Evaluating Computer Intrusion Detection Systems: A Survey of Common Practices

被引：116

作者：

Milenkoski, Aleksandar ^{[1
]}

Vieira, Marco ^{[2
]}

Kounev, Samuel ^{[1
]}

Avritzer, Alberto ^{[3
]}

Payne, Bryan D. ^{[4
]}

机构：

[1] Univ Wurzburg, D-97074 Wurzburg, Germany

[2] Univ Coimbra, P-3030290 Coimbra, Portugal

[3] Siemens Corp, Corp Technol, Princeton, NJ 08540 USA

[4] Netflix Inc, Los Gatos, CA 95032 USA

来源：

ACM COMPUTING SURVEYS | 2015年 / 48卷 / 01期

关键词：

Computer intrusion detection systems; workload generation; metrics; measurement methodology; NIDS;

D O I：

10.1145/2808691

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

The evaluation of computer intrusion detection systems (which we refer to as intrusion detection systems) is an active research area. In this article, we survey and systematize common practices in the area of evaluation of such systems. For this purpose, we define a design space structured into three parts: workload, metrics, and measurement methodology. We then provide an overview of the common practices in evaluation of intrusion detection systems by surveying evaluation approaches and methods related to each part of the design space. Finally, we discuss open issues and challenges focusing on evaluation methodologies for novel intrusion detection systems.

引用

页数：41

共 65 条

[21] ReVirt: Enabling intrusion analysis through virtual-machine logging and replay
Dunlap, GW
King, ST
Cinar, S
Basrai, MA
Chen, PM
[J]. USENIX ASSOCIATION PROCEEDINGS OF THE FIFTH SYMPOSIUM ON OPERATING SYSTEMS DESIGN AND IMPLEMENTATION, 2002, : 211 - 224
[22] Testing and evaluating computer intrusion detection systems
Durst, R
Champion, T
Witten, B
Miller, E
Spagnuolo, L
[J]. COMMUNICATIONS OF THE ACM, 1999, 42 (07) : 53 - 61
[23] Evaluation of Web Security Mechanisms Using Vulnerability & Attack Injection
Fonseca, Jose
Vieira, Marco
Madeira, Henrique
[J]. IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2014, 11 (05) : 440 - 453
[24] Fontugne Romain, 2010, P 6 INT C CO NEXT 20, DOI DOI 10.1145/1921168.1921179
[25] FOSTER JC, 2007, METASPLOIT TOOLKIT P
[26] Evaluation of intrusion detectors: A decision theory approach
Gaffney, JE
Ulvila, JW
[J]. 2001 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, PROCEEDINGS, 2001, : 50 - 61
[27] Garfinkel M., 2003, NDSS, P191
[28] Griffin J., 2003, FEASIBILITY INTRUSIO
[29] Hall M, 2002, LECT NOTES COMPUT SC, V2516, P239
[30] Hassanzadeh Amin., 2011, Proceedings of the 20th International Conference on Computer Communications and Networks (ICCCN), P1

← 1 2 3 4 5 6 7 →