Issue No. 10 - October (1996 vol. 22)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/32.544350
<p><b>Abstract</b>—Intrusion Detection Systems (IDSs) attempt to identify unauthorized use, misuse, and abuse of computer systems. In response to the growth in the use and development of IDSs, we have developed a methodology for testing IDSs. The methodology consists of techniques from the field of software testing which we have adapted for the specific purpose of testing IDSs. In this paper, we identify a set of general IDS performance objectives which is the basis for the methodology. We present the details of the methodology, including strategies for test-case selection and specific testing procedures. We include quantitative results from testing experiments on the Network Security Monitor (NSM), an IDS developed at UC Davis. We present an overview of the software platform that we have used to create user-simulation scripts for testing experiments. The platform consists of the UNIX tool expect and enhancements that we have developed, including mechanisms for concurrent scripts and a record-and-replay feature. We also provide background information on intrusions and IDSs to motivate our work.</p>
Intrusion detection, software testing, computer security, computer user simulation
N. J. Puketza, R. A. Olsson, B. Mukherjee, M. Chung and K. Zhang, "A Methodology for Testing Intrusion Detection Systems," in IEEE Transactions on Software Engineering, vol. 22, no. , pp. 719-729, 1996.