develops an immunization agent and parachutes it to uninfected regions of the network, where it can start to immunize susceptible nodes (blue) that are not yet infected.

ALESSANDRO VESPIGNANI is at the School of Informatics, Department of Physics and Center for Biocomplexity, Indiana University, Bloomington, Indiana, 47406 USA. e-mail: [email protected]

he taxonomy of cyber-plagues is constantly growing. Computer infections these days have the capability of reaching the ‘epidemic peak’ — the point of widest spread — in less than one hour, infecting macroscopic fractions of the Internet on the way. Although often very simple in the basic infection mechanisms, computer viruses are able to spread on such short timescales by exploiting the contact networks that define the computers’ connectivity pattern. On page 184 of this issue, Goldenberg et al.1 propose an immunization system that, by taking advantage of the network connectivity architecture, is able to fight computer viruses on their own battleground. Computer viruses present close analogies with their biological analogues, and in many cases it is possible to have a one-to-one mapping of the biological parameters with those of the cyberworld2. In both cases, transmission of the virus comes through a contact or interaction between an infected and a susceptible ‘individual’. Immunization is a shared feature as well, referring to antivirus scanning, operating systems updates, and other forms of alert in the computer world. Also the medium for transmission in both cases is a network. In biology there are, for example, human interaction webs, sexual webs and food webs, and in the cyber world there are the Internet, e-mail and other social networks3–5. Finally, the same extra features such as seasonal or time effects are generally encountered in both contexts. Indeed, these analogies are mainly driven by the fact that nature appears to be much more imaginative than writers of computer viruses, who often merely replicate the biological world. It is no surprise then that cyber-epidemiology involves studying and fighting computer viruses by using the same models and strategies implemented against biological viruses2–4. There are, however, some basic differences between biological and computer viruses that make our struggle against cyber-plagues considerably different from those in the biological realm. In particular, the computer virus code is much easier to disassemble, understand and neutralize than

T

Infected node Immunizing agent deployer (honey pot) Connection open only to honey pots Susceptible nodes

biological pathogens. But this positive side is balanced by the fact that biological individuals are self-reacting against viruses with their immune systems, whereas computers are not (yet). As human intervention and the development of immunization agents are orders of magnitude slower than the spreading of infections6, we are sometimes left with protection strategies based just on disconnecting computers from the network in order to slow down the epidemics. The need to respond to computer viruses on timescales comparable to those of their diffusion spurred a wealth of studies towards the implementation of artificial immune-system architectures7, able to protect computers from viruses as well as undesired information and other cyber attacks. Such artificial immune systems could, one day, be able to autonomously identify viruses and develop immunizing agents for spreading to other computers. This would allow the setup of distributed antiviral infrastructures, where the computers that identify a virus deliver the immunizing agent to computers not yet infected. The immunizing agent would then engage in a competition against the malignant virus in an attempt to immunize as many computers as possible before they get infected. Unfortunately, Goldenberg

nature physics | VOL 1 | DECEMBER 2005 | www.nature.com/naturephysics

©2005 Nature Publishing Group

135

NEWS & VIEWS and colleagues1 show, using methods developed in the framework of statistical physics, that in this case the computer infection has a lead-time advantage that prevents a timely distribution of the immunizing agent. The vaccine can be developed only after the infection has started spreading into the system, but the infected computers that develop the immunizing agent are usually in contact with already infected computers, as the virus has used the very same connections to spread. To overcome this disadvantage, Goldenberg et al.1 propose a strategy that, rather than optimizing specific throttling mechanisms for the virus, endows the network with extra connectivity properties. They consider a parallel network reserved for the spreading of the immunizing agent. These extra connections allow the development of the immunizing agent in infected regions of the network, and its successive deployment in regions of the network far away from the already infected immediate neighbourhood (Fig. 1). This strategy — like parachuting troops behind the enemy lines — turns out to be very effective in mitigating the epidemics. Goldenberg and co-workers push their analysis further by devising optimized connectivity patterns for the parallel network. In particular, a clique of connected computers armed with the capability of developing the immunizing agent seems to be very effective in defending the network. The computers belonging to the clique are randomly embedded in the network, becoming ‘honey pots’ for the computer virus that will easily reach one of those. In turn, the infected

136

pot will develop the immunizing agent and the clique architecture allows the spreading of the agent easily to all other honey pots, starting multiple distribution of the remedy. Analytical arguments and numerical simulations indicate a very successful containment of the virus infection in this way. The strategy proposed by Goldenberg et al. is extremely elegant. It is rooted in the theory of percolation and the recent developments in understanding complex networks. On the other hand, the practical implementation of these ideas does not seem as straightforward as in theory. Without considering problems related to the implementation of automatic detection and the development of the immunizing agent, the issues of how to define a separate connectivity pattern precluded to the virus, and how to design appropriate security protocols for the deployment of immunizing agents through the parallel network automatically, are still open questions. Nevertheless, the conceptual shift from centralized to dynamically distributed immunization systems that might compete against viruses by exploiting their very same strategies is surely a very valuable exercise. REFERENCES 1. 2. 3. 4. 5.

Goldenberg, J., Shavitt, Y., Shir, E. & Solomon, S. Nature Phys. 1, 184–188 (2005). Kephart, J. O., White, S. R. & Chess, D. M. IEEE Spectrum 30, 20–26 (1993). Pastor-Satorras, R. & Vespignani, A. Phys. Rev. Lett. 86, 3200–3203 (2001). Lloyd, A. L. & May, R. M. Science 292, 1316–1317 (2001). Balthrop, J., Forrest, S., Newman, M. E. J. & Williamson, M. M. Science 304, 527–529 (2004). 6. Shannon, C. & Moore, D. IEEE Secur. Priv. 2, 46–50 (2004). 7. Hofmeyr, S. A. & Forrest, S. Evol. Comput. 7, 45–68 (1999).

nature physics | VOL 1 | DECEMBER 2005 | www.nature.com/naturephysics

©2005 Nature Publishing Group