If you’re an IT security professional, you probably don’t spend a whole lot of time thinking about bugs, plants or fungus, at least not during your work day. However, a pair of researchers from the Warsaw Institute of Technology think that you should. Based on new research they’ve published, you might want to considering looking to nature as a good source of inspiration for solutions to security problems.
In their recently published paper, Security - a perpetual war: lessons from nature, Wojciech Mazurczyk and Elżbieta Rzeszutko draw analogies in nature to approaches taken by hackers and those defending against them in the digital world. The methods used in both offensive attacks (e.g., DDoS, SPAM) and defensive responses (e.g., firewalls, honeypots), they argue, can be seen in the plant and animal world. Here are a couple of the examples they give:
- Botnets: In nature, an example of one entity taking control of another for its own use is seen when a fungus called Ophiocordyceps unilateralis (also known as the “zombie fungus”) attaches itself to an ant and alters its behavior by releasing a chemical. This forces the ant to take the fungus to the best place for it to sprout and reproduce (on the northern parts of a plant). The ant then bites into a vein on the underside of the leaf, before dying, so it will remain there where the fungus can thrive.
- Denial-of-service-attacks: Denying a legitimate entity use of a service or resource by swamping demand for it is a technique used by a type of vine named kudzu. Also known as Japanese arrowroot, kudzu grows so quickly away from its natural habitat in Japan, such as North America, where it isn’t threatened by its natural pests and diseases, that it can choke off all other growth by using up all the moisture, sun, etc.
- Firewalls: This common defense against network intrusions works by blocking unwanted incoming traffic, while allowing traffic from trusted sources. In the plant world, Leucaena leucocephala, a Mexican shrub, does a similar thing to protect itself, by secreting a toxic acid which stunts the growth of surrounding plants, but not its own seedlings.
The authors’ point is that, while these analogies are all coincidental, that shouldn’t stop security pros from looking to nature for ideas as how to better defend against predators. Of course, this same approach can be taken by hackers to get new ideas for attacks. As in the natural world, it’s an ongoing battle unlikely to end anytime soon. As Mazurczyk and Rzeszutko write:
“... the not so optimistic conclusion is that, judging from the perpetual contention of offensive and defensive techniques in the kingdoms of living things, which hasn’t brought around any definite countermeasure, one can expect that IT security will follow the same pattern.”
But that shouldn’t stop IT security professionals from looking in unusual places for ideas. Unless, of course, you have a thing about bugs. Or fungus.