Home > Articles > Security > Network Security

  • Print
  • + Share This
From the author of

Conclusions

This article demonstrated methods to design and test a live, attenuated computer virus vaccine using computer simulation. For the purpose of the simulations, the vaccine meets our design goals. For example, the vaccine confers immunity by patching systems that it infects. In addition, attenuating the vaccine conserves resources and reduces morbidity by incurring a slower, more controlled use of network bandwidth. Because it's self-replicating, the vaccine is easily distributed and accessible to the entire population. Automatically controlling and eradicating even a small part of a $2.5 billion outbreak of Code Red would also make such a vaccine cost-effective.

The simulations in this article examine the effect of a self-replicating vaccine that repairs the flaw exploited by its virus counterpart. In each simulation, the vaccine is effective in eradicating the virus. Attenuating (weakening) the vaccine results in a more blunted response to the virus outbreak. However, attenuated vaccines eventually contain the virus outbreak, while resulting in less overall network bandwidth consumption.

The optimal case is to release a "prophylactic" vaccine to immunize the network before a virus ever appears. In the case of Code Red, this vaccine could have been released in the three-week interim after the web server vulnerability was discovered, but before the first virus to exploit the vulnerability was released. In the simulation, such a virus prevents an outbreak by automatically seeking out and repairing all vulnerable hosts in the network, so the Code Red infection never has a chance to start in the first place. Moreover, the simulation shows that an attenuated, prophylactic vaccine is the least damaging in terms of network bandwidth consumption.

There are several drawbacks to these simulations. For example, the simulations occur in discrete time steps, rather than in continuous time like a real-world virus. In addition, the simulation distributes hosts randomly in the address space, in contrast to the Internet, where hosts are often grouped in blocks of adjacent address space, with other blocks of empty address space filling the interstices. Finally, these simulations don't take into account the effect of real-world devices such as firewalls and routers on bandwidth and message flow.

However, this method of simulation has certain advantages. For example, NWS allows for the execution of actual virus code, which can potentially provide a more realistic simulation than other methods such as numerical simulation. Also, NWS has an object-oriented design, in which program objects correspond directly to real-world objects such as software, messages, and hosts. In addition, this object-oriented design allows vaccines to be easily customized for each simulation.

For researchers who are interested in controversial areas of research such as antivirus viruses, a caution is in order. Despite the fact that current antivirus technology is no longer effective, some industry leaders are vehemently opposed to novel research that includes writing self-replicating code. An example of this opposition has occurred at the University of Calgary Department of Computer Science. Despite having the full approval and support of his department and university, one professor came under intense public criticism—and was even threatened with physical violence—for attempting to teach virus writing as part of a university course on viruses. [35]

This trend of initial opposition follows historical examples from biology. For example, the original smallpox vaccine killed a staggering 1% of patients who received it, and injured many more. Even scientists such as Benjamin Franklin were frightened of it. Nevertheless, this early, poor-quality smallpox vaccine was still highly successful in preventing pandemics. Over time, the vaccine was refined and improved, and is now relatively safe.

Similarly, the computer virus vaccine is now at a very early stage, and is likely to be met with initial opposition. Designing a live, attenuated vaccine safe enough to be released on the Internet will require international cooperation among computer scientists, biologists, engineers, epidemiologists, ethicists, and government agencies. The approach modeled here is not yet meant for large-scale implementation. Rather, this article provides a starting point for laboratory experimentation, with the hope that this research will stimulate further research in computer virus vaccine simulation.

  • + Share This
  • 🔖 Save To Your Account