Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
NATE: Network Analysis of Anomalous Traffic Events, a low-cost approach
Proceedings of the 2001 workshop on New security paradigms
Network Intrusion Detection: An Analyst's Handbook
Network Intrusion Detection: An Analyst's Handbook
Practical automated detection of stealthy portscans
Journal of Computer Security
Analysis Techniques for Detecting Coordinated Attacks and Probes
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Internet intrusions: global characteristics and prevalence
SIGMETRICS '03 Proceedings of the 2003 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
A framework for malicious workload generation
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
On scalable attack detection in the network
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
On the difficulty of scalably detecting network attacks
Proceedings of the 11th ACM conference on Computer and communications security
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
International Journal of Communication Systems
Hi-index | 0.01 |
Various algorithms have been developed to identify different types of network intrusions, however there is no heuristic to confirm the accuracy of their results. The exact effectiveness of a network intrusion detection system's ability to identify malicious sources cannot be reported unless a concise measurement of performance is available. This paper addresses the need for an evaluation technique and proposes a comparison technique for current scan detection algorithms that can accurately measure the false positive rate and precision of identified scanners.