Viruses and Network Scales A confluence of exposure to theory and a related event just happened. Yesterday I posted on Duncan Watt's view of scale-free networks and the SQL Slammer virus.
The network proved to be resilient against the SQL virus. At its peak, 20% of messages were lost in transport (10 times higher than normal) with up to 200,000 servers compromised. It was the most damaging attack in 18 months, but largely passed in about 24 hours. Its a relative blip because of the patch's availability (its been available for six months, although having a single source for it during the crisis, Microsoft, slowed recovery) and it didn't carry a damaging payload.
Network theory holds that if a network is scale-free (an uneven distribution of the scale, or connectedness, of nodes -- otherwise known as a power-law distribution) it is particularly vulnerable to attack. When a hub goes down it has cascading effects. In contrast, a network where scale properties are difussed in a typical bell-curve, proves to be more resilient because it is more of a matrix than a hub-and-spoke architecture.
Watts suggests that if a network is scale-free or not depends upon how you define links, or relationships. If a SQL server is receptive to a virus, it allows a link without restriction, forming a scale-free topology. But as patches are installed, it increases the requirements for a link to form and decreases scale-free properties of the network. So one view is the Immune Reponse shifted the properties of the network from scale-free to an even distribution.
UPDATE: See Pete's disection of the worm.
9:13:14 AM
|