Evaluation of intrusion detection systems

Journal of Research of the National Institute of Standards and Technology

Volumn 108, Issue 6, 2003, Pages 453-473

  Ulvila, Jacob W ^a   Gaffney Jr , John E ^b  

^a Decision Science Associates Inc   (United States)

^b LOCKHEED MARTIN   (United States)

Author keywords

Bayesian statistics; Computer security; Decision analysis; Intrusion detection; Receiver operating characteristic (ROC); Software evaluation

Indexed keywords

COST ACCOUNTING; DECISION THEORY; INTEGRATION; PROBABILITY; SECURITY OF DATA; SOFTWARE ENGINEERING; STATISTICAL METHODS;

BAYESIAN STATISTICS; INTRUSION DETECTION; RECEIVER OPERATING CHARACTERISTICS; SOFTWARE EVALUATION;

DEMODULATION;

EID: 2942631300     PISSN: 1044677X     EISSN: None     Source Type: Journal    
DOI: 10.6028/jres.108.040     Document Type: Article

References (17)

1. R. Durst, T. Champion, B. Witten, E. Miller, and L. Spagnuolo, Testing and evaluating computer intrusion detection systems, Commun. ACM 42 (7), 53-61 (1999).
2. J. McHugh, Testing intrusion detection systems, ACM Trans. Inform. Syst. Secur. 3 (4), 262-294 (2000).
3. R. Lippmann, D. Fried, I. Graf, J. Haines, K. Kendall, D. McClung, D. Weber, S. Webster, D. Wyschogrod, R. Cunningham, and M. Zissman, Evaluating intrusion detection systems: The 1998 DARPA off-line intrusion detection evaluation, Proceedings of DISCEX 2000, IEEE Computer Society, Los Alamitos, CA (1999).
4. S. Stolfo, W. Fan, W. Lee, A. Prodromidis, and P. Chan, Cost-based modeling for fraud and intrusion detection: Results from the JAM project, Proceedings of DISCEX 2000, IEEE Computer Society, Los Alamitos, CA (1999).
5. J. McHugh, A. Christie, and J. Allen, Defending yourself: the role of intrusion detection systems, IEEE Software 17 (5), 42-51 (2000).
6. S. Axelsson, The base-rate fallacy and the difficulty of intrusion detection, ACM Trans. Inform. Syst. Secur. 3 (3), 186-205 (2000).
7. O. S. Saydjari, Designing a metric for effect, Presented at DARPA: IDS Evaluation Re-think Meeting, Lake Geneva, WI, 23-24 May 2000.
8. I. Graf, R. Lippmann, R. Cunningham, D. Fried, K. Kendall, S. Webster, and M. Zissman, Results of DARPA 1998 off-line intrusion detection evaluation, Presented at DARPA PI Meeting, Cambridge, MA, 15 December 1998.
9. P. Neumann and P. Porras, Experience with EMERALD to date, 1st USENIX Workshop on Intrusion Detection and Network Monitoring, Santa Clara, CA, 11-12 April 1999, pp. 73-80.
10. W. Lee and S. Stolfo, A framework for constructing features and models for intrusion detection systems, ACM Trans. Inform. Syst. Secur. 3 (4), 227-261 (2000).
11. J. Gaffney, and J. Ulvila, Evaluation of intrusion detectors: A decision theory approach, Proceedings of the 2001 IEEE Symposium on Security and Privacy, IEEE Computer Society, Los Alamitos, CA (2001) pp. 50-61.
12. Computer Security Institute, CSI/FBI Computer crime and security survey, www.gocsi.com/fbi_survey.htm (2002).
13. J. Pratt, H. Raiffa, and R. Schlaifer, Introduction to statistical decision theory, MIT Press, Cambridge, MA (1995).
14. S. Kent, On the trail of intrusions into information systems, IEEE Spectrum 37 (12), 52-56 (2000).
15. F. Provost and T. Fawcett, Robust classification for imprecise environments, Machine Learning J. 42 (3), 203-231 (2001).
16. D. Wagner and D. Dean, Intrusion detection via static analysis, Proceedings of the 2001 IEEE Symposium on Security and Privacy, IEEE Computer Society, Los Alamitos, CA (2001) pp. 156-168.
17. C. Cowan, P. Wagle, C. Pu, S. Beattie, and J. Walpole, Buffer overflows: Attacks and defenses for the vulnerability of the decade, Proceedings of DISCEX 2000, IEEE Computer Society, Los Alamitos, CA (1999) pp. 154-163.