N. Puketza, K. Zhang, M. Chung, B. Mukherjee and R. Olsson, "A Methodology for Testing Intrusion Detection Systems," IEEE Transactions on Software Engineering, 22(10), pp. 719-729, Oct. 1996.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....over only one of the two connection endpoints. In addition, we assume that the cracker does not have access to the Bro policy script, which each site will have customized, and should keep well protected. While previous work has addressed the general problem of testing intrusion detection systems [PZCMO96], this work has focussed on correctness of the system in terms of whether it does indeed recognize the attacks claimed. To our knowledge, the literature does not contain any discussion of attacks specifically aimed at subverting a network intrusion detection system, other than the discussion in ....

....this work has focussed on correctness of the system in terms of whether it does indeed recognize the attacks claimed. To our knowledge, the literature does not contain any discussion of attacks specifically aimed at subverting a network intrusion detection system, other than the discussion in [PZCMO96] of the general problem of the monitor failing to keep up due to high load. For our purposes, we classify network monitor attacks into three categories: overload, crash, and subterfuge. The remainder of this section defines each category and briefly discusses the degree to which Bro meets that ....

N. Puketza, K. Zhang, M. Chung, B. Mukherjee and R. Olsson, "A Methodology for Testing Intrusion Detection Systems," IEEE Transactions on Software Engineering, 22(10), pp. 719-729, Oct. 1996.

....expect package by itself provides the capability to create a script to simulate a computer user. We have augmented expect with some additional commands that provide the capability to create concurrent scripts, complete with mechanisms for synchronization and communication among different scripts [35, 7]. These extensions to expect provide users with the ability to simulate concurrent intrusions, which were described in Section 2.2. Often, in the course of testing an IDS, it may be necessary to repeat a particular test. For example, a test can be repeated to determine why (or why not) the IDS ....

K. Zhang, A Methodology for Testing Intrusion Detection Systems, M.S. Thesis, University of California at Davis, May 1993.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC