3- How Viruses SpreadOver the past several years, we have constucted theoretical models of how computer viruses spread in a population, and compared them against the results of an ongoing study of actual virus incidents [1, 2, 3, 4, 5, 6]. Our models are purposefully simple, in an attempt to understand the most important aspects of global virus spread. In these models, a system is either infected or not. If it is infected, there is some probability each day that it will have an infectious contact with some other system in the world, typically via exchange of floppy diskettes or software exchange over a network. This is called the birth rate of the virus. Similarly, there is some probability each day that an infected system will be discovered to be infected. When that happens, it is cleaned up, and it returns to the pool of uninfected systems. This is called the death rate of the virus. The birth and death rates are influenced by a number of factors. A virus' birth rate is governed by its intrinsic properties, such as the particular way in which it infects and spreads. Just as for biological diseases, its birth rate is also highly dependent upon social factors, such as the rate of software or diskette exchange among systems. The death rate is determined by how quickly the virus is found and eliminated, which in turn depends on the extent to which people notice the virus, due to its behavior or through the use of anti-virus software. As we shall see, the birth and death rates also depend critically on the nature of the world's computing environment. All of our models show the same basic characteristics of virus spread. One fundamental insight is that there is an epidemic threshold above which a virus may spread, and below which it cannot. If the birth rate of a virus is greater than its death rate, the virus has a chance to spread successfully, although it may die out before it spreads much. If the virus does manage to get a foothold, it will start to rise slowly in prevalence. The rate at which it does so is governed by a number of factors, such as intrinsic characteristics of the virus and the overall rate at which software is exchanged. A second fundamental insight that has emerged from our research is that the growth rate can be much slower than the exponential rate that was predicted by one theory [11]. Our theory shows that, when software sharing is localized, the global rate of spread can be very slow, even roughly linear [1, 2]. At some point, the virus levels off in prevalence, reaching an equilibrium between spreading and being eliminated. Figure 7 illustrates the typical behavior of a system above the epidemic threshold.
Figure 7: Above the epidemic threshold, a virus rises in prevalence at a rate that depends on a variety of factors, then plateaus at an equilibrium. In this simulation, the birth rate exceeded the death rate by a factor of 5.
If the birth rate is less than the death rate -- if the virus is found and eliminated more quickly than it spreads -- then the virus cannot spread widely. It may spread to a few machines for a little while, but it will eventually be found and eliminated from the population, becoming ``extinct''. Figure 8 illustrates this behavior.
Figure 8: Below the epidemic threshold, very small outbreaks can occur, but extinction of the infection is inevitable. In this simulation, the birth rate was 10% less than the death rate. Note that the vertical and horizontal scales are much different than those of Fig. 7.
|