Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Critical Information Infrastructures Security

CRITIS 2006: Critical Information Infrastructures Security pp 210–221Cite as

Proposals on Assessment Environments for Anomaly-Based Network Intrusion Detection Systems

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNCCN,volume 4347)

Abstract

One of the key challenges that researchers should face when proposing a new intrusion detection approach (IDS) is that of demonstrating its general validity. This fact goes necessarily through the disposal of a real set of intrusion (as well as non-intrusion) related events, from which to compare and thus validate the performance of the novel proposed techniques. However, this a priori simple issue is far to be obvious because of the lack of a commonly accepted assessment methodology. In this line, the authors discuss a set of basic requirements that an intrusion-oriented framework should fulfill in order to deal with the normalization of the evaluation process in IDS environments. In its current preliminary state, the work is mainly focused to analyze, specify and manage traffic databases for developing and validating NIDS.

Keywords

  • Network security
  • Intrusion event
  • IDS
  • Assessment

This is a preview of subscription content, access via your institution.

Chapter
USD   29.95
Price excludes VAT (Canada)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (Canada)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (Canada)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bologna, S., Setola, R.: The need to improve local self-awareness in CIP/CIIP. In: Proceedings of the First International Workshop on Critical Infrastructure Protection (IWCIP) (2005)

    Google Scholar 

  2. Lopez, J., Montenegro, J.A., Roman, R.: Service-Oriented Security Architecture for CII based on Sensor Networks. In: Proceedings of the Second International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing (SecPerU) (2006)

    Google Scholar 

  3. CERT coordination Center statistics (2006), http://www.cert.org/stats/cert_stats.html

  4. Anderson, J.: Computer security threat monitoring and surveillance. Technical report - Fort Washington (1980)

    Google Scholar 

  5. Axelsson, S.: Intrusion Detection Systems: A Survey and Taxonomy. Technical Report 99-15, Depart. of Computer Engineering, Chalmers University (March 2000)

    Google Scholar 

  6. Kabiri, P., Ghorbani, A.: Research on Intrusion detection and response: A survey. International Journal on Network Security 1(2), 84–102 (2005)

    Google Scholar 

  7. Porras, A., Valdes, A.: Live traffic analysis of tcp/ip gateways. In: Proc. ISOC Symp. on Network and Distributed Systems Security (NDSS), San Diego, CA. Internet society (1998)

    Google Scholar 

  8. Estevez-tapiador, J.M.: Detección de intrusiones en redes basadas en anomalías mediante técnicas de modelado de protocolos. PhD Thesis University of Granada (2004)

    Google Scholar 

  9. McHugh, J.: The 1998 Lincoln Laboratory IDS Evaluation. In: Debar, H., Mé, L., Wu, S.F. (eds.) RAID 2000. LNCS, vol. 1907, pp. 145–161. Springer, Heidelberg (2000)

    CrossRef  Google Scholar 

  10. Athanasiades, N., Abler, R., Levine, J., Owen, H., Riley, G.: Intrusion detection testing and benchmarking methodologies. In: Proceedings 1st IEEE International Workshop on Information Assurance (IWIA), pp. 63–72. IEEE Computer society Press, Los Alamitos (2003)

    CrossRef  Google Scholar 

  11. Pukenza, N., Zhang, K., Chung, M., Mukherjee, B., Olsson, R.: A methodology for testing intrusion detection systems. IEEE Software 14(5), 43–51 (1997)

    CrossRef  Google Scholar 

  12. Lippmann, R., Haines, J., Fried, D., Korba, J., Das, K.: Analysis and results of the 1999 DARPA off-Line Intrusion Detection Evaluation. Computer Network 34(4), 579–595 (2000)

    CrossRef  Google Scholar 

  13. Mahoney, M., Chan, P.K.: An analysis of the 1999 DARPA/Lincoln Laboratory evaluation Data for Network Anomaly Detection. Florida Tech. tech report CS-2003-02 (2003)

    Google Scholar 

  14. Rossey, L., Rabek, J., Cunnigham, R., Fried, R., Lippmann, R., Zissmann, R.: Lariat: Lincoln adaptable real-time information assurance test-bed. In: International Sypnotium on Recent Advances in Intrusion Detection (RAID) (2001)

    Google Scholar 

  15. Antonatos, S., Anagnostakis, K., Markatos, E.: Generating Realistic Workloads for Network Intrusion Detection Systems. In: Proceedings of the 4th International Workshop on Software Performance (WOSP) (2004)

    Google Scholar 

  16. Danzing, P., Mogul, J., Paxson, V., Schwartz, M.: The internet traffic archive, http://ita.ee.lbl.gov/html/traces.html

  17. Davison, B.D.: Web Caching Resources (1999), http://www.web-caching.com/

  18. Fan, J., Xu, J., Ammar, M.H., Moon, S.B.: Prefix-preserving IP address anonymization: measurement-based security evaluation and a new cryptography-based scheme. Comput. Networks 46(2), 253–272 (2004)

    CrossRef  MATH  Google Scholar 

  19. Duda, R., Hart, P.: Pattern Classification and Scene Analysis. John Wiley and Sons, Chichester (1973)

    MATH  Google Scholar 

  20. Mahoney, M., Chan, P.: Learning Rules for anomaly Detection of Hostile Network Traffic. In: Proceedings of the 3rd IEEE ICDM (2003)

    Google Scholar 

  21. Roesch, M.: Snort–Lightweight Intrusion Detection for Networks. In: Proc. USENIX Lisa (1999)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dpt. of Signal Theory, Telematics and Communications, University of Granada, E.T.S. Ing. Informática y Telecomunicación, C/ Periodista Daniel Saucedo Aranda, s/n, 18071, Granada, (Spain)

    M. Bermúdez-Edo, R. Salazar-Hernández, J. Díaz-Verdejo & P. García-Teodoro

Authors
  1. M. Bermúdez-Edo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. R. Salazar-Hernández
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. J. Díaz-Verdejo
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. P. García-Teodoro
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Information and Communication Technologies, University of A Coruña, Spain

    Javier Lopez

Rights and permissions

Reprints and Permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Bermúdez-Edo, M., Salazar-Hernández, R., Díaz-Verdejo, J., García-Teodoro, P. (2006). Proposals on Assessment Environments for Anomaly-Based Network Intrusion Detection Systems. In: Lopez, J. (eds) Critical Information Infrastructures Security. CRITIS 2006. Lecture Notes in Computer Science, vol 4347. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11962977_17

Download citation

  • DOI: https://doi.org/10.1007/11962977_17

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-69083-2

  • Online ISBN: 978-3-540-69084-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

search

Navigation