Protein Fingerprinting: A Domain-Free Approach to Protein Analysis

An alternative method for analyzing proteins is proposed. Currently, protein search engines available on the internet utilize domains (predefined sequences of amino acids) to align proteins. The method presented converts a protein sequence with the use of 1200 numeric codes that represent a unique three—amino-acid protein sequence. Each numeric code starts with one of three specific amino acids, followed by any two additional amino acids. With the use of the FPC (FingerPrinted Contig) program, the total protein database (including “redundant” records) from the National Center for Biotechnology Information (NCBI) has been processed and placed into “bins/contigs” based on associations of these triplet codes. When analyzed with FPC, proteins are “contigged” together based on the number of shared fragments, regardless of order. These associations were supported by additional analysis with the standard BLASTP utility from NCBI. Within the created contig sets, there are numerous examples of proteins (allotypes and orthotypes) that have evolved into different, seemingly unrelated proteins. The power of this domain-free technique has yet to be explored; however, the ability to bin proteins together with no a priori knowledge of domains may prove a powerful tool in the characterization of the hundreds of thousands of available, yet undescribed expressed protein and open reading frame sequences

A Model to Use Denied Internet Traffic to Indirectly Discover Internal Network Security Problems

We propose a model for using firewall log entries of denied inbound Internet traffic for indirect discovery of local IP addresses that have security problems. This method is used successfully to discover two computers on the network of Southern Illinois University which were infected with malicious feral software, as well as two more IP addresses on the university network with other security problems

Network Intrusion Detection Types and Computation

Abstract—Our research created a network Intrusion Detection Math (ID Math) consisting of two components: (1) a way of specifying intrusion detection types in a manner which is more suitable for an analytical environment; and (2) a computational model which describes methodology for preparing intrusion detection data stepwise from network packets to data structures in a way which is appropriate for sophisticated analytical methods such as statistics, data mining, and computational intelligence. We used ID Math in a production Self-Organizing Map (SOM) intrusion detection system named ANNaBell as well as in the SOM+ Diagnostic System which we developed

Interested in learning

This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission

A Self-Organizing Map and Its Modeling for Discovering Malignant Network Traffic

Model-based intrusion detection and knowledge discovery are combined to cluster and classify P2P botnet traffic and other malignant network activity by using a Self-Organizing Map (SOM) self-trained on denied Internet firewall log entries. The SOM analyzed new firewall log entries in a case study to classify similar network activity, and discovered previously unknown local P2P bot traffic and other security issues