Researchers at Tel Aviv University (Israel) have proposed a plan to eliminate viruses on the Internet using a network of automated defense systems. They believe that “emergency” files from this network will spread faster than attack programs.
The focus of this project is a linked grid of computers called “honeypots”, designed to masquerade as unpatched PCs to lure viruses out. These computers will attract attacking viruses and automatically generate a signature file of the malware, subsequently disseminating an immediate remediation solution across the entire network. All other “honeypots” in the network will be automatically updated with the emergency file and will launch countermeasures together.
The authors of the plan argue that their proposal is cost-effective and can be conveniently scaled. The larger the network, the greater its protective power. The research team from Tel Aviv University asserts that the antivirus files can spread faster than the attack programs themselves.
“The biggest limitation of deploying countermeasures is the delay compared to the virus,” said Eran Shir, co-author of the plan. “We propose a solution that provides a ‘vaccine’ against the virus, ensuring that the ‘medicine’ has an advantage over the ‘disease’. Specifically, the remediation files can be transmitted quickly through a reciprocal network, thus allowing antivirus tools to effectively prevent outbreaks.”
Initial experiments indicate that if the protective network has around 50,000 nodes (computers participating in the network), with 0.4% of these computers acting as “honeypots”, then 5% of the network will be infected before the epidemic prevention system can stop the virus. However, if the network consists of 200,000,000 nodes with the same percentage of machines serving as “honeypots”, the infection level among PCs would drop to just 0.001%.