Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Self-configuring network traffic generation
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
A framework for malicious workload generation
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Backtracking Algorithmic Complexity Attacks against a NIDS
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Evaluating distributed systems: does background traffic matter?
ATC'08 USENIX 2008 Annual Technical Conference on Annual Technical Conference
Application-level simulation for network security
Proceedings of the 1st international conference on Simulation tools and techniques for communications, networks and systems & workshops
Predicting the Resource Consumption of Network Intrusion Detection Systems
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Swing: realistic and responsive network traffic generation
IEEE/ACM Transactions on Networking (TON)
Toward instrumenting network warfare competitions to generate labeled datasets
CSET'09 Proceedings of the 2nd conference on Cyber security experimentation and test
An application-level content generative model for network applications
Proceedings of the 5th International ICST Conference on Simulation Tools and Techniques
| Hi-index | 0.00 |
Deep-packet inspection Intrusion Detection Systems (IDS) compare the headers and payload of network packets against a set of known malicious signatures. The composition of the packets combined with the number of known signatures determines the time required by the IDS for matching. Most IDS evaluation techniques employ on/off models where a packet is either malicious or not. Such evaluation ignores the case where the content of a benign packet partially intersects with one or many signatures, causing more processing for the IDS. To address this hole in evaluation we propose a traffic model that uses the target IDS signature set to create partially-matching traffic. This partially-matching traffic then allows the systematic examination of the IDS across multiple scenarios. Such evaluation provides insight into the idiosyncrasies of an IDS that would remain hidden if evaluated under current methodologies.