A truncation in the Aryl Hydrocarbon Receptor of the CRL:WI(Han) rat does not affect the developmental toxicity of TCDD

The Aryl Hydrocarbon Receptor (AhR) is required for the toxicity of TCDD, and so the AhR of CRL:WI and CRL:WI(Han) rats was characterised. Western blot showed AhR proteins of ~110 and ~97 kDa in individual rats from both strains. The AhR cDNA from a CRL:WI(Han) rat with the ~110kDa protein revealed a sequence that was identical to that of the CRL:WI and SD rat. However, cloning of the AhR from a rat with the ~97kDa protein revealed a point mutation, and five variants encoding two C-terminally truncated variants of the AhR protein, arising from a point mutation in the intron/exon junction and consequent differential splicing. These C-terminally truncated variants were expressed and shown to give rise to a protein of ~97kDa; the recombinant AhR bound TCDD with an affinity that was not statistically different from the full-length protein. A single-nucleotide polymorphism (SNP) assay was developed, and showed that both alleles were represented in a Hardy-Weinberg equilibrium in samples of CRL:WI and CRL:WI(Han) populations; both alleles are abundant. Rats from two studies of TCDD developmental toxicity were genotyped, and the association with toxicity investigated using statistical analysis. There was no plausible evidence that the AhR allele had a significant effect on the toxic endpoints examined. These data show that the two AhR alleles are common in two strains of Wistar rat, and that the AhR alleles had no effect on TCDD-induced developmental toxicity in two independent studies.

Rule Generalisation in Intrusion Detection Systems using Snort

Intrusion Detection Systems (IDSs) provide an important layer of security for computer systems and networks, and are becoming more and more necessary as reliance on Internet services increases and systems with sensitive data are more commonly open to Internet access. An IDS’s responsibility is to detect suspicious or unacceptable system and network activity and to alert a systems administrator to this activity. The majority of IDSs use a set of signatures that define what suspicious traffic is, and Snort is one popular and actively developing open-source IDS that uses such a set of signatures known as Snort rules. Our aim is to identify a way in which Snort could be developed further by generalising rules to identify novel attacks. In particular, we attempted to relax and vary the conditions and parameters of current Snort rules, using a similar approach to classic rule learning operators such as generalisation and specialisation. We demonstrate the effectiveness of our approach through experiments with standard datasets and show that we are able to detect previously undetected variants of various attacks. We conclude by discussing the general effectiveness and appropriateness of generalisation in Snort based IDS rule processing. Keywords: anomaly detection, intrusion detection, Snort, Snort rules

Rule Generalisation in Intrusion Detection Systems using Snort

Intrusion Detection Systems (IDSs) provide an important layer of security for computer systems and networks, and are becoming more and more necessary as reliance on Internet services increases and systems with sensitive data are more commonly open to Internet access. An IDS’s responsibility is to detect suspicious or unacceptable system and network activity and to alert a systems administrator to this activity. The majority of IDSs use a set of signatures that define what suspicious traffic is, and Snort is one popular and actively developing open-source IDS that uses such a set of signatures known as Snort rules. Our aim is to identify a way in which Snort could be developed further by generalising rules to identify novel attacks. In particular, we attempted to relax and vary the conditions and parameters of current Snort rules, using a similar approach to classic rule learning operators such as generalisation and specialisation. We demonstrate the effectiveness of our approach through experiments with standard datasets and show that we are able to detect previously undetected variants of various attacks. We conclude by discussing the general effectiveness and appropriateness of generalisation in Snort based IDS rule processing. Keywords: anomaly detection, intrusion detection, Snort, Snort rules