Evaluation of Ids

Security requirements vary for different work environments.

Performance of an IDS can be optimized according to the requirements of the owner, the system and the environment

This evaluation is based on mainly two parameters

1. Detection rate 2. False alarm rate

Methodology

Two virtual machines :

1. CentOS 6.5 (victim) - SecurityOnion on CentOS 6.5 as the software providing the IDSs

2. Kali linux(attacker) - Pytbull on Kali linux as the attack tool.

Practical operation :

>Attacks launched from Pytbull

>Snort running in IDS mode on SecurityOnion

Result Analysis

The probability of false alarms(A) and true intrusions(1-B) calculated

ROC(Receiver Operating Characteristics) curve is plotted

The position of the curve in the graphical plane and shape of the curve and the area under the curve is observed.

Choice of preferred ROC curve depends on the operations environment – characterized by p and C.

The selection of the optimal operating point of an IDS is based on the cost of the point.

Therefore problem definition : selection of the correct values of parameters .

Performance parameters such as efficiency, accuracy, sensitivity can be derived from the