Diversity and Stability in Food-Webs

Does increasing diversity affect the stability in
ecosystems and food-webs? If so, is the effect positive
or negative, i.e. does increasing diversity lead to
stability or fragility of the system ? Common sense
says that systems with low diversity (for instance artificial
monocultures) have low stability and are vulnerable
to parasites, infections and diseases.

Yet does declining diversity ultimately lead to reductions
in food-chain length and ecosystem stability ? The relation
between diversity, food-chain length and ecological processes
seens to be complex. Ecosystems do not contain only linear
food-chains, they consist of complex recurrent food-webs.
If I remember it correctly, even in simple Lotka-Volterra
equations with more than 2 dimensions chaotic structures can
arise (in 2 dimensions with 2 species there is the usual
predator-prey limit cycle, but in 3 dimensions there are
also strange attractors possible. I have read it somewhere,
but I can't remember where).

Insights in this ongoing diversity-stability debate
could be useful, because consumer-producer or
predator-prey relations can be found in many complex
systems. The SFI has an interesting site with
many links about it at http://discuss.santafe.edu/paleofoodwebs/
for example the following:

(a)
The diversity-stability debate
Kevin Shear McCann, Nature 405 (2000) 228-233
http://discuss.santafe.edu/files/paleofoodwebs/McCann2000Nature.pdf

(b)
The long and short of food-chain length
David M. Post, Trends in Ecology & Evolution Vol.17 No.6 June (2002) 269-277
http://discuss.santafe.edu/files/paleofoodwebs/Post2002TREE.pdf

(c)
Stability in Real Food Webs: Weak Links in Long Loops
Anje-Margriet Neutel et al., Science 296 (2002) 1120-1123
http://discuss.santafe.edu/files/paleofoodwebs/Neuteletal2002Science.pdf

(a) is a nice review, (b) argues that the food-chain length is
influenced by many factors, ecosystem size and age, degree of
ecological isolation, natural resource availability, and
predator-prey interactions, and (c) says that "trophic loops",
i.e. closed food-chains, add stability to the system, esp.
the particularly long ones which contain many weak links.
They found that "loop weights" of the longer loops were low
in real systems.

-J.

On Wed, Nov 09, 2005 at 06:31:06PM +0100, Jochen Fromm wrote:

There are many different notions of stability used in ecosystems, and
one needs to keep this in mind to unravel the debate. The 3 I've
mainly used are:

1) linear stability - this is _the_ mathematical notion of stability
   of an equilibrium point. Robert May proved increased diversity lead
   to a decrease in stability of the interior equilibrium point for a
   randomly assembled L-V ecosystem. Whilst not proven (to my
   knowledge), it is widely assume to hold for general ecosystems.

2) persistence - the absence of extinctions in the future of the
   ecosystem. This is not the same as stability, as the ecosystem need
   not be at equilibrium (the classic 2 species L-V limit cycle is an
   example). Some results are known about this - eg the determinant of
   the interaction matrix must be positive for persistence to hold in
   L-V systems. This in turn implies that positive feedback loops must
   be dominated by the negative feed back loops - I've got a comment
   about this in my paper "Ecolab, Webworld and self-organisation",
   which is available from my website below.

3) resilience - resistance to invasion by another species. Not so much
   is known about resilience. Ted Case has done some work on
   this. Obviously it is very easy for one species to invade a simple
   ecosystem - eg you parasite above, but for complex systems it is
   not known whether the general effect is resilience to invasion, or
   fragility (being disrupted by invading species) (at least to my knowledge).



> If I remember it correctly, even in simple Lotka-Volterra
> equations with more than 2 dimensions chaotic structures can
> arise (in 2 dimensions with 2 species there is the usual
> predator-prey limit cycle, but in 3 dimensions there are
> also strange attractors possible. I have read it somewhere,
> but I can't remember where).

This is a well known result from dynamical systems. 2D systems can
only have stable point attractors, or limit cycles - no strange
attractor. A Mexican chap whose name escapes me for the present proved
this in the 1980s.

See above - they add "stability" ie persistence really provided there
are more negative feedback loops than positive one. May's result
(complexity begets instabily) holds because randomly assembled
ecosystems tend to have more positive feedback loops that negative
ones. The determinant result mentioned above would seem to indicate a
50-50 chance of a persistent system (ie a random determinant is as
likely to be +ve ad -ve) but remember this is a necessary result
only, not sufficient. No -ve determinant ecosystem can be persistent,
but not all +ve ones are either.

> -J.
>
>
> ============================================================
> FRIAM Applied Complexity Group listserv
> Meets Fridays 9a-11:30 at Mission Cafe
> Wed Lecture schedule, archives, unsubscribe, maps, etc. at http://www.friam.org

--
*PS: A number of people ask me about the attachment to my email, which
is of type "application/pgp-signature". Don't worry, it is not a
virus. It is an electronic signature, that may be used to verify this
email came from me if you have PGP or GPG installed. Otherwise, you
may safely ignore this attachment.

----------------------------------------------------------------------------
A/Prof Russell Standish                  Phone 8308 3119 (mobile)
Mathematics                               0425 253119 (")
UNSW SYDNEY 2052                 R.Standish at unsw.edu.au            
Australia                                http://parallel.hpc.unsw.edu.au/rks
            International prefix  +612, Interstate prefix 02
----------------------------------------------------------------------------

Here's a talk at Northeastern tomorrow that relates to this topic,
with a CS focus instead of a biological one. I thought I would pass it
along, more to highlight the work itself than to have people attend
(which I'm sure would be very difficult for most FRIAMers). The
speaker's web page is: http://www.ccs.neu.edu/home/riccardo/

-Dan

------

TITLE: A SEMANTIC FRAMEWORK FOR DIVERSITY

WHO: Professor Riccardo Pucella

WHEN: Thursday (November 10th), 3:00 PM, 366 WVH

ABSTRACT

Computers that execute the same program risk being vulnerable to the
same attacks.  This explains why the Internet, whose machines
typically have much software in common, is so susceptible to viruses,
worms, and other forms of malware.  It is also a reason that
replication of servers does not necessarily enhance the availability
of a service subject to attack.

Diversity is an obvious defense.  A set of replicas is diverse in so
far as all implement the same functionality but differ in their
implementation details.  Diverse replicas are less prone to having
vulnerabilities in common, because attacks typically depend on memory
layout and/or instruction sequence specifics.  But building multiple
distinct versions of a program is expensive, so researchers have
turned to mechanical means for creating diverse replicas via
transformations: relocation and/or padding the run-time stack by
random amounts, re-arranging basic blocks and code within basic
blocks, and randomly changing the names of system calls or instruction
opcodes.

Different classes of transformations are more or less effective in
defending against different classes of attacks.  Although knowing this
correspondence is important when designing a set of defenses for a
given threat model, knowing the correspondences is not the same as
knowing the overall power of mechanically-generated diversity as a
defense.  In this talk, I explore that latter, broader, issue,
investigating two complementary points:
  (1) a formal characterization of what attacks cannot be blunted by
       mechanically-generated diversity, and
  (2) a rigorous comparison of mechanically-generated diversity to
       type systems, another commonly advocated defense.

This is joint work with Fred Schneider (Cornell University).

On 11/9/05, Jochen Fromm <fromm at vs.uni-kassel.de> wrote:

   I suppose that everyone has a hot button that pushes them to respond
even when such response is inappropriate or unusual.  Mine is academic
computer security researchers who, as a group, seem to be out of touch
with the state of things in the wild.  I wrote this brief introduction
when I decided my comments, below, are somewhat inflammatory; yet, I
wanted to get the points across to those on the list who are not
knowledgeable about this subject.  I need to see or hear more than the
abstract before I can safely say that all the comments apply to Dr.
Pucella's research.  I can comfortably say that the comments apply in a
more general sense to similiar research.

Dan Kunkle quoted Professor Riccardo Pucella's ABSTRACT:
>
> Computers that execute the same program risk being vulnerable to the
> same attacks.  This explains why the Internet, whose machines
> typically have much software in common, is so susceptible to viruses,
> worms, and other forms of malware.

   This is true, and probably in more ways than Dr. Pucella was
thinking. The genetic inheritance involved in software is an interesting
field of study.

> It is also a reason that
> replication of servers does not necessarily enhance the availability
> of a service subject to attack.

   This depends upon the type of attack.  After the first major set of
DDOS attacks on commercial services, the services turned to redundant
servers spread across the geography of the Internet.  A new type of
server management software was required so that clients could receive
subsequent web-pages and/or updates to web-pages from distributed
servers.  DDOS works by clogging a communication channel.  Distributing
the servers made sure that no attacker could clog enough communication
channels to deny the availability of the service.

   In the case of worms, the same measure is at least partially
effective depending upon the distribution of the servers and the
propagation algorithm of the worm.

   In fact, the only way that redundant, identical servers don't help
security is if one foolishly sets them up side by side on the same
network pipe - in which case they are effectively the same server.

> Diversity is an obvious defense.  A set of replicas is diverse in so
> far as all implement the same functionality but differ in their
> implementation details.

   This is true of attacks on software infrastructure (web-servers,
other services, etc).  It is not true of application layer attacks.  If
a web-site that uses IIS on Winders is susceptible to SQL injection or
cross-site scripting, the same web-site code is likely to be susceptible
if run through Apache on NetBSD.  Diversity is no help at the
application layer, which is becoming the most popular (since it is the
easiest) layer to attack.

>  Diverse replicas are less prone to having
> vulnerabilities in common, because attacks typically depend on memory
> layout and/or instruction sequence specifics.

   This is only true of unsophisticated buffer/heap overflow types of
attacks.  For poorly written malware, the simple differences between
language versions of Windows will thwart these types of attacks.
Unfortunately, the malware in the wild has been more sophisticated than
that for several years.  Nearly all new exploits, even just the
Proof-of-concept types, use universal offsets and methods.  Attack
frameworks, such as metasploit, have taken advantage of this to separate
the payload from the delivery mechanism.

> But building multiple distinct versions of a program is expensive,

   This is not necessarily true, even for architecture and platform
specific languages like C.  The Debian Linux distribution is available
for 11 different hardware platforms.  Debian is free and supported by
volunteers.

   Some code is platform independent.  Some depends upon the software
platform but is OS and hardware independent.  Even code that must have
different versions for different hardware is well understood and there
are mechanisms to deal with this situation, ranging from simple IFDEFs
in C through configure scripts.

   Dr. Pucella is right if one considers writing the code to the same
functional requirements but with different executables.  This can be
very difficult.  Code obfuscators try to achieve this but are frequently
foiled by the sophistication of optimizing compilers.  It is possible
for two different source codes to compile to the same executable.

> so researchers have
> turned to mechanical means for creating diverse replicas via
> transformations: relocation and/or padding the run-time stack by
> random amounts,

   And the bad guys have already found means to bypass most of these
mechanisms for buffer overflows; these mechanisms are useless against
application layer attacks.

> re-arranging basic blocks and code within basic blocks,

   Code obfuscation is more a defensive mechanism of malware writers and
copy protection zealots than overflow protection.  And it doesn't work.

> and randomly changing the names of system calls or instruction
> opcodes.

   Thereby losing any benefits of standardization such as Posix
compliance and absolutely requiring multiple versions of software for
the same platforms.  Ergo, this will never be commercially viable.

> Different classes of transformations are more or less effective in
> defending against different classes of attacks.  Although knowing this
> correspondence is important when designing a set of defenses for a
> given threat model, knowing the correspondences is not the same as
> knowing the overall power of mechanically-generated diversity as a
> defense.  In this talk, I explore that latter, broader, issue,
> investigating two complementary points:
>   (1) a formal characterization of what attacks cannot be blunted by
>        mechanically-generated diversity, and

   Well that's easy - any attack that doesn't depend on specific stack
or heap overflows.  That leaves in nearly all current attack mechanisms
including most current stack and heap overflows.

>   (2) a rigorous comparison of mechanically-generated diversity to
>        type systems, another commonly advocated defense.

   I'm not sure whether Dr. Pucella is referring to lambda Calculus type
theory, conventional data types (related but not the same thing), or
mandatory access controls.  Since a recent paper he wrote with Matthew
Fluet discusses the data type specializations within the type system of
Standard ML, I will assume the first option.

   My math chops are worse than Owen's, especially when it comes to
lambda calculus, but my understanding of type theory is that data types
are defined through this formal method, thereby providing inherit
defence against overflow attacks.  Put practically, the software
function will not recognize that string array argument if it is more
than the expected length.  If the defense can be generalized beyond
academic software languages, then it would work against overflows such
as Aleph1 describes in his seminal "Smashing the Stack for Fun and
Profit".  However, that defense seems problematic against off-by-ones,
heap overflows and pretty much anything that's come along since 1996.

   I'm afraid that the only real defense is to follow the programming
practice drilled into me very early in my career.  Write all software to
validate any external input before using that input.  The real problem
with low-level attacks like buffer overflows and high-level (in the OSI
ISO sense) attacks like SQL injection is they all result from failure to
validate input.

--
Ray Parks                   rcparks at sandia.gov
IDART Project Lead          Voice:505-844-4024
IORTA Department            Fax:505-844-9641
http://www.sandia.gov/idart Pager:800-690-5288

All -

   I'm very much with Ray on this . . . seems like too much of "If  
THIS were the problem, then THAT would be the solution" and maybe not  
enough of "Is THIS really the problem?"  On that note, I'll just  
mention that we've experienced a collapsing of terms and/or  
concepts . . . people talk about "computer security" when often they  
mean "computer reliability."  A system can be secure as all get out,  
and still be completely unreliable, and vice versa . . .    (And, or  
course, I'll mumble my slogan, "Security is a feeling people might  
have, it's not a property a computer system can have"  :-)

   But also, back to the original prompting email, I've just been  
reading a fun little book -- "Ecological Orbits - How Planets Move  
and Populations Grow" . . .  I recommend it (although I don't  
necessarily agree with all of it).  The authors (Lev Ginzburg and  
Mark Colyvan) are pushing for a transition beyond the Lotka-Volterra  
regime of population modeling (their current fave is something they  
refer to as "maternal effects").  They argue that it's time for a  
"Newtonion revolution" in population modeling, largely in the sense  
that they think we should start using second order difference /  
differential systems in our (analytic) models.  For example,  
classical Lotka Volterra, while nonlinear (with "quadratic" terms) is  
still a first order system.  They argue that we should be looking  
more at the second derivative of population (i.e., rate of change of  
population growth rate) . . .

   Anyway, it's a fun, quick read . . .

tom

On Nov 9, 2005, at 3:47 PM, Raymond Parks wrote:

>    I suppose that everyone has a hot button that pushes them to  
> respond
> even when such response is inappropriate or unusual.  Mine is academic
> computer security researchers who, as a group, seem to be out of touch
> with the state of things in the wild.

Tom Carter wrote:

That's somewhat similar to Neo Martinez' messages about stability in
food webs.  First, as pointed out earlier, that empirical food webs
aren't the random webs that May looked at.  And second, on the nonlinear
issue, that the predator functional responses to prey densities aren't
linear.  Even a protist filter feeder can alter it's catch rate
considerably by simply swimming faster when there are more prey about to
catch.

-- rec --

On Thu, Nov 10, 2005 at 09:04:06AM -0800, Tom Carter wrote:
But any second order differential equation is just a 1st order
differential equation in a higher dimension. If Ginzburg and Colyvan
are really arguing for an increase in the order of differential
equation, then they're arguing for a case of fetid dingoes kidneys.

OTOH, of course there are extensions to LV that need to be followed up
- the functional response terms Roger mentions in the next post -
as well as a hell of a lot about LV we don't know about.

Cheers

--
*PS: A number of people ask me about the attachment to my email, which
is of type "application/pgp-signature". Don't worry, it is not a
virus. It is an electronic signature, that may be used to verify this
email came from me if you have PGP or GPG installed. Otherwise, you
may safely ignore this attachment.

----------------------------------------------------------------------------
A/Prof Russell Standish                  Phone 8308 3119 (mobile)
Mathematics                               0425 253119 (")
UNSW SYDNEY 2052                 R.Standish at unsw.edu.au            
Australia                                http://parallel.hpc.unsw.edu.au/rks
            International prefix  +612, Interstate prefix 02
----------------------------------------------------------------------------