Application of bioinformatics methods to recognition of network threats

• Autorzy: Kozakiewicz A. , Felkner A. , Kijowski P. , Kruk T. J.
• Języki publikacji: EN

Abstrakty

EN

Bioinformatics is a large group of methods used in biology, mostly for analysis of gene sequences. The algorithms developed for this task have recently found a new application in network threat detection. This paper is an introduction to this area of research, presenting a survey of bioinformatics methods applied to this task, outlining the individual tasks and methods used to solve them. It is argued that the early conclusion that such methods are ineffective against polymorphic attacks is in fact too pessimistic.

Słowa kluczowe

EN

network threat analysis; sequence alignment; edit distance; bioinformatics

• Wydawca: Instytut Łączności - Państwowy Instytut Badawczy
• Czasopismo: Journal of Telecommunications and Information Technology
• Rocznik: 2007
• Tom: nr 4
• Strony: 23--27
• Opis fizyczny: Bibliogr. 13 poz.

Twórcy

autor

Kozakiewicz A.

autor

Felkner A.

autor

Kijowski P.

autor

Kruk T. J.

• Research and Academic Computer Network (NASK), Wąwozowa st 18, 02-796 Warsaw, Poland,

Bibliografia

• [1] N. C. Jones and P. A. Pevzner, An Introduction to Bioinformatics Algorithms. Cambridge: MIT Press, 2004.
• [2] D. Gusfield, Algorithms on Strings, Trees, and Sequences: Computer Science and Computational Biology. Cambridge: Cambridge University Press, 1997.
• [3] V. I. Levenshtein, “Binary codes capable of correcting insertions and reversals”, Sov. Phys. Dokl., vol. 10, no. 8, pp. 707–710, 1966.
• [4] P. Kijewski, “Zastosowanie metod bioinformatyki do rozpoznawania zagrożeń sieciowych”, in SECURE 2006 Bezpieczeństwo – czas na przełom, Warsaw, Poland, 2006 (in Polish).
• [5] S. Coull, J. Branch, B. Szymański, and E. Breimer, “Intrusion detection: a bioinformatics approach”, in Proc. 19th Ann. Comput. Secur. Appl. Conf., Washington, USA, 2003.
• [6] D. Gao, M. K. Reiter, and D. Song, “Behavioral distance for intrusion detection”, in Proc. 8th Int. Symp. Recent Adv. Intrus. Detect. RAID 2005, Seattle, USA, 2005.
• [7] D. Gao, M. K. Reiter, and D. Song, “Behavioral distance measurement using hidden Markov models”, in Proc. 9th Int. Symp. Recent Adv. Intrus. Detect. RAID 2006, Hamburg, Germany, 2006.
• [8] C. Kreibich and J. Crowcroft, “Honeycomb – creating intrusion detection signatures using honeypots”, in Proc. 2nd Worksh. Hot Top. Netw. Hotnets II. ACM SIGCOMM, Boston, USA, 2003.
• [9] J. Newsome, B. Karp, and D. Song, “Polygraph – automatically generating signatures for polymorphic worms”, in Proc. IEEE Symp.Secur. Priv. SP 2005, Washington, USA, 2005, pp. 226–241.
• [10] Y. Tang and S. Chen, “Defending against Internet worms: a signature-based approach”, in Proc. 24th Ann. Conf. IEEE INFOCOM 2005, Miami, USA, 2005.
• [11] P. Baecher, M. Koetter, T. Holz, M. Dornseif, and F. Freiling, “The nepenthes platform: an efficient approach to collect malware”, in Proc. 9th Int. Symp. Recent Adv. Intrus. Detect. RAID 2006, Hamburg, Germany, 2006.
• [12] C. Leita, K. Mermoud, and M. Dacier, “ScriptGen: an automated script generation tool for honeyd”, in Proc. 21st Ann. Comput. Secur. Appl. Conf. ACSAC 2005, Tucson, USA, 2005.
• [13] C. Leita, M. Dacier, and F. Massicotte, “Automatic handling of protocol dependencies and reaction to 0-day attacks with ScriptGen based honeypots”, in Proc. 9th Int. Symp. Recent Adv. Intrus. Detect. RAID 2006, Hamburg, Germany, 2006.