Experimental queueing analysis with long-range dependent packet traffic
IEEE/ACM Transactions on Networking (TON)
Data networks as cascades: investigating the multifractal nature of Internet WAN traffic
Proceedings of the ACM SIGCOMM '98 conference on Applications, technologies, architectures, and protocols for computer communication
Testing and evaluating computer intrusion detection systems
Communications of the ACM
Mining in a data-flow environment: experience in network intrusion detection
KDD '99 Proceedings of the fifth ACM SIGKDD international conference on Knowledge discovery and data mining
ACM Transactions on Information and System Security (TISSEC)
On the relationship between file sizes, transport protocols, and self-similar network traffic
ICNP '96 Proceedings of the 1996 International Conference on Network Protocols (ICNP '96)
Non-Gaussian and Long Memory Statistical Characterizations for Internet Traffic with Anomalies
IEEE Transactions on Dependable and Secure Computing
The need for simulation in evaluating anomaly detectors
ACM SIGCOMM Computer Communication Review
LaasNetExp: a generic polymorphic platform for network emulation and experiments
Proceedings of the 4th International Conference on Testbeds and research infrastructures for the development of networks & communities
NADA - network anomaly detection algorithm
DSOM'07 Proceedings of the Distributed systems: operations and management 18th IFIP/IEEE international conference on Managing virtualization of networks and services
Proceedings of the 6th International COnference
Improving an SVD-based combination strategy of anomaly detectors for traffic labelling
Proceedings of the Asian Internet Engineeering Conference
Hi-index | 0.00 |
This paper aims at proposing a methodology for evaluating current IDS capabilities of detecting attacks targeting the networks and their services. This methodology tries to be as realistic as possible and reproducible, i.e. it works with real attacks and real traffic in controlled environments. It especially relies on a database containing attack traces specifically created for that evaluation purpose. By confronting IDS to these attack traces, it is possible to get a statistical evaluation of IDS, and to rank them according to their detection capabilities without false alarms. For illustration purposes, this paper shows the results obtained with 3 public IDS. It also shows how the attack traces database impacts the results got for the same IDS.