The application of bioinformatics to network intrusion detection

In this paper, a novel approach that applies bioinformatics algorithms to network intrusion detection is proposed. Network intrusion detection is the problem to detect security violations on or through a network. Misuse detection approach of network intrusion detection which is widely deployed on today's network environment requires precise signature data and occasionally fails to detect variants of known attacks or new types of attack. Bioinformatics is a discipline where various techniques from mathematics, statistics, and computer science are utilized to solve biological problems. The biological problems often include finding specific patterns in large sequence of complex data. Both intrusion detection and bioinformatics have the similar problem, detection of certain patterns in large sequences of strings. By utilizing such common feature our proposing approach uses sequence alignment techniques from bioinformatics that have been used to quantify and visualize similarity between DNA and protein sequences, to align sequences of network traffic patterns and to evaluate how an access is similar to known attack patterns. There have been several researches utilizing bioinformatics techniques for host based intrusion detection systems that detect anomalous behavior on each host by monitoring sequences of user commands or sequences of system calls invoked by applications. Uniqueness of our approach is to apply sequence alignment algorithms to detect variant of network based attacks in captured network traffic data. We examined several techniques from bioinformatics to apply. An application which uses local alignment and global alignment is underdevelopment. The system scores similarity between monitored network traffic and known attack signatures.