Testing Intrusion Detection Systems: An engineered approach

被引:0
作者
El Rab, Mohammed S. Gad [1 ]
El Kalam, Anas Abou [1 ]
机构
[1] Univ Orlans, ENSI Bourges, LIFO, 10 Bd Lahitolle, F-18020 Bourges, France
来源
PROCEEDINGS OF THE 10TH IASTED INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING AND APPLICATIONS | 2006年
关键词
security; intrusion detection systems; testing; evaluation;
D O I
暂无
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
The enhancements of Intrusion Detection Systems (IDS) are still bellow expectations. The great number of false positives (false alarms) and false negatives (undetected intrusions) has survived in recent versions as well as in the old ones. This may be -in part- caused by the shortage of an effective, unbiased evaluation and testing methodology that is both scientifically rigorous and technically feasible. The complexity of the environments where Intrusion detection systems operate, makes the evaluation process itself a nontrivial task. For this reason, ad-hoc evaluations often produce results that don't correspond to real world. In this paper, we propose a framework for evaluating IDSes as well as some new metrics. This systematic methodology follows an engineered approach to manage the complexity of the evaluation process and takes into account both environment and IDS characteristics. 514-072.pdf
引用
收藏
页码:270 / +
页数:2
相关论文
共 12 条
[1]  
ALESSANDRI D, 2004, THESIS U NEWCASTLE T
[2]  
ANTONATOS S, 2004, P 4 INT WORKSH SOFTW
[3]  
DEBAR H, 1998, RZ2998 IBM ZUR RES D
[4]  
*INT SEC SYST INC, 1999, EV INTR DET SOL STRA
[5]  
JANSEN W, 2000, P 12 ANN CAN INF TEC
[6]  
KENDALL K, 1999, THESIS MIT
[7]  
Lippmann R, 2000, P DARPA INF SURV C E, V2, P12, DOI DOI 10.1109/DISCEX.2000.821506
[8]  
MARTY R, 2002, THESIS ETH ZURICH
[9]  
McHugh J., 2000, ACM T INFORM SYSTEM, V3
[10]  
MELL P, 2003, 7007 NISTIR
12