Evaluation of Ids
Autor: nehapatil93 • December 29, 2015 • Essay • 364 Words (2 Pages) • 773 Views
Security requirements vary for different work environments.
Performance of an IDS can be optimized according to the requirements of the owner, the system and the environment
This evaluation is based on mainly two parameters
1. Detection rate 2. False alarm rate
Methodology
Two virtual machines :
1. CentOS 6.5 (victim) - SecurityOnion on CentOS 6.5 as the software providing the IDSs
2. Kali linux(attacker) - Pytbull on Kali linux as the attack tool.
Practical operation :
>Attacks launched from Pytbull
>Snort running in IDS mode on SecurityOnion
Result Analysis
The probability of false alarms(A) and true intrusions(1-B) calculated
ROC(Receiver Operating Characteristics) curve is plotted
The position of the curve in the graphical plane and shape of the curve and the area under the curve is observed.
Choice of preferred ROC curve depends on the operations environment – characterized by p and C.
The selection of the optimal operating point of an IDS is based on the cost of the point.
Therefore problem definition : selection of the correct values of parameters .
Performance parameters such as efficiency, accuracy, sensitivity can be derived from the
...