A man sneezes. Flu viruses are released. People close by catch it. They go to work, go shopping. More people are infected. Then more and — Whoosh! — it's an epidemic.
Computer viruses can spread like that, too.
The sometimes-striking similarities between biological viruses and their binary namesakes are a focus of a study funded by the National Science Foundation.
Biplab Sikdar, a professor at Rensselaer Polytechnic Institute, believes he can learn how to choke off incipient Internet attacks by looking at how plagues and flu viruses spread through human populations.
Scientists have long been aware that epidemics can follow patterns. In cases of very contagious diseases with a short incubation period, the number of people infected often starts small before hitting a point where the disease takes off at an exponential rate. It peaks, then phases out more gradually than it grew.
Sikdar says that sort of growth pattern also is a hallmark of computer attacks. And if computer epidemics follow discernible patterns, Sikdar believes it should be possible to recognize an attack in its early stages.
Hardware routers, which serve as the Internet's traffic cops, could be programmed to recognize sudden sustained spikes in instability and other signs of cyber-attacks. Routers could then be programmed to isolate the virus, he said.
Sikdar said his solution could protect even computers lacking antivirus software, the traditional method of shielding individual computers or networks.
The five-year $402,682 NSF grant comes through a program designed to reward younger researchers. The cyber-bio connection is one focus. Sikdar, 29, also will look at the life expectancies of wireless networks and how small glitches on a router can create much larger systematic problems.
Steve Trilling, senior director of research at the computer security company Symantec Corp., said Sikdar's research follows a trend in computer security: Identify threats based on behavior rather than a database of known threats.
Some viruses, like the recent "Sasser" and last year's "Slammer," spread so quickly because they do not require users to click on an e-mail attachment. By the time antivirus companies can update their databases and get them to customers, it's often too late.
"So you really do need fundamentally more proactive mechanisms," Trilling said.