A framework for the evaluation of intrusion detection systems

Proceedings - IEEE Symposium on Security and Privacy

Volumn 2006, Issue , 2006, Pages 63-77

  Cárdenas, Alvaro A ^a   Baras, John S ^a   Seamon, Karl ^a  

^a UNIVERSITY OF MARYLAND   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

EVALUATION METRICS; INTRUSION DETECTION OPERATING CHARACTERISTIC (IDOC); INTRUSION DETECTION SYSTEMS;

ADAPTIVE SYSTEMS; CLASSIFICATION (OF INFORMATION); COMPUTER SIMULATION; PROBLEM SOLVING;

SECURITY OF DATA;

EID: 33751035185     PISSN: 10816011     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SP.2006.2     Document Type: Conference Paper

References (36)

1. The MIT lincoln labs evaluation data set, DARPA intrusion detection evaluation. Available at http://www.ll.mit.edu/IST/idevayindex.html.
2. Software for empirical evaluation of IDSs. Available at http://www.cshcn.umd.edu/research/IDSanalyzer.
3. S. Axelsson. The base-rate fallacy and its implications for the difficulty of intrusion detection. In Proceedings of the 6th ACM Conference on Computer and Communications Security (CCS '99), pages 1-7, November 1999.
4. S. Buchegger and J.-Y. Le Boudec. Nodes bearing grudges: Towards routing security, fairness, and robustness in mobile ad hoc networks. In Proceedings of Tenth Euromicro PDF (Parallel, Distributed and Network-based Processing), pages 403 - 410, Gran Canaria, January 2002.
5. T. M. Cover and J. A. Thomas. Elements of Information Theory. John Wiley & Sons, Inc, 1991.
6. G. Di Crescenzo, A. Ghosh, and R. Talpade. Towards a theory of intrusion detection. In ESORICS 2005, 10th European Symposium on Research in Computer Security, pages 267-286, Milan, Italy, September 12-14 2005. Lecture Notes in Computer Science 3679 Springer.
7. E. Eskin, A. Arnold, M. Prerau, L. Portnoy, and S. Stolfo. A geometric framework for unsupervised anomaly detection: Detecting intrusions in unlabeled data. In D. Barbara and S. Jajodia, editors, Data Mining for Security Applications. Kluwer, 2002.
8. S. Forrest, S. Hofmeyr, A. Somayaji, and T. A. Longstaff. A sense of self for unix processes. In Proceedigns of the 1996 IEEE Symposium on Security & Privacy, pages 120-12, Oakland, CA, USA, 1996. IEEE Computer Society Press.
9. J. E. Gaffney and J. W. Ulvila. Evaluation of intrusion detectors: A decision theory approach. In Proceedings of the 2001 IEEE Symposium on Security and Privacy, pages 50-61, Oakland, CA, USA, 2001.
10. G. Gu, P. Fogla, D. Dagon, W. Lee, and B. Skoric. Measuring intrusion detection capability: An information-theoretic approach. In Proceedings of ACM Symposium on InformAtion, Computer and Communications Security (ASIACCS '06), Taipei, Taiwan, March 2006.
11. H. Handley, C. Kreibich, and V. Paxson. Network intrusion detection: Evasion, traffic normalization, and end-to-end protocol semantics. In 10th USENIX Security Symposium, 2001.
12. J. Jung, V. Paxson, A. Berger, and H. Balakrishnan. Fast portscan detection using sequential hypothesis testing. In IEEE Symposium on Security & Privacy, pages 211-225, Oakland, CA, USA, 2004.
13. C. Kruegel, E. Kirda, D. Mutz, W. Robertson, and G. Vigna. Automating mimicry attacks using static binary analysis. In Proceedings of the 2005 USENIX Security Symposium, pages 161-176, Baltimore, MD, August 2005.
14. C. Kruegel, D. Mutz, W. Robertson, and F. Valeur. Bayesian event classification for intrusion detection. In Proceedings of the 19th Annual Computer Security Applications Conference (ACSAC), pages 14-24, December 2003.
15. C. Kruegel, D. Mutz, W. Robertson, G. Vigna, and R. Kernmerer. Reverse Engineering of Network Signatures. In Proceedings of the AusCERT Asia Pacific Information Technology Security Conference, Gold Coast, Australia, May 2005.
16. W. Lee and S. J. Stolfo. Data mining approaches for intrusion detection. In Proceedings of the 7th USENIX Security Symposium, 1998.
17. W. Lee, S. J. Stolfo, and K. Mok. A data mining framework for building intrusion detection models. In Proceedings of the IEEE Symposium on Security & Privacy, pages 120-132, Oakland, CA, USA, 1999.
18. R. P. Lippmann, D. J. Fried, I. Graf, J. W. Haines, K. R. Kendall, D. McClung, D. Weber, S. E. Webster, D. Wyschogrod, R. K. Cunningham, and M. A. Zissman. Evaluating intrusion detection systems: The 1998 DARPA off-line intrusion detection evaluation. In DARPA Information Survivability Conference and Exposition, volume 2, pages 12-26, January 2000.
19. D. J. Marchette. A statistical method for profiling network traffic. In USENIX Workshop on Intrusion Detection and Network Monitoring, pages 119-128, 1999.
20. S. Marti, T. J. Giuli, K. Lai, and M. Baker. Mitigating routing misbehavior in mobile ad hoc networks. In Proceedings of the 6th annual international conference on Mobile computing and networking, pages 255-265. ACM Press, 2000.
21. A. Martin, G. Doddington, T. Kamm, M. Ordowski, and M. Przybocki. The DET curve in assessment of detection task performance. In Proceedings of the 5th European Conference on Speech Communication and Technology (Eurospeech'97), pages 1895-1898, Rhodes, Greece, 1997.
22. J. McHugh. Testing intrusion detection systems: A critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by the Lincoln laboratory. ACM Transactions on Information and System Security (TISSEC), 3(4):262-294, November 2000.
23. H. V. Poor. An Introduction to Signal Detection and Estimation. Springer-Verlag, 2nd edition edition, 1988.
24. F. Provost and T. Fawcett. Robust classification for imprecise environments. Machine Learning, 42(3):203-231, March 2001.
25. T. H. Ptacek and T. N. Newsham. Insertion, evasion and denial of service: Eluding network intrusion detection. Technical report, Secure Networks, Inc., January 1998.
26. M. Schonlau, W. DuMouchel, W.-H. Ju, A. F. Karr, M. Theus, and Y. Vardi. Computer intrusion: Detecting masquerades. Technical Report 95, National Institute of Statistical Sciences, 1999.
27. U. Shankar and V. Paxson. Active mapping: Resisting NIDS evasion without altering traffic. In Proceedings of the 2003 IEEE Symposium on Security & Privacy, pages 44-61, Oakland, CA, USA, 2003.
28. S. Stolfo, W. Fan, W. Lee, A. Prodromidis, and P. Chan. Cost-based modeling for fraud and intrusion detection: Results from the JAM project. In Proceedings of the 2000 DARPA Information Survivability Conference and Exposition, pages 130-144, January 2000.
29. K. Tan, K. Killourchy, and R. Maxion. Undermining an anomaly-based intrusion detection system using common exploits. In Proceeedings of the 5th International Symposium on Recent Advances in Intrusion Detection (RAID 2002), pages 54-73, Zurich, Switzerland, October 2002.
30. K. Tan, J. McHugh, and K. Killourhy. Hiding intrusions: From the abnormal to the normal and beyond. In Information Hiding: 5th International Workshop, pages 1-17, Noordwijkerhout, The Netherlands, October 2002.
31. H. L. Van Trees. Detection, Estimation and Modulation Theory, Part I. Wiley, New York, 1968.
32. G. Vigna, S. Gwalani, K. Srinivasan, E. Belding-Royer, and R. Kemmerer. An Intrusion Detection Tool for AODV-based Ad Hoc Wireless Networks. In Proceedings of the Annual Computer Security Applications Conference (ACSAC), pages 16-27, Tucson, AZ, December 2004.
33. G. Vigna, W. Robertson, and D. Balzarotti. Testing Network-based Intrusion Detection Signatures Using Mutant Exploits. In Proceedings of the ACM Conference on Computer and Communication Security (ACM CCS), pages 21-30, Washington, DC, October 2004.
34. D. Wagner and P. Soto. Mimicry attacks on host-based intrusion detection systems. In Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS), pages 255-264, Washington D.C., USA, 2002.
35. C. Warrender, S. Forrest, and B. Pearlmutter. Detecting intrusions using system calls: Alternative data models. In Proceedings of the 1999 IEEE Symposium on Security & Privacy, pages 133-145, Oakland, CA, USA, May 1999.
36. Y. Zhang, W. Lee, and Y. Huang. Intrusion detection techniques for mobile wireless networks. ACM/Kluwer Mobile Networks and Applications (MONET), 9(5):545-556, September 2003.