The Community for Technology Leaders
2006 IEEE Symposium on Security and Privacy (S&P'06) (2006)
Berkeley/Oakland, CA
May 21, 2006 to May 24, 2006
ISSN: 1081-6011
ISBN: 0-7695-2574-1
pp: 15 pp.-77
A.A. Cardenas , Dept. of Electr. & Comput. Eng., Maryland Univ., College Park, MD, USA
J.S. Baras , Dept. of Electr. & Comput. Eng., Maryland Univ., College Park, MD, USA
K. Seamon , Dept. of Electr. & Comput. Eng., Maryland Univ., College Park, MD, USA
ABSTRACT
Classification accuracy in intrusion detection systems (IDSs) deals with such fundamental problems as how to compare two or more IDSs, how to evaluate the performance of an IDS, and how to determine the best configuration of the IDS. In an effort to analyze and solve these related problems, evaluation metrics such as the Bayesian detection rate, the expected cost, the sensitivity and the intrusion detection capability have been introduced. In this paper, we study the advantages and disadvantages of each of these performance metrics and analyze them in a unified framework. Additionally, we introduce the intrusion detection operating characteristic (IDOC) curves as a new IDS performance tradeoff which combines in an intuitive way the variables that are more relevant to the intrusion detection evaluation problem. We also introduce a formal framework for reasoning about the performance of an IDS and the proposed metrics against adaptive adversaries. We provide simulations and experimental results to illustrate the benefits of the proposed framework
INDEX TERMS
Intrusion detection, Costs, Measurement, Educational institutions, Bayesian methods, Performance analysis, Information technology, Information security, Detectors, Reverse engineering
CITATION

A. Cardenas, J. Baras and K. Seamon, "A framework for the evaluation of intrusion detection systems," 2006 IEEE Symposium on Security and Privacy (S&P'06)(SECPRI), Berkeley/Oakland, CA, 2009, pp. 15 pp.-77.
doi:10.1109/SP.2006.2
83 ms
(Ver 3.3 (11022016))