Amelioration of Attack Classifications for Evaluating and Testing Intrusion Detection System

Problem statement: The problem of the computer attack system has rece ntly been much studied to improve the evaluation process of the In trusion Detection Systems (IDS). Approach: This study aimed at presenting the principal attacks cla ssifications; especially, the study of classificati on towards the evaluation for which we suggested some improvements that may allow the generation of a test cases selection about attacks by using the cla ssification tree method. Results: The results proposed evaluators to select relevant attack test cases by using the Classification Tree Method (CTM). Conclusion: By using the Classification Tree Method (CTM), to the new classification as it was obtained and by applying the CTE tool, we were able to generate some significant and reduced cases test compared to the classification toward the asse ssment which was studied by Gadelrab.

[1]  Richard Lippmann,et al.  Analysis and Results of the 1999 DARPA Off-Line Intrusion Detection Evaluation , 2000, Recent Advances in Intrusion Detection.

[2]  Kymie M. C. Tan,et al.  A defense-centric taxonomy based on attack manifestations , 2004, International Conference on Dependable Systems and Networks, 2004.

[3]  Ludovic Mé,et al.  ADeLe: An Attack Description Language for Knowledge-Based Intrusion Detection , 2001, SEC.

[4]  Eugene H. Spafford,et al.  A PATTERN MATCHING MODEL FOR MISUSE INTRUSION DETECTION , 1994 .

[5]  Ray Hunt,et al.  A taxonomy of network and computer attacks , 2005, Comput. Secur..

[6]  M. Bishop Vulnerabilities Analysis , 1967 .

[7]  Erland Jonsson,et al.  How to systematically classify computer security intrusions , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[8]  R.K. Cunningham,et al.  Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[9]  Dominique Alessandri,et al.  Using Rule-Based Activity Descriptions to Evaluate Intrusion-Detection Systems , 2000, Recent Advances in Intrusion Detection.

[10]  D. L. Lough,et al.  A taxonomy of computer attacks with applications to wireless networks , 2001 .

[11]  Kristopher Kendall,et al.  A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems , 1999 .

[12]  Gonzalo Navarro,et al.  Pattern Matching , 2008, Encyclopedia of Algorithms.

[13]  Giovanni Vigna,et al.  STATL: An Attack Language for State-Based Intrusion Detection , 2002, J. Comput. Secur..

[14]  Matthias Grochtmann,et al.  Test Case Design Using Classification Trees and the Classification-Tree Editor CTE , 1995 .

[15]  Frédéric Cuppens,et al.  LAMBDA: A Language to Model a Database for Detection of Attacks , 2000, Recent Advances in Intrusion Detection.

[16]  Glenford J. Myers,et al.  Art of Software Testing , 1979 .

[17]  Anas Abou El Kalam,et al.  Defining categories to select representative attack test-cases , 2007, QoP '07.

[18]  Dominique Alessandri,et al.  Attack-class-based analysis of intrusion detection systems , 2004 .