Em Busca de um Roteiro Experimental de Curta Duração para Avaliação de Sistemas de Detecção de Intrusão baseados em Rede
Abstract
Intrusion Detection Systems (IDSs) have become an essential component to improve security in networked environments. The increasing set of available IDSs has stimulated research projects that investigate means to assess them to find out their strengths and limitations (in order to improve the IDSs themselves) and to assist the security manager in selecting the product that best suits specific requirements. Current approaches to do that (a) require the accomplishment of complex procedures that take too much time to be executed, (b) do not provide any systematic way of executing them, and (c) some require specific knowledge of IDSs internal structure to be applied. In this paper we address these limitations by proposing a script to evaluate network-based IDSs regarding their detection capability, scalability and false positive rate. Two Intrusion Detection Systems, Snort and Firestorm, have been assessed to validate our approach.References
Alessandri, D. (2000). Using rule-based activity descriptions to evaluate intrusion-detection systems. In Third International Workshop on Recent Advances in Intrusion Detection (RAID), pages 183–196.
Barber, R. (2001). The evolution of intrusion detection systems the next step. Computer & Security, 20(2):132–145.
Firestorm (2001). Firestorm network intrusion detection system Homepage. http://www.scaramanga.co.uk/.
ISS (1999). Real Secure Systems Inc. Homepage. http://iss.net.
Lippmann, R., Haines, D., Fried, D. J., Das, K. J., e Korba, J. (1999). Evaluating intrusion detection systems: the 1999 darpa off-line intrusion detection evaluation. Computer Networks, 34(4):579–595.
NFR (2001). Network Flight Recorder, Inc. Homepage. http://www.nfr.com/.
Paxson, V. (1999). Bro: a system for detecting network intruders in real-time. Computer Networks, 31(2324):2435–2463.
Puketza, N., Chung, M., Olsson, R. A., e Mukherjee, B. (1997). A software plataform for testing intrusion detection systems. IEEE Software, 14(5):43–51.
Roesch, M. (1999). Snort lightweight intrusion detection for networks. In USENIX LISA Conference.
Barber, R. (2001). The evolution of intrusion detection systems the next step. Computer & Security, 20(2):132–145.
Firestorm (2001). Firestorm network intrusion detection system Homepage. http://www.scaramanga.co.uk/.
ISS (1999). Real Secure Systems Inc. Homepage. http://iss.net.
Lippmann, R., Haines, D., Fried, D. J., Das, K. J., e Korba, J. (1999). Evaluating intrusion detection systems: the 1999 darpa off-line intrusion detection evaluation. Computer Networks, 34(4):579–595.
NFR (2001). Network Flight Recorder, Inc. Homepage. http://www.nfr.com/.
Paxson, V. (1999). Bro: a system for detecting network intruders in real-time. Computer Networks, 31(2324):2435–2463.
Puketza, N., Chung, M., Olsson, R. A., e Mukherjee, B. (1997). A software plataform for testing intrusion detection systems. IEEE Software, 14(5):43–51.
Roesch, M. (1999). Snort lightweight intrusion detection for networks. In USENIX LISA Conference.
Published
2003-05-01
How to Cite
FAGUNDES, Leonardo Lemes; GASPARY, Luciano Paschoal.
Em Busca de um Roteiro Experimental de Curta Duração para Avaliação de Sistemas de Detecção de Intrusão baseados em Rede. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 3. , 2003, Natal.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2003
.
p. 104-111.
DOI: https://doi.org/10.5753/sbseg.2003.21256.
