ACM SIGCOMM Computer Communication Review
A Methodology for Testing Intrusion Detection Systems
IEEE Transactions on Software Engineering
Testing and evaluating computer intrusion detection systems
Communications of the ACM
The base-rate fallacy and its implications for the difficulty of intrusion detection
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
Benchmarking Anomaly-Based Detection Systems
DSN '00 Proceedings of the 2000 International Conference on Dependable Systems and Networks (formerly FTCS-30 and DCCA-8)
How to Lie With Statistics
User authentication through keystroke dynamics
ACM Transactions on Information and System Security (TISSEC)
Enhancing byte-level network intrusion detection signatures with context
Proceedings of the 10th ACM conference on Computer and communications security
Clustering intrusion detection alarms to support root cause analysis
ACM Transactions on Information and System Security (TISSEC)
Unsupervised learning techniques for an intrusion detection system
Proceedings of the 2004 ACM symposium on Applied computing
Cyber defense technology networking and evaluation
Communications of the ACM - Homeland security
Generating realistic workloads for network intrusion detection systems
WOSP '04 Proceedings of the 4th international workshop on Software and performance
A Testbed for Quantitative Assessment of Intrusion Detection Systems using Fuzzy Logic
IWIA '04 Proceedings of the Second IEEE International Information Assurance Workshop (IWIA'04)
Using DAML+OIL to classify intrusive behaviours
The Knowledge Engineering Review
Measuring normality in HTTP traffic for anomaly-based intrusion detection
Computer Networks: The International Journal of Computer and Telecommunications Networking
Testing network-based intrusion detection signatures using mutant exploits
Proceedings of the 11th ACM conference on Computer and communications security
IP covert timing channels: design and detection
Proceedings of the 11th ACM conference on Computer and communications security
Computer security and intrusion detection
Crossroads
A Comprehensive Approach to Intrusion Detection Alert Correlation
IEEE Transactions on Dependable and Secure Computing
Keystroke analysis of free text
ACM Transactions on Information and System Security (TISSEC)
Focusing on Context in Network Traffic Analysis
IEEE Computer Graphics and Applications
Measuring intrusion detection capability: an information-theoretic approach
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Improving the quality of alerts and predicting intruder's next goal with Hidden Colored Petri-Net
Computer Networks: The International Journal of Computer and Telecommunications Networking
A hierarchical SOM-based intrusion detection system
Engineering Applications of Artificial Intelligence
On Inferring Application Protocol Behaviors in Encrypted Network Traffic
The Journal of Machine Learning Research
Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes
IEEE Transactions on Dependable and Secure Computing
Adaptive real-time anomaly detection with incremental clustering
Information Security Tech. Report
Authentication anomaly detection: a case study on a virtual private network
Proceedings of the 3rd annual ACM workshop on Mining network data
An overview of anomaly detection techniques: Existing solutions and latest technological trends
Computer Networks: The International Journal of Computer and Telecommunications Networking
Challenging the anomaly detection paradigm: a provocative discussion
NSPW '06 Proceedings of the 2006 workshop on New security paradigms
Diffusion and graph spectral methods for network forensic analysis
NSPW '06 Proceedings of the 2006 workshop on New security paradigms
Improving network security using genetic algorithm approach
Computers and Electrical Engineering
Identity verification through dynamic keystroke analysis
Intelligent Data Analysis
Methodologies and frameworks for testing ids in adhoc networks
Proceedings of the 3rd ACM workshop on QoS and security for wireless and mobile networks
Defining categories to select representative attack test-cases
Proceedings of the 2007 ACM workshop on Quality of protection
Design, deployment, and use of the DETER testbed
DETER Proceedings of the DETER Community Workshop on Cyber Security Experimentation and Test on DETER Community Workshop on Cyber Security Experimentation and Test 2007
ATLANTIDES: an architecture for alert verification in network intrusion detection systems
LISA'07 Proceedings of the 21st conference on Large Installation System Administration Conference
Data base support for intrusion detection with honeynets
TELE-INFO'07 Proceedings of the 6th WSEAS Int. Conference on Telecommunications and Informatics
Indirect classification approaches: a comparative study in network intrusion detection
International Journal of Computer Applications in Technology
An anomaly intrusion detection method using the CSI-KNN algorithm
Proceedings of the 2008 ACM symposium on Applied computing
A model-based semi-quantitative approach for evaluating security of enterprise networks
Proceedings of the 2008 ACM symposium on Applied computing
Classification of intrusion detection alerts using abstaining classifiers
Intelligent Data Analysis
Principled reasoning and practical applications of alert fusion in intrusion detection systems
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Seeing the invisible: forensic uses of anomaly detection and machine learning
ACM SIGOPS Operating Systems Review
Computer forensics in forensis
ACM SIGOPS Operating Systems Review
Approximate autoregressive modeling for network attack detection
Journal of Computer Security - Privacy, Security and Trust (PST) Technologies: Evolution and Challenges
Autonomous decision on intrusion detection with trained BDI agents
Computer Communications
A case study in testing a network security algorithm
Proceedings of the 4th International Conference on Testbeds and research infrastructures for the development of networks & communities
Linear-Time Computation of Similarity Measures for Sequential Data
The Journal of Machine Learning Research
ICCBR '07 Proceedings of the 7th international conference on Case-Based Reasoning: Case-Based Reasoning Research and Development
Agent Methods for Network Intrusion Detection and Response
HoloMAS '07 Proceedings of the 3rd international conference on Industrial Applications of Holonic and Multi-Agent Systems: Holonic and Multi-Agent Systems for Manufacturing
Reducing Payload Scans for Attack Signature Matching Using Rule Classification
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
The Problem of False Alarms: Evaluation with Snort and DARPA 1999 Dataset
TrustBus '08 Proceedings of the 5th international conference on Trust, Privacy and Security in Digital Business
On the Limits of Payload-Oblivious Network Attack Detection
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Unsupervised Genetic Algorithm Deployed for Intrusion Detection
HAIS '08 Proceedings of the 3rd international workshop on Hybrid Artificial Intelligence Systems
Correlation-based load balancing for network intrusion detection and prevention systems
Proceedings of the 4th international conference on Security and privacy in communication netowrks
Evaluating the utility of anonymized network traces for intrusion detection
Proceedings of the 4th international conference on Security and privacy in communication netowrks
Boosting Web Intrusion Detection Systems by Inferring Positive Signatures
OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
Intrusion detection alarms reduction using root cause analysis and clustering
Computer Communications
Detecting low-profile scans in TCP anomaly event data
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
Approximate autoregressive modeling for network attack detection
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
Using self-organizing maps to build an attack map for forensic analysis
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
An evaluation of connection characteristics for separating network attacks
International Journal of Security and Networks
Network anomaly detection based on wavelet analysis
EURASIP Journal on Advances in Signal Processing - Special issue on signal processing applications in network intrusion detection systems
McPAD: A multiple classifier system for accurate payload-based anomaly detection
Computer Networks: The International Journal of Computer and Telecommunications Networking
A taxonomy and adversarial model for attacks against network log anonymization
Proceedings of the 2009 ACM symposium on Applied Computing
PAISI '09 Proceedings of the Pacific Asia Workshop on Intelligence and Security Informatics
Information fusion for computer security: State of the art and open issues
Information Fusion
Using Contextual Information for IDS Alarm Classification (Extended Abstract)
DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
An adaptive genetic-based signature learning system for intrusion detection
Expert Systems with Applications: An International Journal
ACM Transactions on Autonomous and Adaptive Systems (TAAS)
Review: The use of computational intelligence in intrusion detection systems: A review
Applied Soft Computing
Anomaly extraction in backbone networks using association rules
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
Improvement in intrusion detection with advances in sensor fusion
IEEE Transactions on Information Forensics and Security
Regular Expression Matching on Graphics Hardware for Intrusion Detection
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Detecting Network Anomalies Using CUSUM and EM Clustering
ISICA '09 Proceedings of the 4th International Symposium on Advances in Computation and Intelligence
Mathematical analysis of sensor fusion for intrusion detection systems
COMSNETS'09 Proceedings of the First international conference on COMmunication Systems And NETworks
Developing insider attack detection model: a grounded approach
ISI'09 Proceedings of the 2009 IEEE international conference on Intelligence and security informatics
Alarm clustering for intrusion detection systems in computer networks
Engineering Applications of Artificial Intelligence
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
A detailed analysis of the KDD CUP 99 data set
CISDA'09 Proceedings of the Second IEEE international conference on Computational intelligence for security and defense applications
Analysis of the 1999 DARPA/Lincoln laboratory IDS evaluation data with NetADHICT
CISDA'09 Proceedings of the Second IEEE international conference on Computational intelligence for security and defense applications
Information Sciences: an International Journal
A linear genetic programming approach to intrusion detection
GECCO'03 Proceedings of the 2003 international conference on Genetic and evolutionary computation: PartII
Comparing anomaly detection techniques for HTTP
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
ELICIT: a system for detecting insiders who violate need-to-know
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
On the use of different statistical tests for alert correlation: short paper
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Dependability metrics
Optimizing network anomaly detection scheme using instance selection mechanism
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Intrusion detection using GSAD model for HTTP traffic on web services
Proceedings of the 6th International Wireless Communications and Mobile Computing Conference
An ensemble-based evolutionary framework for coping with distributed intrusion detection
Genetic Programming and Evolvable Machines
Traffic classification using visual motifs: an empirical evaluation
Proceedings of the Seventh International Symposium on Visualization for Cyber Security
A Framework for Large-Scale Detection of Web Site Defacements
ACM Transactions on Internet Technology (TOIT)
CSET'09 Proceedings of the 2nd conference on Cyber security experimentation and test
Toward instrumenting network warfare competitions to generate labeled datasets
CSET'09 Proceedings of the 2nd conference on Cyber security experimentation and test
Semi-supervised learning for false alarm reduction
ICDM'10 Proceedings of the 10th industrial conference on Advances in data mining: applications and theoretical aspects
A comparison of feature-selection methods for intrusion detection
MMM-ACNS'10 Proceedings of the 5th international conference on Mathematical methods, models and architectures for computer network security
Network intrusion detection: dead or alive?
Proceedings of the 26th Annual Computer Security Applications Conference
Proceedings of the 6th International COnference
Neural visualization of network traffic data for intrusion detection
Applied Soft Computing
Abstracting audit data for lightweight intrusion detection
ICISS'10 Proceedings of the 6th international conference on Information systems security
Hybrid detection of application layer attacks using Markov models for normality and attacks
ICICS'10 Proceedings of the 12th international conference on Information and communications security
Exploring discrepancies in findings obtained with the KDD Cup '99 data set
Intelligent Data Analysis
Emphasizing anomalous events in computer networks for improved security
MIV'05 Proceedings of the 5th WSEAS international conference on Multimedia, internet & video technologies
Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security
Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security
AI based supervised classifiers: an analysis for intrusion detection
ACAI '11 Proceedings of the International Conference on Advances in Computing and Artificial Intelligence
TVi: a visual querying system for network monitoring and anomaly detection
Proceedings of the 8th International Symposium on Visualization for Cyber Security
Application of the generic feature selection measure in detection of web attacks
CISIS'11 Proceedings of the 4th international conference on Computational intelligence in security for information systems
Fast, memory-efficient regular expression matching with NFA-OBDDs
Computer Networks: The International Journal of Computer and Telecommunications Networking
Experimental challenges in cyber security: a story of provenance and lineage for malware
CSET'11 Proceedings of the 4th conference on Cyber security experimentation and test
Tunable immune detectors for behaviour-based network intrusion detection
ICARIS'11 Proceedings of the 10th international conference on Artificial immune systems
Prioritizing intrusion analysis using Dempster-Shafer theory
Proceedings of the 4th ACM workshop on Security and artificial intelligence
Proceedings of the 4th ACM workshop on Security and artificial intelligence
Detecting, validating and characterizing computer infections in the wild
Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference
ICAPR'05 Proceedings of the Third international conference on Pattern Recognition and Image Analysis - Volume Part II
Redesign and implementation of evaluation dataset for intrusion detection system
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
Detecting unknown network attacks using language models
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
A network activity classification schema and its application to scan detection
IEEE/ACM Transactions on Networking (TON)
A database of anomalous traffic for assessing profile based IDS
TMA'10 Proceedings of the Second international conference on Traffic Monitoring and Analysis
SPAD: a session pattern anomaly detector for pre-alerting intrusions in home network
ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part IV
ICIAP'05 Proceedings of the 13th international conference on Image Analysis and Processing
Analyzing TCP traffic patterns using self organizing maps
ICIAP'05 Proceedings of the 13th international conference on Image Analysis and Processing
TCPtransform: property-oriented TCP traffic transformation
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
A brief observation-centric analysis on anomaly-based intrusion detection
ISPEC'05 Proceedings of the First international conference on Information Security Practice and Experience
Analysis of three intrusion detection system benchmark datasets using machine learning algorithms
ISI'05 Proceedings of the 2005 IEEE international conference on Intelligence and Security Informatics
Towards an information-theoretic framework for analyzing intrusion detection systems
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Effectiveness evaluation of data mining based IDS
ICDM'06 Proceedings of the 6th Industrial Conference on Data Mining conference on Advances in Data Mining: applications in Medicine, Web Mining, Marketing, Image and Signal Mining
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Segmental parameterisation and statistical modelling of e-mail headers for spam detection
Information Sciences: an International Journal
Using attack-specific feature subsets for network intrusion detection
AI'06 Proceedings of the 19th Australian joint conference on Artificial Intelligence: advances in Artificial Intelligence
ESAS'06 Proceedings of the Third European conference on Security and Privacy in Ad-Hoc and Sensor Networks
An evolutionary multi-agent approach to anomaly detection and cyber defense
Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research
Automatically building datasets of labeled IP traffic traces: A self-training approach
Applied Soft Computing
Anomaly detection methods in wired networks: a survey and taxonomy
Computer Communications
Network intrusion detection system: a machine learning approach
Intelligent Decision Technologies
Ethical dilemmas in take-down research
FC'11 Proceedings of the 2011 international conference on Financial Cryptography and Data Security
Methods for testing network-intrusion detection systems
Scientific and Technical Information Processing
A-GHSOM: An adaptive growing hierarchical self organizing map for network anomaly detection
Journal of Parallel and Distributed Computing
E-NIPS: an event-based network intrusion prediction system
ISC'07 Proceedings of the 10th international conference on Information Security
Improving an SVD-based combination strategy of anomaly detectors for traffic labelling
Proceedings of the Asian Internet Engineeering Conference
Turtles all the way down: a clean-slate, ground-up, first-principles approach to secure systems
Proceedings of the 2012 workshop on New security paradigms
New class-dependent feature transformation for intrusion detection systems
Security and Communication Networks
Performance analysis of wireless intrusion detection systems
IDCS'12 Proceedings of the 5th international conference on Internet and Distributed Computing Systems
Anomaly extraction in backbone networks using association rules
IEEE/ACM Transactions on Networking (TON)
The use of artificial-intelligence-based ensembles for intrusion detection: a review
Applied Computational Intelligence and Soft Computing
CSS'12 Proceedings of the 4th international conference on Cyberspace Safety and Security
Intelligent alarm filter using knowledge-based alert verification in network intrusion detection
ISMIS'12 Proceedings of the 20th international conference on Foundations of Intelligent Systems
NSS'12 Proceedings of the 6th international conference on Network and System Security
Feature subset selection using binary gravitational search algorithm for intrusion detection system
ACIIDS'13 Proceedings of the 5th Asian conference on Intelligent Information and Database Systems - Volume Part II
Review Article: RePIDS: A multi tier Real-time Payload-based Intrusion Detection System
Computer Networks: The International Journal of Computer and Telecommunications Networking
Towards application classification with vulnerability signatures for IDS/IPS
Proceedings of the First International Conference on Security of Internet of Things
An adaptive ensemble classifier for mining concept drifting data streams
Expert Systems with Applications: An International Journal
Administrative evaluation of intrusion detection system
Proceedings of the 2nd annual conference on Research in information technology
Proceedings of the South African Institute for Computer Scientists and Information Technologists Conference
Network anomaly detection with bayesian self-organizing maps
IWANN'13 Proceedings of the 12th international conference on Artificial Neural Networks: advances in computational intelligence - Volume Part I
Semantic security against web application attacks
Information Sciences: an International Journal
A survey of intrusion detection techniques for cyber-physical systems
ACM Computing Surveys (CSUR)
Hybrid decision tree and naïve Bayes classifiers for multi-class classification tasks
Expert Systems with Applications: An International Journal
Journal of Network and Computer Applications
| Hi-index | 0.00 |
In 1998 and again in 1999, the Lincoln Laboratory of MIT conducted a comparative evaluation of intrusion detection systems (IDSs) developed under DARPA funding. While this evaluation represents a significant and monumental undertaking, there are a number of issues associated with its design and execution that remain unsettled. Some methodologies used in the evaluation are questionable and may have biased its results. One problem is that the evaluators have published relatively little concerning some of the more critical aspects of their work, such as validation of their test data. The appropriateness of the evaluation techniques used needs further investigation. The purpose of this article is to attempt to identify the shortcomings of the Lincoln Lab effort in the hope that future efforts of this kind will be placed on a sounder footing. Some of the problems that the article points out might well be resolved if the evaluators were to publish a detailed description of their procedures and the rationale that led to their adoption, but other problems would clearly remain./par