Classification and detection of computer intrusions
Classification and detection of computer intrusions
Analyzing computer intrusions
An analysis of security incidents on the Internet 1989-1995
An analysis of security incidents on the Internet 1989-1995
Testing and evaluating computer intrusion detection systems
Communications of the ACM
Towards a taxonomy of intrusion-detection systems
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on computer network security
Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
Dependability: Basic Concepts and Terminology
Dependability: Basic Concepts and Terminology
ISA '09 Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance
Hi-index | 0.00 |
After more than a decade of development, there are now many commercial and non-commercial intrusion-detection systems (IDSes) available. However, they tend to generate false alarms at high rates while overlooking real threats. The results described in this paper have been obtained in the context of work that aims to identify means for supporting the analysis, evaluation, and design of large-scale intrusion-detection architectures. We propose a practical method for evaluating IDSes and identifying their strengths and weaknesses. Our approach shall allow us to evaluate IDSes for their capabilities, unlike existing approaches that evaluate their implementation. It is furthermore shown how the obtained knowledge can be used to analyze and evaluate an IDS.