Automatic evaluation of intrusion detection systems

Frédéric Massicotte, François Gagnon, Yvan Labiche, Lionel Briand, Mathieu Couture

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

An Intrusion Detection System (IDS) is a crucial element of a network security posture. Although there are many IDS products available, it is rather difficult to find information about their accuracy. Only a few organizations evaluate these products. Furthermore, the data used to test and evaluate these IDS is usually proprietary. Thus, the research community cannot easily evaluate the next generation of IDS. Toward this end, DARPA provided in 1998, 1999 and 2000 an Intrusion Detection Evaluation Data Set. However, no new data set has been released by DARPA since 2000, in part because of the cumbersomeness of the task. In this paper, we propose a strategy to address certain aspects of generating a publicly available documented data set for testing and evaluating intrusion detection systems. We also present a tool that automatically analyzes and evaluates IDS using our proposed data set.

Original languageEnglish
Title of host publicationProceedings - Annual Computer Security Applications Conference, ACSAC
Pages361-370
Number of pages10
DOIs
Publication statusPublished - 2006
Externally publishedYes
Event22nd Annual Computer Security Applications Conference, ACSAC 2006 - Miami Beach, FL, United States
Duration: 11 Dec 200615 Dec 2006

Publication series

NameProceedings - Annual Computer Security Applications Conference, ACSAC
ISSN (Print)1063-9527

Conference

Conference22nd Annual Computer Security Applications Conference, ACSAC 2006
Country/TerritoryUnited States
CityMiami Beach, FL
Period11/12/0615/12/06

Fingerprint

Dive into the research topics of 'Automatic evaluation of intrusion detection systems'. Together they form a unique fingerprint.

Cite this