论文信息 - An Assessment of the DARPA IDS Evaluation Dataset Using Snort S Terry Brugger

An Assessment of the DARPA IDS Evaluation Dataset Using Snort S Terry Brugger

One of the many criticisms of the DARPA IDS evaluation is that it did not evaluate traditional, signature based, off-the-shelf intrusion detection systems. We performed such an evaluation on the 1998 dataset using Snort to determine the usefulness of the DARPA dataset, and found that overall detection performance was low and false positive rates were unacceptable. We present these results in greater depth, which indicate that the dataset does consist primarily of attacks that are difficult for signature based detectors to find; however, we find no support that the false positive rate

J. Chow

[1] Robert K. Cunningham,et al. Improving Intrusion Detection Performance using Keyword Selection and Neural Networks , 2000, Recent Advances in Intrusion Detection.

[2] John McHugh,et al. Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.

[3] R.K. Cunningham,et al. Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[4] Richard Lippmann,et al. The 1999 DARPA off-line intrusion detection evaluation , 2000, Comput. Networks.

[5] Philip K. Chan,et al. An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection , 2003, RAID.