Dependable security: testing network intrusion detection systems

Authors:
Carrie Gates;Carol Taylor;Matt Bishop
Affiliations:
CA Labs, CA;University of Idaho;University of California Davis
Venue:
HotDep'07 Proceedings of the 3rd workshop on on Hot Topics in System Dependability
Year:
2007

Citing 11
Cited 2

Why we don't know how to simulate the Internet

Proceedings of the 29th conference on Winter simulation
Defending Yourself: The Role of Intrusion Detection Systems

IEEE Software
Learning Rules for Anomaly Detection of Hostile Network Traffic

ICDM '03 Proceedings of the Third IEEE International Conference on Data Mining
Characteristics of internet background radiation

Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Snort - Lightweight Intrusion Detection for Networks

LISA '99 Proceedings of the 13th USENIX conference on System administration
The devil and packet trace anonymization

ACM SIGCOMM Computer Communication Review
Automatic Evaluation of Intrusion Detection Systems

ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
A first look at modern enterprise traffic

IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Bro: a system for detecting network intruders in real-time

SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Challenging the anomaly detection paradigm: a provocative discussion

NSPW '06 Proceedings of the 2006 workshop on New security paradigms
Sanitization models and their limitations

NSPW '06 Proceedings of the 2006 workshop on New security paradigms

Dartmouth internet security testbed (DIST: building a campus-wide wireless testbed

CSET'09 Proceedings of the 2nd conference on Cyber security experimentation and test
Dartmouth internet security testbed (DIST: building a campus-wide wireless testbed

CSET'09 Proceedings of the 2nd conference on Cyber security experimentation and test

Quantified Score

Hi-index	0.00

Visualization

Abstract

The Network security systems have unique testing requirements. Like other systems, they need to be tested to ensure that they perform as expected, and to specify the conditions under which they might fail. However, un-like other systems, the data required to perform such testing is not easily or publicly available. In this paper we present the requirements for appropriate network traces for testing such systems, along with the challenges of creating public network traces. We make recommendations for tackling these challenges and suggest approaches to developing a public suite of network traces for use by the security community.