In this simulation, most nodes of an unprotected computer network succumb to a virus (traveling along red lines). (Graphic: Nature Physics)A Tel Aviv University doctoral student and his colleagues are proposing an innovative way to beat computer viruses by spreading a specially designed antidote that knocks out the viruses before they can infect others on-line.
Eran Shir, 31, of Kfar Saba, along with TAU’s Dr. Yuval Shavit and Hebrew University professors Sorin Solomon and Jacob Goldenberg, published their theoretical model – which operates much like a biological virus spreads in nature – in the December 1 on-line edition of the prestigious journal Nature Physics.
Most conventional anti-virus programs use ‘signatures’ to identify and block viruses. But experts must first analyze a virus before sending out the fix. This means that rapidly spreading viruses can cause widespread damage before being stopped.
Some researchers have developed artificial ‘immune systems’ that automatically analyze a virus meaning a fix can be sent out more rapidly. In practise, however, computer viruses still tend to spread too quickly.
Shir, and colleagues at Tel-Aviv University in Israeli, have applied network theory to the problem, and believe they have come up with a more effective solution. Part of the problem, the researchers say, is that countermeasures sent from a central server over the same network as the virus it is pursuing will always be playing catch-up.
They propose developing a network of ‘honeypot’ computers, distributed across the internet and dedicated to the task of combating viruses. To a virus, these machines would seem like ordinary vulnerable computers. But the honeypots would attract a virus, analyze it automatically, and then distribute a countermeasure.
But the honeypots would be linked to one another via a dedicated and secure network. This way, once one has captured a virus, all the others will quickly know about the infection immediately. Each honeypot then acts as a hub of healing code which is disseminated to computers connected to it. The countermeasure then spreads out across the broader network.
Shir told The Jerusalem Post that he and his colleagues did not hold any patent protection on the idea, as they did not intend to make any money out of it.
“Our work is theoretical,” he said. “We did the simulations and analyses. We hope it will be open source in the community and have no plans to turn into millionaires from it. We would be happy if somebody would do it for us.”
But he predicted that a commercial company that took “three or four well-trained people” could develop an effective antivirus program within a year that could immunize computers around the world against troublemaking viruses and contain the cyber-plague that threatens to strangle the Internet.
“I was not the first to suggest sending viruses in a decentralized way,” Shir said. “There were people at IBM, but they thought it was not practical because the virus always has a head start and the antivirus can’t keep up.
“But we succeeded in showing it can be practical if one makes small changes in an on-line network. This can be done by allowing immunity to pass through links where the antivirus program cannot go, such as SMS, instant messaging, peer-to-peer networks or secure e-mail networks with encryption. As a result, with even a small number of secure links, the antivirus can jump behind the enemy lines and stop the virus. It can happen within seconds,” Shir said.
“This is a great and very innovative proposal that has the potential to change our computer-virus-fighting strategies,” network specialist Albert-László Barabási of Harvard University and the University of Notre Dame in Indiana told Science News