Shin Geun Yoo, Nam Hoon Lee, Young Chul Shim

The Transactions of the Korea Information Processing Society (1994 ~ 2000), Vol. 7, No. 11, pp. 3445-3461, Nov. 2000
10.3745/KIPSTE.2000.7.11.3445,   PDF Download:

Abstract

Although many different intrusion detection systems have been developed, there have not been enough researches on the methodology for evaluating these intrusion detection systems. With this understanding, in this paper we present a methodology for evaluating intrusion detection systems from the viewpoint of performance and robustness, both of which are considered the most important criteria. Current research on evaluating the performance of intrusion detection systems mostly focus on the misuse detection but not on the anomaly detection. Regarding evaluating robustness, it is not easy to apply off-line methodologies and methods for testing robustness have not been proposed in on-line methodologies. In this paper we provide a systematic way of classifying and generating anomalies and, using this result, present a methodology for evaluating the performance of intrusion detection systems in detecting anomalies as well as misuses. Moreover, we study the factors that can damage the robustness of intrusion detection systems and suggest a methodology for assessing the robustness of intrusion detection systems.

Statistics
Cite this article