Evaluating intrusion detection systems: The 1998 DARPA off-line intrusion detection evaluation

Proceedings - DARPA Information Survivability Conference and Exposition, DISCEX 2000

Volumn 2, Issue , 2000, Pages 12-26

  Lippmann, R P ^a   Fried, D J ^a   Graf, I ^a   Haines, J W ^a   Kendall, K R ^a   McClung, D ^a   Weber, D ^a   Webster, S E ^a   Wyschogrod, D ^a   Cunningham, R K ^a   Zissman, M A ^a  

^a MIT LINCOLN LABORATORY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ALARM SYSTEMS; COMPUTER CRIME; DENIAL-OF-SERVICE ATTACK; ERRORS; MERCURY (METAL); TELECOMMUNICATION NETWORKS;

AUTOMATED ATTACKS; BLIND EVALUATIONS; DENIAL OF SERVICE; DETECTION RATES; FALSE ALARM RATE; INTRUSION DETECTION SYSTEMS; RESEARCH GROUPS; RULE-BASED APPROACH;

INTRUSION DETECTION;

EID: 84962260018     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/DISCEX.2000.821506     Document Type: Conference Paper

References (23)

1. M. Bishop, S. Cheung, et al., "The Threat from the Net", IEEE Spectrum, 38(8), 1997.
2. J. Mariani, "Evaluation", In R.A. Cole, J. Mariani, H. Uszkoriet, A. Zaenen, and V. Zue (eds.), Survey of the State of the Art in Human Language Technology, Cambridge University Press, 1997.
3. N. Puketza, K. Zhang, M. Chung, B. Mukherjee, and R. A. Olsson, "A methodology for testing intrusion detection systems," IEEE Transactions on Software Engineering, 22, 1996, pp. 719-729.
4. C. Ko, G. Fink, and K. Levitt, "Execution Monitoring of Security-critical Programs in Distributed Systems: A Specification-based Approach," in Proceedings of the 1997 IEEE Symposium on Security and Privacy, 1997, pp. 134-144.
5. G. Shipley, "ISS RealSecure Pushes Past Newer IDS Players", Network Computing, 17 May 1999, http://www.networkcomputing.com/1010/1010r1.html.
6. DARPA, The Information Survivability Program is described in http://www.darpa.mil/ito/research/is and the Information Assurance Program is described in http://www.darpa.mil/iso/ia/, Sept. 1999.
7. John A. Swets, "The Relative Operating Characteristic in Psychology", Science, 182, 1973, pp. 990-1000.
8. James P. Egan, Signal detection theory and ROC-analysis, Academic Press, 1975.
9. A. Martin, G. Doddington, T. Kamm, M. Ordowski, and M. Przybocki, "The DET Curve in Assessment of Detection Task Performance", in Proceedings EuroSpeech 4, 1998, pp. 1895-1898.
10. R. P. Lippmann, and David M. Shahian, "Coronary Artery Bypass Risk Prediction Using Neural Networks," Annals of Thoracic Surgery, 63, 1997, pp. 1635-1643.
11. R. Durst, T. Champion, B. Witten, E. Miller and L. Spagnuolo, "Testing and evaluating computer intrusion detection systems", Communications of the ACM, 42(7), 1999, pp. 53-61.
12. K. Kendall, "A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems", S.M. Thesis, MIT Department of Electrical Engineering and Computer Science, June 1999.
13. W. Lee, S.J. Stolfo, K. Mok, "Mining in a Data-flow Environment: Experience in Network Intrusion Detection", in Proceedings 5th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining (KDD '99), San Diego, CA, August 1999, http://www.cs.columbia.edu/~sal/JAM/PROJECT/.
14. G. Vigna and R. Kemmerer, "NetSTAT: A network-based intrusion detection approach", in Proceedings of the 14th Annual Computer Security Applications Conference, Scottsdale, Arizona, December 1998, http://www.cs.ucsb.edu/~kemm/netstat.html/.
15. P. Neumann and P. Porras, "Experience with EMERALD to DATE", in Proceedings 1st USENIX Workshop on Intrusion Detection and Network Monitoring, Santa Clara, California, April 1999, pp. 73-80, http://www.csl.sri.com/neumann/det99.html/.
16. th Usenix Security Symposium, Washington DC, Aug. 1999, http://rcs-sgi.cs.iastate.edu/sekar/abs/usenixsec99.htm/.
17. D. Moran, W. M. Tyson, "DERBI: Diagnosis, Explanation and Recovery from computer Break-Ins" project described in http://www.ai.sri.com/~derbi/, Sept. 1999.
18. st USENIX Workshop on Intrusion Detection and Network Monitoring, Santa Clara, California, April 1999, http://www.rstcorp.com/~anup/.
19. Cisco Systems, Inc., "NetRanger Intrusion Detection System Technical Overview",http://www.cisco.com/warp/public/778/security/netranger/ntran-tc.htm/, Sept. 1999.
20. Lawrence Livermore National Laboratory, "Network Intrusion Detector (NID) Overview," Computer Security Technology Center, http://ciac.llnl.gov/cstc/nid/intro.html/, Sept. 1999.
21. B. Efron and R. J. Tibshirani, Introduction to the Bootstrap, Chapman & Hall, 1993.
22. nd International Workshop on Recent Advances in Intrusion Detection (RAID 99), West Lafayette, Indiana, Sept 1999.
23. nd International Workshop on Recent Advances in Intrusion Detection (RAID 99), West Lafayette, Indiana, Sept.1999.