Cohen was the first to define and describe computer viruses in their
present form
.
He demonstrated that, in the worst case, infection can
spread to the transitive
closure of information flow in a system. In other words, if A can
infect B and
B can infect C, a virus that originates with A can propagate
to C. He performed
extensive experiments on a variety of systems (most of them multi-user)
which demonstrated that
a virus could propagate to a level of security higher than that from
which it had originated.
He and Murray
pointed out the connection between
computer virus spread and
biological epidemiology, but neither pursued it to the point of
developing an explicit model.
Recently, there have been attempts to describe viral spread more quantitatively.
Gleissner
examined a model of computer virus spread on a multi-user system.
Quantitative analysis of the model reproduced Cohen's result that a virus would reach the
transitive closure of information flow, and showed that this could occur at an exponential rate.
However, the usefulness of these results was limited because no allowance was made for the fact
that individual users of the system might detect and remove viruses or alert other users to
their presence. Tippett
used the well-known fact that many population
models exhibit exponential growth in their initial phases to suggest that the computer
virus population might grow to worrisome proportions.
However, he did not justify the application of such models to the spread of computer viruses,
and the paucity of data on the actual spread of computer viruses makes any such extrapolation
extremely suspect. Jones and White
examined an analogy between viral spread and
infestations of crops by insects and other pests, but did not present an explicit model.
Their claim that segregating
computing resources leads to an increase in the virus population seems particularly
questionable. Solomon
studied a deterministic model of computer virus propagation
based upon mathematical epidemiology. The
quantitative results that he obtained are equivalent to Eq. (2) of this
work. He also introduced and analyzed a novel and potentially important form of inter-virus
interaction, whereby the increased vigilance of a user who detects any virus will increase his
or her probability of detecting other viruses in the future.
.
He demonstrated that, in the worst case, infection can
spread to the transitive
closure of information flow in a system. In other words, if A can
infect B and
B can infect C, a virus that originates with A can propagate
to C. He performed
extensive experiments on a variety of systems (most of them multi-user)
which demonstrated that
a virus could propagate to a level of security higher than that from
which it had originated.
He and Murray
pointed out the connection between
computer virus spread and
biological epidemiology, but neither pursued it to the point of
developing an explicit model.
examined a model of computer virus spread on a multi-user system.
Quantitative analysis of the model reproduced Cohen's result that a virus would reach the
transitive closure of information flow, and showed that this could occur at an exponential rate.
However, the usefulness of these results was limited because no allowance was made for the fact
that individual users of the system might detect and remove viruses or alert other users to
their presence. Tippett
used the well-known fact that many population
models exhibit exponential growth in their initial phases to suggest that the computer
virus population might grow to worrisome proportions.
However, he did not justify the application of such models to the spread of computer viruses,
and the paucity of data on the actual spread of computer viruses makes any such extrapolation
extremely suspect. Jones and White
examined an analogy between viral spread and
infestations of crops by insects and other pests, but did not present an explicit model.
Their claim that segregating
computing resources leads to an increase in the virus population seems particularly
questionable. Solomon
studied a deterministic model of computer virus propagation
based upon mathematical epidemiology. The
quantitative results that he obtained are equivalent to Eq. (