ACM SIGCOMM Computer Communication Review
Cleanroom software engineering: technology and process
Cleanroom software engineering: technology and process
The base-rate fallacy and its implications for the difficulty of intrusion detection
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
A Synthetic Fraud Data Generation Methodology
ICICS '02 Proceedings of the 4th International Conference on Information and Communications Security
Evaluating indirect and direct classification techniques for network intrusion detection
Intelligent Data Analysis
A Comparative Evaluation of Anomaly Detectors under Portscan Attacks
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Toward credible evaluation of anomaly-based intrusion-detection methods
IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews
Accuracy improving guidelines for network anomaly detection systems
Journal in Computer Virology
Proposals on assessment environments for anomaly-based network intrusion detection systems
CRITIS'06 Proceedings of the First international conference on Critical Information Infrastructures Security
Detecting unknown network attacks using language models
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
A new unsupervised anomaly detection framework for detecting network attacks in real-time
CANS'05 Proceedings of the 4th international conference on Cryptology and Network Security
Improved anomaly detection using block-matching denoising
Computer Communications
A journey towards rigorous cybersecurity experiments: on the application of criminological theories
Proceedings of the 2012 Workshop on Learning from Authoritative Security Experiment Results
| Hi-index | 0.00 |
In 1998 (and again in 1999), the Lincoln Laboratory of MIT conducted a comparative evaluation of Intrusion Detection Systems developed under DARPA funding. While this evaluation represents a significant and monumental undertaking, there are a number of unresolved issues associated with its design and execution. Some of methodologies used in the evaluation are questionable and may have biased its results. One of the problems with the evaluation is that the evaluators have published relatively little concerning some of the more critical aspects of their work, such as validation of their test data. The purpose of this paper is to attempt to identify the shortcomings of the Lincoln Lab effort in the hope that future efforts of this kind will be placed on a sounder footing. Some of the problems that the paper points out might well be resolved if the evaluators publish a detailed description of their procedures and the rationale that led to their adoption, but other problems clearly remain.