IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Firewalls and Internet security: repelling the wily hacker
Firewalls and Internet security: repelling the wily hacker
Classification and detection of computer intrusions
Classification and detection of computer intrusions
Decentralizing control and intelligence in network management
Proceedings of the fourth international symposium on Integrated network management IV
A coding approach to event correlation
Proceedings of the fourth international symposium on Integrated network management IV
Building Internet Firewalls
Distributed audit trail analysis
SNDSS '95 Proceedings of the 1995 Symposium on Network and Distributed System Security (SNDSS'95)
Holding intruders accountable on the Internet
SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
A Testbed for Quantitative Assessment of Intrusion Detection Systems using Fuzzy Logic
IWIA '04 Proceedings of the Second IEEE International Information Assurance Workshop (IWIA'04)
Hi-index | 0.00 |
With the phenomenal increase of unwarranted Internet traffic into corporate networks the need for the development and effective use of currently available intrusion detection (ID) systems has acquired great importance. Compounding this is the constantly evolving techniques by professional hackers to defeat any and every counter measure designed to stem or at least contain their acts.In this paper, we present the results of tests conducted to assess the effectiveness of intrusion detection system in a switched and distributed network environment. The results reveal that the performance of ID systems is a function of various factors including network topology, deployment techniques, and network throughput, bandwidth and network traffic conditions.Within the limits of our studies, the findings can be summarized as: 1. The detection capability of the ID system diminishes with increase in bandwidth utilization with the obvious implication that better performance could be achieved with the use of multiple sensors. 2. Deployment at network or domain entry points i.e. outside decoy provides better performance results by up to 11%. 3. Deployment with packet loss limiting devices produces a better result than deployment with the port mirroring technique by up to 27%.