Bio-informatic models for security

From IIITM-k-wiki

"A discussion regarding the study of the implementation of biological Concept(DNA folding/unfolding) in System Security".

Contents 1 Analysis of two Papers 1.1 DNA STRUCTURE 1.2 Various Proposals 1.3 Discussion details of 8-01-07 1.4 Bibliography 1.5 A proposed IDS technique using co-relation matrices 2 Designed Model

Analysis of two Papers

Firstly we have seen two Research Papers,and analysed that.The first one"Monitoring Controllers'DNA Sequence' for System security" was a little bit confusing. The Paper proposed that each system can be characterized by DNA sequences.They have shown how DNA sequences changed and how neural network can be trained to monitor the normal and abnormal evolution of a DNA sequence.The given Graphs and tables was not clear. But the second one"Behavioural Distance for Intrusion Detection" is a better one.They proposed about the concept of behavioural Distance,which evaluates the extent to which two process behaves similarly in response to a common input.But they have mentioned certion functions(f1(),f2(),f3()..) which are not very clear.

Based on the above two papers,we got some new idea regarding the implementation of the DNA folding concept to Security.

DNA STRUCTURE

Deoxyribose NucleicAcid(DNA) is the basic building bock of human body,is a polymer.The monomer units of DNA are nucleotides,the four nucleotides are given one letter abbreviations as shorthand for the four bases.

• A is for adenine
• G is for guanine
• C is for cytosine
• T is for thymine

The DNA backbone is a polymer with an alternating sugar-phosphate sequence. The deoxyribose sugars are joined at both the 3'-hydroxyl and 5'-hydroxyl groups to phosphate groups in ester links, also known as "phosphodiester" bonds.DNA is a normally double stranded macromolecule. Two polynucleotide chains, held together by weak thermodynamic forces, form a DNA molecule.The weak thermodynamicforces gives the DNA,its 3-D structure,so called the DNA folding. If a virus attacks,these foces because of weak bonds will break,thus starts the DNA unfolding.

Various Proposals

1. Here we will view the Operating system as a DNA with the various processes like 'open','read','write' as the bases.These commands have some inter relationships which can be viewed as bonds ,thus forming a 3-D folded structure.If a virus attacks here,these commands will show abnormal behaviour,thus the Systm DNA unfolds.
2. The next proposal relates the Grammar in Theoretical computational Science with the above biological concept.

For example: Grammars represent certain String Patterns which shows the semantic meaning of a language.

Let S->aaabbb be a String and the Grammar for the string pattern is
S->ab||aSb;
If any 'a' or'b' is missing,the semantic will become meaning less.
Here  we have to find the relationship between the letters in the string so that it can giv a 3-D structure.
If a virus attacks here in a string patterns,it shows an abnormal behaviour and thus the sequence starts unfolding.

Discussion details of 8-01-07

Today we discussed about a paper regarding a formal grammar that includes RNA psuedoknots.This grammar encompasses the context free grammars and goes beyond to generate psuedoknotted structures.The pseudoknot grammar avoids the use of general context sensitive rules by introducing a small number of auxillary symbols used to reorder strings generated by an otherwise context free grammar.We are trying to get the details of server logs and shall find the relations ships between various logs.Then we can find the rules and conventions for formulating a grammar.

1)A paper on logs and virus intrusion detection:[[1]]

2)Biological models of security for virus propagation in computer networks:[[2]]

3)Biological analogies for information system survivability:[[3]]

Bibliography

1)A Survey on Intrusion Detection Ananlysis methods:-[[4]]

2)Attacks against computer Network:a formal grammar based framework and simulation tool: [[5]]

3)Efficient Context Sensitive Intrusion Detection:

[[6]]

4)"Behavioural Distance for intrusion detection"-Debin Gao,Michael k.Reiter and Dawn Song [[7]]

5)"Monitoring Controller's DNA Sequence for System Security"-Benjamin Yu,Eric Byres and Clay Howey[[8]]

6)"A Molecular Graphics companion to an Introductory Course in Biology or Biochemistry."-Richard B.Hallick: [[9]]

7)Computer System Intrusion Detection[[10]]

8)Biological Inspiration for computing[[11]]

9)The language of RNA:a formal Grammar that includes Pseudoknots [[12]]

10)A Comparative method for finding and folding RNA Secondary Structures within Protein Coding Regions [[13]]

11) Efficient pairwise RNA Structure Prediction and alignment using sequence aligment constraints[[14]]

12)RNA Secondary Structure Prediction using Context Sensitive Hidden Markov Models-Byung-Jun Yoon,California Institute of Technologyhttp://www.systems.caltech.edu/dsp/students/bjyoon/conf/biocas_2004.pdf

13)How Do RNA folding algorithms work?-Sean R Eddy [[15]]

14)RNA Structure and Prediction--M.Nelson and S.Istrail [[16]]

15)A Dynamic Programming Algorithm for RNA Structure Prediction including pseudoknots[[17]]

16)Research in Intrusion Detection systems-a survey [[18]]

Discussion Details"12-01-07"Link title

We discussed a new research paper regarding the security which is related to a biological concept.In that paper certain biological models have been discussed. [[19]]

A proposed IDS technique using co-relation matrices

The proposed IDS looks into the log files during every period of time say'p'.Suppose there are 'N' events or activities in the log file.Make a N*N Symmetric matrix say 'A' (since the activities(1,3) and (3,1) are same). Find the frequency of events during a specified period of time say 'P1' and enter the frequenciencies into the matrix A. Monitor the system after each period of time and make the new matrix 'B' which also contains the frequencies of 'N' events.Then get a difference matrix 'C' by subtracting matrix B from matrix 'A'. C=A-B; If no intrusion has occured ,then the matrix 'C' contains 0's,say a sparse matrix. Getting Non-Zero values from 'C' shows that some intrusion is been detected.Thus by merely checking the matrices,we could say that whether an intrusion has occured or not. The main goal of our research project is not only to make an IDS but also to find an Intrusion Prevention System(IPS).Once an intrusion activity is detected from the matrix,we can automate it to kill that intruded activity,so that by next time if it tries to intrude that process can be killed by itself.

Designed Model

The First phase of study has done using the co-relation matrices .An N*N matrix is made with the frequencies of the events as the values(say Sm).Since the events are co-related ,the matrix thus will be upper triangular.The values in the upper triangular matrix are changed with the random numbers(Rm).A comparison between the Rm and Sm can give a difference matrix(Dm) which shows the variation of frequencies after the attack.With a threshold value(T) which is an average is compared with all the frequencies in the difference matrix.If any value is more than the threshold,that shows an anomalous situation.So from the resultant matrix itselt,the nonzero entries shows an anomalous situtaion in the frequencies of events.