NETWORK-BASED INTRUSION DETECTION SYSTEMS EVALUATION THROUGH A SHORT TERM EXPERIMENTAL SCRIPT

Luciano Paschoal Gaspary, Leonardo Lemes Fagundes

Abstract

Intrusion Detection Systems (IDSs) have become an essential component to improve security in networked environments. The increasing set of available IDSs has stimulated research projects that investigate means to assess them and to find out their strengths and limitations (in order to improve the IDSs themselves) and to assist the security manager in selecting the product that best suits specific requirements. Current approaches to do that (a) require the accomplishment of complex procedures that take too much time to be executed, (b) do not provide any systematic way of executing them, and (c) require, in general, specific knowledge of IDSs internal structure to be applied. In this paper we address these limitations by proposing a script to evaluate network-based IDSs regarding their detection capability, scalability and false positive rate. Two Intrusion Detection Systems, Snort and Firestorm, have been assessed to validate our approach.

References

  1. Alessandri, D. (2000). Using rule-based activity to evaluate intrusion - detection systems. In Third International Workshop on Recent Advances in Intrusion Detection (RAID), pages 183-196.
  2. Barber, R. (2001). The evolution of intrusion detection systems - the next step. Computer & Security, 20(2):132-145.
  3. Firestorm (2001). Firestorm network intrusion detection system Homepage. http://www.scaramanga.com.uk/.
  4. ISS (1999). Real Secure Systems Inc. Homepage. http://iss.net.
  5. Lippmann, R., Fried, David J., Graf, I., Haines, Joshua W., Kendall, Kristopher R., McClung, D., Weber, D., Webster, Seth E., Wyschogrod, D., Cunningham, Robert K. and Zissman, M. (1998). Evaluating intrusion detection systems: The 1998 DARPA offline intrusion detection evaluation. In proceedings of the DARPA Information Survivability Conference and Exposition (DISCEX) 2000, IEEE Computer Society Press, Los Alaminos, CA.
  6. Lippmann, R., Haines, D., Fried, D. J., Das, K. J., and Korba, J. (1999). Evaluating intrusion detection systems the 1999 darpa off-line intrusion detection evaluation. Computer Networks, 34 (4):579-595.
  7. NFR (2001). Network Flight Recorder, Inc. Homepage. http://www.nfr.com/.
  8. Paxson, V. (1999). Bro a system for detecting network intruders in real-time. Computer Networks, 31(23- 24):2435-2463.
  9. Puketza, N., Chung, M., Olsson, R. A., and Mukherjee, B. (1997). A software platform for testing intrusion detection systems. IEEE Software, 14(5):43-51.
  10. Roesch, M. (1999). Snort - lightweight intrusion detection for networks. In USENIX LISA Conference.
Download


Paper Citation


in Harvard Style

Paschoal Gaspary L. and Lemes Fagundes L. (2004). NETWORK-BASED INTRUSION DETECTION SYSTEMS EVALUATION THROUGH A SHORT TERM EXPERIMENTAL SCRIPT . In Proceedings of the First International Conference on E-Business and Telecommunication Networks - Volume 2: ICETE, ISBN 972-8865-15-5, pages 54-60. DOI: 10.5220/0001399300540060


in Bibtex Style

@conference{icete04,
author={Luciano Paschoal Gaspary and Leonardo Lemes Fagundes},
title={NETWORK-BASED INTRUSION DETECTION SYSTEMS EVALUATION THROUGH A SHORT TERM EXPERIMENTAL SCRIPT},
booktitle={Proceedings of the First International Conference on E-Business and Telecommunication Networks - Volume 2: ICETE,},
year={2004},
pages={54-60},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001399300540060},
isbn={972-8865-15-5},
}


in EndNote Style

TY - CONF
JO - Proceedings of the First International Conference on E-Business and Telecommunication Networks - Volume 2: ICETE,
TI - NETWORK-BASED INTRUSION DETECTION SYSTEMS EVALUATION THROUGH A SHORT TERM EXPERIMENTAL SCRIPT
SN - 972-8865-15-5
AU - Paschoal Gaspary L.
AU - Lemes Fagundes L.
PY - 2004
SP - 54
EP - 60
DO - 10.5220/0001399300540060