A framework for the evaluation of intrusion detection systems

Author

Cárdenas, Alvaro A. ; Baras, John S. ; Seamon, Karl

Author_Institution

Dept. of Electr. & Comput. Eng., Maryland Univ., College Park, MD

fYear

2006

fDate

21-24 May 2006

Lastpage

77

Abstract

Classification accuracy in intrusion detection systems (IDSs) deals with such fundamental problems as how to compare two or more IDSs, how to evaluate the performance of an IDS, and how to determine the best configuration of the IDS. In an effort to analyze and solve these related problems, evaluation metrics such as the Bayesian detection rate, the expected cost, the sensitivity and the intrusion detection capability have been introduced. In this paper, we study the advantages and disadvantages of each of these performance metrics and analyze them in a unified framework. Additionally, we introduce the intrusion detection operating characteristic (IDOC) curves as a new IDS performance tradeoff which combines in an intuitive way the variables that are more relevant to the intrusion detection evaluation problem. We also introduce a formal framework for reasoning about the performance of an IDS and the proposed metrics against adaptive adversaries. We provide simulations and experimental results to illustrate the benefits of the proposed framework

Keywords

security of data; software metrics; software performance evaluation; Bayesian detection rate; formal framework; intrusion detection operating characteristic curves; intrusion detection system evaluation; performance evaluation metrics; Bayesian methods; Costs; Detectors; Educational institutions; Information security; Information technology; Intrusion detection; Measurement; Performance analysis; Reverse engineering;

fLanguage

English

Publisher

ieee

Conference_Titel

Security and Privacy, 2006 IEEE Symposium on

Conference_Location

Berkeley/Oakland, CA

ISSN

1081-6011

Print_ISBN

0-7695-2574-1

Type

conf

DOI

10.1109/SP.2006.2

Filename

1624001