Alessandro Vespignani and his colleague Romualdo Pastor-Satorras have conducted a detailed statistical study of the behaviour of computer viruses. Their findings may surprise you.

Cyber-Virus

While the increasing use of the internet allows for the global exchange of electronic information (everything from the transfer of brief e-mail messages to large data files), it also encourages the spread of computer viruses. In fact, computer viruses have been invading the digital community for more than a decade. Just one recent example illustrates how troublesome they can be. The "iloveyou" bug, which struck in May 2000, is estimated to have cost the world nearly US$7 billion in damages and downtime.
Viruses, as we all know, are not confined to the world of computers. Indeed the word, which refers to something "poisonous, noxious, deadly or pernicious," historically has been associated with the world of living matter. Biological viruses, which can quickly multiply within the living cell of a host, are medically defined as "infective agents consisting of nucleid acid molecules covered in a protein coat."
Computer scientists have adopted the term 'virus' from biologists and medical researchers to describe 'infective agents' in the world of electronic communications largely because the behaviour of 'e-viruses' seems to parallel the behaviour of 'b-viruses.' Both require a host, both have a protective 'coating,' and both spread quickly.
Therefore it should come as no surprise that when my colleague Romualdo Pastor-Satorras from the Polytechnic University of Catalonia in Barcelona, Spain, and I began to study computer viruses one year ago, we chose to rely on epidemiological techniques and models borrowed from the biological world. Since then, we have analysed the statistical incidence of more than 800 computer viruses. Based on this research, we have estimated that the average lifetime of a computer virus ranges from one to two years. A few sturdy viruses can live three years or longer.
Our research suggests that the amount of time a computer antivirus is available as an antidote--usually no more than two or three weeks after a virus has been identified--is no match for the longevity of a virus itself. As a result, our research also suggests that all computer viruses not only have a good chance to pervade the global communications network (after all, widespread application of antiviral agents usually does not begin for two or three days after the virus starts to spread), but that a virus is also likely to continue to infect computers long after users think that the agent has been purged. In the case of digital viruses, such long-standing persistence could be considered the equivalent of endemic states.
One of the key principles in the world of biological epidemiology, used in the development of models designed to analyse the spread of viral diseases, is that there are only a few highly infectious diseases and that most of these diseases spread and then die out quickly with the application of effective antiviruses. A second key principle of the world of biological epidemiology is that there is a threshold below which a given virus cannot produce a major epidemic.
Our research indicates that such principles, while critical to the development of epidemiological models, may not apply to the world of computers. The reason is that these principles fail to account for the internet's complex connectivity properties, which constitute a prime element of the environment in which digital viruses spread. Connections between computers on the internet, in fact, are characterised by enormous fluctuations based on intricate structures that must be included in all theoretical and experimental studies of digital epidemics.
That's why we have devised a numerical model of virus-spreading that explicitly takes into account the internet's complex interwoven fabric. By simulating numerically the evolution of epidemic outbreaks on the internet, we have developed a theoretical construct of virus-spreading among computers. Strikingly, we find that the internet lacks an 'epidemic threshold.' In other words, the global electronic network is prone to the spreading and persistence of infections whatever level of 'virulence' the virus may possess.
Such findings not only offer new fundamental insights into how computer viruses spread, but they also provide a theoretical model for the study of optimal immunisation of the global network. The latter could ultimately help us contain viruses that have wreaked such fear and loathing among computer users across the globe.

For a scientific analysis of this research, see Romualdo Pastor-Satorras and Alessandro Vespignani, Physical Review Letters 86 (2 April 2001), p. 3200. News articles about their research have appeared in New Scientist (4 November 2000), Diario, Spain (28 February 2001), Nature "Science Update" (9 March 2001), and USA Today (27 March 2001).

Alessandro Vespignani
ICTP Staff Associate

Back to Contents Forward to Commentary

Home