Proposals on assessment environments for anomaly-based network intrusion detection systems

Authors:
M. Bermúdez-Edo;R. Salazar-Hernández;J. Díaz-Verdejo;P. García-Teodoro
Affiliations:
Dpt. of Signal Theory, Telematics and Communications, University of Granada, Granada, (Spain);Dpt. of Signal Theory, Telematics and Communications, University of Granada, Granada, (Spain);Dpt. of Signal Theory, Telematics and Communications, University of Granada, Granada, (Spain);Dpt. of Signal Theory, Telematics and Communications, University of Granada, Granada, (Spain)
Venue:
CRITIS'06 Proceedings of the First international conference on Critical Information Infrastructures Security
Year:
2006

Citing 10
Cited 1

The 1999 DARPA off-line intrusion detection evaluation

Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
A Software Platform for Testing Intrusion Detection Systems

IEEE Software
The 1998 Lincoln Laboratory IDS Evaluation

RAID '00 Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection
Intrusion Detection Testing and Benchmarking Methodologies

IEEE-IWIA '03 Proceedings of the First IEEE International Workshop on Information Assurance (IWIA'03)
Learning Rules for Anomaly Detection of Hostile Network Traffic

ICDM '03 Proceedings of the Third IEEE International Conference on Data Mining
Generating realistic workloads for network intrusion detection systems

WOSP '04 Proceedings of the 4th international workshop on Software and performance
Prefix-preserving IP address anonymization: measurement-based security evaluation and a new cryptography-based scheme

Computer Networks: The International Journal of Computer and Telecommunications Networking
Snort - Lightweight Intrusion Detection for Networks

LISA '99 Proceedings of the 13th USENIX conference on System administration
The Need to Improve Local Self-Awareness in CIP/CIIP

IWCIP '05 Proceedings of the First IEEE International Workshop on Critical Infrastructure Protection
Service-Oriented Security Architecture for CII based on Sensor Networks

SECPERU '06 Proceedings of the Second International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing

Hybrid detection of application layer attacks using Markov models for normality and attacks

ICICS'10 Proceedings of the 12th international conference on Information and communications security

Quantified Score

Hi-index	0.00

Visualization

Abstract

One of the key challenges that researchers should face when proposing a new intrusion detection approach (IDS) is that of demonstrating its general validity. This fact goes necessarily through the disposal of a real set of intrusion (as well as non-intrusion) related events, from which to compare and thus validate the performance of the novel proposed techniques. However, this a priori simple issue is far to be obvious because of the lack of a commonly accepted assessment methodology. In this line, the authors discuss a set of basic requirements that an intrusion-oriented framework should fulfill in order to deal with the normalization of the evaluation process in IDS environments. In its current preliminary state, the work is mainly focused to analyze, specify and manage traffic databases for developing and validating NIDS.