Classification and detection of computer intrusions
Classification and detection of computer intrusions
An analysis of security incidents on the Internet 1989-1995
An analysis of security incidents on the Internet 1989-1995
ACM Transactions on Information and System Security (TISSEC)
How to Systematically Classify Computer Security Intrusions
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
A taxonomy of computer attacks with applications to wireless networks
A taxonomy of computer attacks with applications to wireless networks
A Defense-Centric Taxonomy Based on Attack Manifestations
DSN '04 Proceedings of the 2004 International Conference on Dependable Systems and Networks
| Hi-index | 0.00 |
To ameliorate the quality of protection provided by intrusion detection systems (IDS) we strongly need more effective evaluation and testing procedures. Evaluating an IDS against all known and unknown attacks is probably impossible. Nevertheless, a sensible selection of representative attacks is necessary to obtain an unbiased evaluation of such systems. To overcome the problem of an unmanageably large set of possible inputs, software testers usually divide the data input domain into categories (or equivalence classes), and select representative instances from each category as test cases. We believe that the same principle could be applied to IDS testing if we have a reasonable classification. In this paper we make a thorough analysis of existing attack classifications in order to determine whether they could be helpful in selecting attack test cases. Then, we construct a new scheme to classify attacks relying on those attributes that appear to be the best classification criteria.