Abstract
Intrusions detection systems (IDSs) are systems that try to detect attacks as they occur or when they were over. Research in this area had two objectives: first, reducing the impact of attacks; and secondly the evaluation of the system IDS. Indeed, in one hand the IDSs collect network traffic information from some sources present in the network or the computer system and then use these data to enhance the systems safety. In the other hand, the evaluation of IDS is a critical task. In fact, its important to note the difference between evaluating the effectiveness of an entire system and evaluating the characteristics of the system components. In this paper, we present an approach for IDS evaluating based on measuring the performance of its components. First of all, in order to implement the IDS SNORT components safely we have proposed a hardware platform based on embedded systems. Then we have tested it by using a generator of traffics and attacks based on Linux KALI (Backtrack) and Metasploite 3 Framework. The obtained results show that the IDS performance is closely related to the characteristics of these components.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Khorkov, D.A.: Methods for testing network-intrusion detection systems. Sci. Tech. Inf. Proc. 39(2), 120–126 (2012). doi:10.3103/S0147688212020128
Mell, P., Hu, V., Lippmann, R., Haines, J., Zissman, M.: An overview of issues in testing intrusion detection systems. Technical report, National Institute of Standard and Technology (2003)
Akhlaq, M., Alserhani, F., Awan, I., Mellor, J., Cullen, A.J., Al-Dhelaan, A.: Implementation and evaluation of network intrusion detection systems. In: Kouvatsos, D.D. (ed.) Next Generation Internet: Performance Evaluation and Applications. LNCS, vol. 5233, pp. 988–1016. Springer, Heidelberg (2011)
Saber, M., Emharref, M., Bouchentouf, T., Benazzi, A.: Platform based on an embedded system to evaluate the intrusion detection system. In: IEEE Xplore Digital Library. pp. 894–899 (2012) doi:10.1109/ICMCS.2012.6320253
Albin, E.; Rowe, N.C.: A realistic experimental comparison of the suricata and SNORT intrusion-detection systems. In: 2012 26th International Conference on Advanced Information Networking and Applications Workshops (WAINA), pp. 122–127, 26–29 March 2012. doi:10.1109/WAINA.2012.29
Wang, X., Kordas, A., Hu, L., Gaedke, M., Smith, D.: Administrative evaluation of intrusion detection system. In: Proceedings of the 2nd Annual Conference on Research in Information Technology (RIIT 2013) pp. 47–52. ACM, New York, USA (2013) doi:10.1145/2512209.2512216
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Saber, M., Chadli, S., Emharraf, M., El Farissi, I. (2015). Modeling and Implementation Approach to Evaluate the Intrusion Detection System. In: Bouajjani, A., Fauconnier, H. (eds) Networked Systems . NETYS 2015. Lecture Notes in Computer Science(), vol 9466. Springer, Cham. https://doi.org/10.1007/978-3-319-26850-7_41
Download citation
DOI: https://doi.org/10.1007/978-3-319-26850-7_41
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-26849-1
Online ISBN: 978-3-319-26850-7
eBook Packages: Computer ScienceComputer Science (R0)