Principled reasoning and practical applications of alert fusion in intrusion detection systems
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Journal of Computer Security - Special Issue on Security of Ad-hoc and Sensor Networks
An Analytic Framework for Modeling and Detecting Access Layer Misbehavior in Wireless Networks
ACM Transactions on Information and System Security (TISSEC)
On the Limits of Payload-Oblivious Network Attack Detection
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Proceedings of the 3rd International Conference on Performance Evaluation Methodologies and Tools
Evaluation of detection algorithms for MAC layer misbehavior: theory and experiments
IEEE/ACM Transactions on Networking (TON)
B-ROC curves for the assessment of classifiers over imbalanced data sets
AAAI'06 proceedings of the 21st national conference on Artificial intelligence - Volume 2
ACM Transactions on Autonomous and Adaptive Systems (TAAS)
A detailed analysis of the KDD CUP 99 data set
CISDA'09 Proceedings of the Second IEEE international conference on Computational intelligence for security and defense applications
PAID: packet analysis for anomaly intrusion detection
PAKDD'08 Proceedings of the 12th Pacific-Asia conference on Advances in knowledge discovery and data mining
CSET'09 Proceedings of the 2nd conference on Cyber security experimentation and test
Toward credible evaluation of anomaly-based intrusion-detection methods
IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews
Towards an information-theoretic framework for analyzing intrusion detection systems
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
A self-tuning self-optimizing approach for automated network anomaly detection systems
Proceedings of the 9th international conference on Autonomic computing
Performance analysis of wireless intrusion detection systems
IDCS'12 Proceedings of the 5th international conference on Internet and Distributed Computing Systems
A Recovery-Oriented Approach for Software Fault Diagnosis in Complex Critical Systems
International Journal of Adaptive, Resilient and Autonomic Systems
Automated Anomaly Detector Adaptation using Adaptive Threshold Tuning
ACM Transactions on Information and System Security (TISSEC)
Towards cost-sensitive assessment of intrusion response selection
Journal of Computer Security
Hi-index | 0.00 |
Classification accuracy in intrusion detection systems (IDSs) deals with such fundamental problems as how to compare two or more IDSs, how to evaluate the performance of an IDS, and how to determine the best configuration of the IDS. In an effort to analyze and solve these related problems, evaluation metrics such as the Bayesian detection rate, the expected cost, the sensitivity and the intrusion detection capability have been introduced. In this paper, we study the advantages and disadvantages of each of these performance metrics and analyze them in a unified framework. Additionally, we introduce the intrusion detection operating characteristic (IDOC) curves as a new IDS performance tradeoff which combines in an intuitive way the variables that are more relevant to the intrusion detection evaluation problem. We also introduce a formal framework for reasoning about the performance of an IDS and the proposed metrics against adaptive adversaries. We provide simulations and experimental results to illustrate the benefits of the proposed framework.