Natural defenses: 8 IT security tactics found in nature

IT security professionals would do well to study the ways of fish, insects and fungus for inspiration in defending against predators

A spider weaves its web on tree
Credit: REUTERS/Stringer

If you’re an IT security professional, you probably don’t spend a whole lot of time thinking about bugs, plants or fungus, at least not during your work day. However, researchers from the Warsaw Institute of Technology think that you should. In a recently published paper, “Security - a perpetual war: lessons from nature,” they draw analogies in nature to approaches taken by hackers and those defending against them in the digital world. The methods used in both offensive attacks (e.g., DDoS, spam) and defensive responses (e.g., firewalls, honeypots), they argue, can be seen in the plant and animal world.

While the 8 examples presented here of similarities between security in the natural and digital worlds are all coincidental, that shouldn’t stop IT pros from looking to nature for ideas as how to better defend against predators. Of course, this same approach can be taken by hackers to get new ideas for attacks. As in nature, it’s an ongoing battle unlikely to end anytime soon.

See also:

Superclass: 14 of the world’s best living programmers

Top 25 free tools for every Windows desktop

Head-scratchers: 10 confounding programming language features

Your new PC needs these 22 free programs

Pants on fire: 9 lies that programmers tell themselves

10 tech products that are built to last

Bolas spider

IT’s version: Worms are malware programs that exploit operating systems vulnerabilities to install themselves on computers and disable installed security measures.

Nature’s version: Bolas spiders (Mastophora hutchinsoni) are similar to computer worms in that they attract male moths by taking advantage of a vulnerability, specifically by imitating the odor of a female moth’s sex pheromones.  Once lured near, the prey is captured using using a sticky ball of silk (instead of a web). The bolas spider then disables the moth’s defense by injecting a venom using its fangs.

Credit: REUTERS/Victor Fraile

IT’s version: In phishing schemes, predators masquerade as a legitimate or trustworthy entity, such as a web site, to collect sensitive data such as usernames, passwords or credit card numbers for the purpose of committing fraud.

Nature’s versionAnglerfish (Lophius piscatorius) are a collection of over 200 species of deep sea fish that are famous for their ugliness and for the way that the females attract other fish as prey. The females have long filaments growing from their heads with luminous flesh at the end that can move freely in any direction; the anglerfish moves this filament in a way that mimics and, ultimately, lures other fish. Once the target fish is close enough, the anglerfish snaps it up with powerful jaws.

An ant infected by zombie fungus

IT’s version: Botnets are networks of computers that have been infected by malware and are controlled by a remote entity. The individual computers (or bots) are directed through communications channels to take part in things like sending spam and distributed denial-of-service attacks (DDoS).

Nature’s version: In nature, parasites can often take control of other creatures for their own purposes through adaptive parasite manipulation. One example is when a fungus called Ophiocordyceps unilateralis (also known as the “zombie ant fungus”) attaches itself to an ant and alters its behavior by releasing a brain-controlling chemical. The fungus directs the ant to take it to the best place for it to sprout and reproduce (on the northern parts of a plant). The ant then bites into a vein on the underside of the leaf, before dying, so it will remain there where the fungus can thrive.

Small balsam

IT’s version: Spam campaigns are the sending of unsolicited e-mails, often in large numbers, mainly for the purpose of advertising. These unwanted emails often come from multiple sources and can be hard to eradicate.

Nature’s version: Impatiens parviflora, also known as small balsam, is an invasive plant species that stores its seeds in pressurized pouches. Even the slightest touch of the pouches causes seeds to be ejected with an explosive force, helping them to spread very quickly and effectively - and very unwantedly.

Denial-of-service attacks

IT’s version: A denial-of-service attack (DoS) is common tactic for attempting to make a website or computer unavailable to legitimate users by overloading the target with requests for its resources, bringing it down or making it slow enough to be unusable.

Nature’s version: Denying a legitimate entity use of a service or resource by swamping demand for it is a technique used by a family of vines in the genus Pueraria, known more commonly as kudzu or Japanese arrowroot. Originally only found in southeast Asia, kudzu was introduced to the US in 1976, where, away from its natural pests and diseases, it grows so quickly that it can choke off all other growth by using up all of the moisture, sun and nutrients.

Leucaena leucocephala, a shrub native to Mexico

IT’s version: A firewall is a common defense mechanism against external intrusions into a secure network. It works by monitoring incoming and outgoing traffic and applying a set rules to determine which traffic can be trusted and allowed into the network and which should be restricted from access.

Nature’s version: In nature, some plants are able to mimic the function of a firewall by exhibiting selective allelopathy, that is having beneficial effects on some plants but not others. For example, Leucaena leucocephala, a shrub native to Mexico, protects itself by secreting an acid which which is toxic to most other plants (and is also poisonous to most animals) but not its own seedlings. It’s been shown to also be harmful to wheat, but helpful to rice.

Arched hooktip moth
Credit: Fyn Kynd
Intrusion Detection and Prevention Systems

IT’s version: A defensive mechanism which is more sophisticated than simply a firewall, Intrusion Detection and Prevention Systems (IDPS) actively monitor networks for threats. IDPS identifies threats and restricts access based on predefined patterns and rules.

Nature’s version: The masked birch caterpillar or arched hooktip moth (formally known as Drepana arcuata) which lives under silken cover on leaves, has an analogous and complex system for detecting and responding to threats. The patterns that drepana arcuata uses to assess possible threats are based on leaf vibrations and, using these, it can distinguish between predators, harmless intruders or even wind and rain. Like an IDPS, once a threat is identified, the caterpillar takes action against it, deterring attackers by rubbing or scratching the leaf.

Lad's-slipper orchid
Credit: Green Optics

IT’s version: Honeypots are isolated portions of networks, used solely for the purpose of attracting intruders with bait, such as an unprotected computer. Attackers that fall for the bait are trapped safely away from the real network, so they can be observed and their tactics studied.

Nature’s version: Lady’s slipper orchids (formally known as Cypripedium calceolus) act in a similar manner, by attracting and containing bees so they can be used to their advantage. Bees that are attracted to the orchid’s scent and color are trapped in a pouch; in order to get free, they are forced to travel past pollen-bearing stamen and pollen-receiving stigma and so are only released once they have pollinated the flower.