Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation
作者: R.P. Lippmann , D.J. Fried , I. Graf , J.W. Haines , K.R. Kendall
DOI: 10.1109/DISCEX.2000.821506
关键词:
摘要: An intrusion detection evaluation test bed was developed which generated normal traffic similar to that on a government site containing 100's of users 1000's hosts. More than 300 instances 38 different automated attacks were launched against victim UNIX hosts in seven weeks training data and two data. Six research groups participated blind results analyzed for probe, denial-of-service (DoS) remote-to-local (R2L), user root (U2R) attacks. The best systems detected old included the data, at moderate rates ranging from 63% 93% false alarm rate 10 alarms per day. Detection much worse new novel R2L DoS only failed detect roughly half these damaging access root-level privileges by remote users. These suggest further should focus developing techniques find instead extending existing rule-based approaches.
computer.org
sci-hub.se 参考文章(18)
Peter G. Neumann, Phillip A. Porras, Experience with EMERALD to Date ID'99 Proceedings of the 1st conference on Workshop on Intrusion Detection and Network Monitoring - Volume 1. pp. 73- 80 ,(1999)
David J. Fried, Robert K. Cunningham, Richard Lippmann, Isaac Graf, Kris R. Kendall, Seth E. Webster, Marc A. Zissman, Results of the DARPA 1998 offline intrusion detection evaluation recent advances in intrusion detection. ,(1999)
James P. Egan, Signal detection theory and ROC analysis Academic Press. ,(1975)
R. Sekar, P. Uppuluri, Synthesizing fast intrusion prevention/detection systems from high-level specifications usenix security symposium. pp. 6- 6 ,(1999)
Mark Ordowski, Mark A. Przybocki, Alvin F. Martin, George R. Doddington, Terri Kamm, The DET Curve in Assessment of Detection Task Performance conference of the international speech communication association. ,(1997)
Aaron Schwartzbard, Michael Schatz, Anup K. Ghosh, Learning program behavior profiles for intrusion detection ID'99 Proceedings of the 1st conference on Workshop on Intrusion Detection and Network Monitoring - Volume 1. pp. 6- 6 ,(1999)
M. Bishop, S. Cheung, C. Wee, The threat from the net [Internet security] IEEE Spectrum. ,vol. 34, pp. 56- 63 ,(1997) , 10.1109/6.609475
J. A. Swets, The Relative Operating Characteristic in Psychology A technique for isolating effects of response bias finds wide use in the study of perception and cognition Science. ,vol. 182, pp. 990- 1000 ,(1973) , 10.1126/SCIENCE.182.4116.990
Robert J Tibshirani, Bradley Efron, An introduction to the bootstrap ,(1993)
Wenke Lee, Salvatore J. Stolfo, Kui W. Mok, Mining in a data-flow environment: experience in network intrusion detection knowledge discovery and data mining. pp. 114- 124 ,(1999) , 10.1145/312129.312212