Title :
One Size Fits None: The Importance of Detector Parameterization
Author :
Bodorik, Natasha ; Zincir-Heywood, A. Nur
Author_Institution :
Fac. of Comput. Sci., Dalhousie Univ., Halifax, NS, Canada
Abstract :
The parameterization of an administrator´s intrusion detection system (IDS) is as crucial as the IDS itself. The difference between sufficient and insufficient parameterization can be the difference between a detected and undetected attack. This work focuses on identifying a methodical process for IDS parameterization. Such a process provides administrators of intrusion detection systems with the knowhow of selecting suitable parameters for the effective operation of their detector. The process stresses the importance of altering parameters for individual applications. Parameterization experiments are employed on two different open source IDSs, namely Stide and pH, and tested against three real world vulnerabilities. The results show the interesting trends that are observed during the experiments.
Keywords :
public domain software; security of data; IDS parameterization; Stide IDS; administrator intrusion detection system; detected attack; open source IDS; pH IDS; security vulnerability; undetected attack; Availability; Computer science; Computer security; Databases; Detectors; Intrusion detection; Monitoring; Protection; Stress; Testing;
Conference_Titel :
Availability, Reliability, and Security, 2010. ARES '10 International Conference on
Conference_Location :
Krakow
Print_ISBN :
978-1-4244-5879-0
DOI :
10.1109/ARES.2010.41
