Intrusion Detection Systems (IDSs) have become an essential component to improve security in networked environments. The increasing set of available IDSs has stimulated research projects that investigate means to assess them and to find out their strengths and limitations (in order to improve the IDSs themselves) and to assist the security manager in selecting the product that best suits specific requirements. Current approaches to do that (a) require the accomplishment of complex procedures that take too much time to be executed, (b) do not provide any systematic way of executing them, and (c) require, in general, specific knowledge of IDSs internal structure to be applied. In this paper we address these limitations by proposing a script to evaluate network-based IDSs regarding their detection capability, scalability and false positive rate. Two Intrusion Detection Systems, Snort and Firestorm, have been assessed to validate our approach.
[1]
Martin Roesch,et al.
Snort - Lightweight Intrusion Detection for Networks
,
1999
.
[2]
Richard Barber.
The Evolution of Intrusion Detection Systems The Next Step
,
2001,
Comput. Secur..
[3]
Vern Paxson,et al.
Bro: a system for detecting network intruders in real-time
,
1998,
Comput. Networks.
[4]
Biswanath Mukherjee,et al.
A Software Platform for Testing Intrusion Detection Systems
,
1997,
IEEE Softw..
[5]
R.K. Cunningham,et al.
Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation
,
2000,
Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.
[6]
Gianni Tedesco,et al.
Firestorm Network Intrusion Detection System
,
2003
.