Cargando…
Evaluation of Intrusion Detection Systems
This paper presents a comprehensive method for evaluating intrusion detection systems (IDSs). It integrates and extends ROC (receiver operating characteristic) and cost analysis methods to provide an expected cost metric. Results are given for determining the optimal operation of an IDS based on thi...
| Autores principales: | , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
[Gaithersburg, MD]: U.S. Dept. of Commerce, National Institute of Standards and Technology
2003
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4844520/ https://www.ncbi.nlm.nih.gov/pubmed/27413623 http://dx.doi.org/10.6028/jres.108.040 |
| _version_ | 1782428789043625984 |
|---|---|
| author | Ulvila, Jacob W. Gaffney, John E. |
| author_facet | Ulvila, Jacob W. Gaffney, John E. |
| author_sort | Ulvila, Jacob W. |
| collection | PubMed |
| description | This paper presents a comprehensive method for evaluating intrusion detection systems (IDSs). It integrates and extends ROC (receiver operating characteristic) and cost analysis methods to provide an expected cost metric. Results are given for determining the optimal operation of an IDS based on this expected cost metric. Results are given for the operation of a single IDS and for a combination of two IDSs. The method is illustrated for: 1) determining the best operating point for a single and double IDS based on the costs of mistakes and the hostility of the operating environment as represented in the prior probability of intrusion and 2) evaluating single and double IDSs on the basis of expected cost. A method is also described for representing a compound IDS as an equivalent single IDS. Results are presented from the point of view of a system administrator, but they apply equally to designers of IDSs. |
| format | Online Article Text |
| id | pubmed-4844520 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2003 |
| publisher | [Gaithersburg, MD]: U.S. Dept. of Commerce, National Institute of Standards and Technology |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-48445202016-07-13 Evaluation of Intrusion Detection Systems Ulvila, Jacob W. Gaffney, John E. J Res Natl Inst Stand Technol Article This paper presents a comprehensive method for evaluating intrusion detection systems (IDSs). It integrates and extends ROC (receiver operating characteristic) and cost analysis methods to provide an expected cost metric. Results are given for determining the optimal operation of an IDS based on this expected cost metric. Results are given for the operation of a single IDS and for a combination of two IDSs. The method is illustrated for: 1) determining the best operating point for a single and double IDS based on the costs of mistakes and the hostility of the operating environment as represented in the prior probability of intrusion and 2) evaluating single and double IDSs on the basis of expected cost. A method is also described for representing a compound IDS as an equivalent single IDS. Results are presented from the point of view of a system administrator, but they apply equally to designers of IDSs. [Gaithersburg, MD]: U.S. Dept. of Commerce, National Institute of Standards and Technology 2003 2003-12-01 /pmc/articles/PMC4844520/ /pubmed/27413623 http://dx.doi.org/10.6028/jres.108.040 Text en https://creativecommons.org/publicdomain/zero/1.0/ The Journal of Research of the National Institute of Standards and Technology is a publication of the U.S. Government. The papers are in the public domain and are not subject to copyright in the United States. Articles from J Res may contain photographs or illustrations copyrighted by other commercial organizations or individuals that may not be used without obtaining prior approval from the holder of the copyright. |
| spellingShingle | Article Ulvila, Jacob W. Gaffney, John E. Evaluation of Intrusion Detection Systems |
| title | Evaluation of Intrusion Detection Systems |
| title_full | Evaluation of Intrusion Detection Systems |
| title_fullStr | Evaluation of Intrusion Detection Systems |
| title_full_unstemmed | Evaluation of Intrusion Detection Systems |
| title_short | Evaluation of Intrusion Detection Systems |
| title_sort | evaluation of intrusion detection systems |
| topic | Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4844520/ https://www.ncbi.nlm.nih.gov/pubmed/27413623 http://dx.doi.org/10.6028/jres.108.040 |
| work_keys_str_mv | AT ulvilajacobw evaluationofintrusiondetectionsystems AT gaffneyjohne evaluationofintrusiondetectionsystems |