Automatic evaluation of intrusion detection systems
An Intrusion Detection System (IDS) is a crucial element of a network security posture. Although there are many IDS products available, it is rather difficult to find information about their accuracy. Only a few organizations evaluate these products. Furthermore, the data used to test and evaluate these IDS is usually proprietary. Thus, the research community cannot easily evaluate the next generation of IDS. Toward this end, DARPA provided in 1998, 1999 and 2000 an Intrusion Detection Evaluation Data Set. However, no new data set has been released by DARPA since 2000, in part because of the cumbersomeness of the task. In this paper, we propose a strategy to address certain aspects of generating a publicly available documented data set for testing and evaluating intrusion detection systems. We also present a tool that automatically analyzes and evaluates IDS using our proposed data set.
|22nd Annual Computer Security Applications Conference, ACSAC 2006|
Massicotte, F. (Frédéric), Gagnon, F, Labiche, Y, Briand, L. (Lionel), & Couture, M. (Mathieu). (2006). Automatic evaluation of intrusion detection systems. Presented at the 22nd Annual Computer Security Applications Conference, ACSAC 2006. doi:10.1109/ACSAC.2006.15