IDS evaluations procedures

david.sames_at_sparta.com
Date: 07/12/05

  • Next message: Joel Esler: "Re: IDS evaluations procedures"
    Date: 12 Jul 2005 02:40:18 -0000
    To: focus-ids@securityfocus.com
    
    
    ('binary' encoding is not supported, stored as-is) I'm in the process of developing test procedures for evaluating an internal anomaly-based detection system. I'd like to construct a test set of nominal data peppered with attack data. What is a reasonable ratio of attack data to "normal" traffic that is representative of "real" systems.

    Thanks,

    Dave

    --------------------------------------------------------------------------
    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it with real-world attacks from
    CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    to learn more.
    --------------------------------------------------------------------------


  • Next message: Joel Esler: "Re: IDS evaluations procedures"

    Relevant Pages

    • Re: IDS evaluations procedures
      ... depends on the bandwidth of the network. ... > Find out quickly and easily by testing it with real-world attacks from ... > CORE IMPACT. ...
      (Focus-IDS)
    • Value of IDS, ROI
      ... ('binary' encoding is not supported, ... Jason ... Find out quickly and easily by testing it with real-world attacks from ... CORE IMPACT. ...
      (Focus-IDS)
    • Re: detecting "intrusion detection"
      ... ('binary' encoding is not supported, ... with real-world attacks from CORE IMPACT. ...
      (Focus-IDS)
    • Open source GUI for Snort
      ... ('binary' encoding is not supported, ... Bcihak ... with real-world attacks from CORE IMPACT. ...
      (Focus-IDS)
    • Re: HIDS solution for NT4 machines
      ... ('binary' encoding is not supported, ... I looked at Osiris and am trying to figure out if that will work for our needs or not. ... with real-world attacks from CORE IMPACT. ...
      (Focus-IDS)