Environment-Related Information Security Evaluation for Intrusion Detection Systems

  • Ran Cheng
  • Yueming Lu
  • Jiefu Gan
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 237)


The features of actively detection of intrusion detection systems (IDSs) are crucial in cyberspace security evaluation. Most of existing evaluation models are insufficient for selecting proper IDS in varying situations since these methods only base on detection rate and false alarm ratio. The paper proposes an environment-related information security evaluation model for IDSs, and applies the model in a practical IDS evaluation process. Compared to existing ones, the proposed model considers two more factors: background traffic and workload, and thus can achieve a more objective and comprehensive evaluation result for IDSs.


Intrusion detection system Precision Recall Background traffic 



This work was supported by The Research of Key Technology and Application of Information Security Certification Project (No. 2016YFF0204001) of China Information Security Certification Center.


  1. 1.
    Stallings, W.: Network Security Essentials: Applications and Standards. Pearson Education India, Delhi (2007)Google Scholar
  2. 2.
    Herrmann, D.S.: Using the Common Criteria for IT Security Evaluation. CRC Press, Boca Raton (2002)CrossRefGoogle Scholar
  3. 3.
    Gan, Z., He, J.: Study on multi-hierarchical fuzzy comprehensive evaluation of intrusion detection system. Appl. Res. Comput. 4, 29 (2006)Google Scholar
  4. 4.
    Li, L., Xia, Z., Xiong, J.: Study on evaluation method of multilayer hybrid intrusion detection system. Comput. Sci. 42 (2015)Google Scholar
  5. 5.
    Lippmann, R., Fried, D., Graf, I., Haines, J., Kendall, K., McClung, D., Zissman, M.: Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation. In: Proceedings of the DARPA Information Survivability Conference and Exposition, vol. 2, pp. 12–26. IEEE (2000)Google Scholar
  6. 6.
    Haines, J., Lippmann, R., Fried, D.: 1999 DARPA intrusion detection system evaluation: design and procedures. DARPA Intrusion Detection Evaluation Design & Procedures (2001)Google Scholar
  7. 7.
    Gu, G., Fogla, P., Dagon, D., Lee, W., Skorić, B.: Measuring intrusion detection capability: an information-theoretic approach. In: Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security, pp. 90–101. ACM (2006)Google Scholar
  8. 8.
    Aggarwal, P., Sharma, S.: A new metric for proficient performance evaluation of intrusion detection system. In: Herrero, Á., Baruque, B., Sedano, J., Quintián, H., Corchado, E. (eds.) International Joint Conference. AISC, vol. 369, pp. 321–331. Springer, Cham (2015). Scholar
  9. 9.
    Powers, D.: Evaluation: from precision, recall and F-measure to ROC, informedness, markedness and correlation. J. Mach. Learn. Technol. 2, 2229–2239 (2011)Google Scholar
  10. 10.
    Saaty, L.: How to make a decision: the analytic hierarchy process. Eur. J. Oper. Res. 48(1), 9–26 (1990)CrossRefzbMATHGoogle Scholar
  11. 11.
    Wang, X., Shi, Y., Huang, R.: Application of multi-layer fuzzy comprehensive evaluation method in debris flow assessment. J. Catastrophology 19(2), 1–6 (2004)Google Scholar

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2018

Authors and Affiliations

  1. 1.School of Information and Communication EngineeringBeijing University of Posts and Communications, Key Laboratory of Trustworthy Distributed Computing and Service (BUPT), Ministry of EducationBeijingChina
  2. 2.China Information Security Certification CenterBeijingChina

Personalised recommendations