The 1998 Lincoln laboratory IDS evaluation a critique?

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 1907, Issue , 2000, Pages 145-161

  McHugh, John ^a  

^a CARNEGIE MELLON UNIVERSITY   (United States)

Author keywords

Evaluation; IDS; ROC analysis

Indexed keywords

NETWORK SECURITY;

COMPARATIVE EVALUATIONS; EVALUATION; INTRUSION DETECTION SYSTEMS; LINCOLN LABORATORY; ROC ANALYSIS; TEST DATA;

INTRUSION DETECTION;

EID: 84944239811     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/3-540-39945-3_10     Document Type: Conference Paper

References (16)

1. Stefan Axelsson. The base-rate fallacy and its implications for the difficulty of intrusion detection. In 6th ACM Conference on Computer and Communications Security, pages 1–7, 1999. 158
2. Steven M. Bellovin. Packets found on an internet. Computer Communications Review, 23(3):26–31, July 1993. 149
3. James P. Egan. Signal detection Theory and ROC Analysis. Academic Press, 1975. 156, 157, 159
4. Isaac Graf et al. Results of DARPA 1998 offline intrusion detection evaluation. Presentation at MIT Lincoln Laboratory PI Meeting available at http://ideval.ll.mit.edu/results-html-dir/, 15 December 1998. 147
5. D. A. James and S. J. Young. A fast lattice-based approach to vocabulary independent wordspotting. In IEEE International Conference on Acoustics, Speech and Signal Processing, pages 337–380, 1994. 159
6. Kristopher Kendall. A database of computer attacks for the evaluation of intrusion detection systems. BS/MS thesis, Massachusetts Institute of Technology, June 1999. 147, 150, 151, 155
7. Richard P. Lippmann, Eric I. Chang, and Charles R. Jankowski. Wordspotter training using figure-of-merit back propagation. In IEEE International Conference on Acoustics, Speech and Signal Processing, pages 385–388, 1994. 159
8. Richard P. Lippmann et al. MIT Lincoln Laboratory offline component of DARPA 1998 intrusion detection evaluation. Presentation at MIT Lincoln Laboratory PI Meeting available at http://ideval.ll.mit.edu/intro-html-dir/, 14 December 1998. 147
9. Richard P. Lippmann et al. Evaluating intrusion detection systems: The 1998 DARPA off-line intrusion detection evaluation. In DISCEX 2000. IEEE Computer Society Press, January 2000. 147, 148, 151, 156, 159, 160
10. Alvin Martin. Personal communications, January 2000. 159
11. Stephen L. Moshier. Personal communications, January 2000. 159
12. Vern Paxson. Bro: A system for detecting network intruders in real–time. Computer Networks, 31(23-24):2435–2463, December 1999. 149
13. Stacy J. Prowell, Carmen J. Trammell, Richard C. Linger, and Jesse H. Poore. Cleanroom Software Engineering: Technology and Process. Addison–Wesley, Reading, Mass., 1998. 146
14. John A. Swets. Measuring the accuracy of diagnostic systems. Science, 24(48):1285–1293, 3 June 1988. 156, 159
15. Daniel Weber. A taxonomy of computer intrusions. MS thesis, Massachusetts Institute of Technology, 1998. 153
16. Q. E. Whiting-O’Keefe, Curtis Henke, and Donald W. Simborg. Choosing the correct unit of analysis in medical care experiments. Medical Care, 22(12):1101–1114, December 1984. 155