Testing and evaluating computer intrusion detection systems
Communications of the ACM
A fast string searching algorithm
Communications of the ACM
The 1999 DARPA off-line intrusion detection evaluation
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
Cover story: dragon claws its way to the top
Network Computing
Intrusion Detection Testing and Benchmarking Methodologies
IEEE-IWIA '03 Proceedings of the First IEEE International Workshop on Information Assurance (IWIA'03)
Fast Content-Based Packet Handling for Intrusion Detection
Fast Content-Based Packet Handling for Intrusion Detection
Enhancing byte-level network intrusion detection signatures with context
Proceedings of the 10th ACM conference on Computer and communications security
Capacity verification for high speed network intrusion detection systems
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
A nonstationary traffic train model for fine scale inference from coarse scale counts
IEEE Journal on Selected Areas in Communications
Configurable string matching hardware for speeding up intrusion detection
ACM SIGARCH Computer Architecture News - Special issue: Workshop on architectural support for security and anti-virus (WASSA)
An Active Splitter Architecture for Intrusion Detection and Prevention
IEEE Transactions on Dependable and Secure Computing
Algorithms to accelerate multiple regular expressions matching for deep packet inspection
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Advanced algorithms for fast and scalable deep packet inspection
Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
A drawback of current anti-virus simulations: the need for background traffic
Proceedings of the 44th annual Southeast regional conference
Journal of Systems Architecture: the EUROMICRO Journal
Memory-efficient content filtering hardware for high-speed intrusion detection systems
Proceedings of the 2007 ACM symposium on Applied computing
Journal of Systems Architecture: the EUROMICRO Journal
Deterministic high-speed root-hashing automaton matching coprocessor for embedded network processor
ACM SIGARCH Computer Architecture News - Special issue on the 2006 reconfigurable and adaptive architecture workshop
Methodologies and frameworks for testing ids in adhoc networks
Proceedings of the 3rd ACM workshop on QoS and security for wireless and mobile networks
A user-oriented ontology-based approach for network intrusion detection
Computer Standards & Interfaces
Fast blocking of undesirable web pages on client PC by discriminating URL using neural networks
Expert Systems with Applications: An International Journal
Curing regular expressions matching algorithms from insomnia, amnesia, and acalculia
Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems
Hierarchical multi-pattern matching algorithm for network content inspection
Information Sciences: an International Journal
Gnort: High Performance Network Intrusion Detection Using Graphics Processors
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
A fast scalable automaton-matching accelerator for embedded content processors
ACM Transactions on Embedded Computing Systems (TECS)
A hardware platform for efficient worm outbreak detection
ACM Transactions on Design Automation of Electronic Systems (TODAES)
A Hybrid Parallel Signature Matching Model for Network Security Applications Using SIMD GPU
APPT '09 Proceedings of the 8th International Symposium on Advanced Parallel Processing Technologies
Analyze and improvement of BM algorithm
WiCOM'09 Proceedings of the 5th International Conference on Wireless communications, networking and mobile computing
Design of high-speed string matching based on servos' array
APPT'07 Proceedings of the 7th international conference on Advanced parallel processing technologies
High performance dictionary-based string matching for deep packet inspection
INFOCOM'10 Proceedings of the 29th conference on Information communications
Ultra-high throughput string matching for deep packet inspection
Proceedings of the Conference on Design, Automation and Test in Europe
On campus beta site: architecture designs, operational experience, and top product defects
IEEE Communications Magazine
A fast pattern matching algorithm with multi-byte search unit for high-speed network security
Computer Communications
Proposals on assessment environments for anomaly-based network intrusion detection systems
CRITIS'06 Proceedings of the First international conference on Critical Information Infrastructures Security
A high-throughput system architecture for deep packet filtering in network intrusion prevention
ARCS'06 Proceedings of the 19th international conference on Architecture of Computing Systems
Pattern matching acceleration for network intrusion detection systems
SAMOS'05 Proceedings of the 5th international conference on Embedded Computer Systems: architectures, Modeling, and Simulation
Real-time volume control for interactive network traffic replay
Computer Networks: The International Journal of Computer and Telecommunications Networking
| Hi-index | 0.00 |
While the use of network intrusion detection systems (nIDS) is becoming pervasive, evaluating nIDS performance has been found to be challenging. The goal of this study is to determine how to generate realistic workloads for nIDS performance evaluation. We develop a workload model that appears to provide reasonably accurate estimates compared to real workloads. The model attempts to emulate a traffic mix of different applications, reflecting characteristics of each application and the way these interact with the system. We have implemented this model as part of a traffic generator that can be extended and tuned to reflect the needs of different scenarios. We also present an approach to measuring the capacity of a nIDS that does not require the setup of a full network testbed.