Modeling and Implementation Approach to Evaluate the Intrusion Detection System
Intrusions detection systems (IDSs) are systems that try to detect attacks as they occur or when they were over. Research in this area had two objectives: first, reducing the impact of attacks; and secondly the evaluation of the system IDS. Indeed, in one hand the IDSs collect network traffic information from some sources present in the network or the computer system and then use these data to enhance the systems safety. In the other hand, the evaluation of IDS is a critical task. In fact, its important to note the difference between evaluating the effectiveness of an entire system and evaluating the characteristics of the system components. In this paper, we present an approach for IDS evaluating based on measuring the performance of its components. First of all, in order to implement the IDS SNORT components safely we have proposed a hardware platform based on embedded systems. Then we have tested it by using a generator of traffics and attacks based on Linux KALI (Backtrack) and Metasploite 3 Framework. The obtained results show that the IDS performance is closely related to the characteristics of these components.
KeywordsEvaluation IDS Performance Embedded system Field-Programmable Gate Array (FPGA) Pattern matching SNORT Linux KALI Metasploite 3 framework LAN traffic generator
- 2.Mell, P., Hu, V., Lippmann, R., Haines, J., Zissman, M.: An overview of issues in testing intrusion detection systems. Technical report, National Institute of Standard and Technology (2003)Google Scholar
- 3.Akhlaq, M., Alserhani, F., Awan, I., Mellor, J., Cullen, A.J., Al-Dhelaan, A.: Implementation and evaluation of network intrusion detection systems. In: Kouvatsos, D.D. (ed.) Next Generation Internet: Performance Evaluation and Applications. LNCS, vol. 5233, pp. 988–1016. Springer, Heidelberg (2011) CrossRefGoogle Scholar
- 4.Saber, M., Emharref, M., Bouchentouf, T., Benazzi, A.: Platform based on an embedded system to evaluate the intrusion detection system. In: IEEE Xplore Digital Library. pp. 894–899 (2012) doi: 10.1109/ICMCS.2012.6320253
- 5.Albin, E.; Rowe, N.C.: A realistic experimental comparison of the suricata and SNORT intrusion-detection systems. In: 2012 26th International Conference on Advanced Information Networking and Applications Workshops (WAINA), pp. 122–127, 26–29 March 2012. doi: 10.1109/WAINA.2012.29
- 6.Wang, X., Kordas, A., Hu, L., Gaedke, M., Smith, D.: Administrative evaluation of intrusion detection system. In: Proceedings of the 2nd Annual Conference on Research in Information Technology (RIIT 2013) pp. 47–52. ACM, New York, USA (2013) doi: 10.1145/2512209.2512216