A Framework for the Evaluation of Intrusion Detection Systems

Berkeley/Oakland, California May 21-May 24

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/SP.2006.2

2006 IEEE Symposium on Security and P ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Alvaro A. C?ardenas Articles by John S. Baras Articles by Karl Seamon

	ASCII Text	x
	Alvaro A. C?ardenas, John S. Baras, Karl Seamon, "A Framework for the Evaluation of Intrusion Detection Systems," Security and Privacy, IEEE Symposium on, pp. 63-77, 2006 IEEE Symposium on Security and Privacy (S&P'06), 2006.

	BibTex	x
	@article{ 10.1109/SP.2006.2, author = {Alvaro A. C?ardenas and John S. Baras and Karl Seamon}, title = {A Framework for the Evaluation of Intrusion Detection Systems}, journal ={Security and Privacy, IEEE Symposium on}, volume = {0}, year = {2006}, issn = {1081-6011}, pages = {63-77}, doi = {http://doi.ieeecomputersociety.org/10.1109/SP.2006.2}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Security and Privacy, IEEE Symposium on TI - A Framework for the Evaluation of Intrusion Detection Systems SN - 1081-6011 SP63 EP77 A1 - Alvaro A. C?ardenas, A1 - John S. Baras, A1 - Karl Seamon, PY - 2006 KW - null VL - 0 JA - Security and Privacy, IEEE Symposium on ER -

Alvaro A. C?ardenas, University of Maryland

John S. Baras, University of Maryland

Karl Seamon, University of Maryland

Classification accuracy in intrusion detection systems (IDSs) deals with such fundamental problems as how to compare two or more IDSs, how to evaluate the performance of an IDS, and how to determine the best configuration of the IDS. In an effort to analyze and solve these related problems, evaluation metrics such as the Bayesian detection rate, the expected cost, the sensitivity and the intrusion detection capability have been introduced. In this paper, we study the advantages and disadvantages of each of these performance metrics and analyze them in a unified framework. Additionally, we introduce the intrusion detection operating characteristic (IDOC) curves as a new IDS performance tradeoff which combines in an intuitive way the variables that are more relevant to the intrusion detection evaluation problem. We also introduce a formal framework for reasoning about the performance of an IDS and the proposed metrics against adaptive adversaries. We provide simulations and experimental results to illustrate the benefits of the proposed framework.

Citation:

Alvaro A. C?ardenas, John S. Baras, Karl Seamon, "A Framework for the Evaluation of Intrusion Detection Systems," sp, pp.63-77, 2006 IEEE Symposium on Security and Privacy (S&P'06), 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.