N. Puketza, K. Zhang, R.A. Olsson, B. Mukherjee, and M. Chung. "A Methodology for Testing Intrusion Detection Systems". IEEE Transactions on Software Engineering, 22(10):719--729, October 1996.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....bottlenecks. Industrial whitepapers can add valuable practical experience testing and evaluating intrusion detection systems, but are by their nature much more limited in scope [6] 17] Puketza et al. describe an integrated approach to NIDS evaluation that combines quality and performance metrics [16]. It is designed to compare different intrusion detection systems in terms of the number of alerts generated under a variety of loads, including overload situations intended to subvert the NIDS. As such, the approach takes the capabilities of the NIDS platform into account and can be used to ....

N. Puketza, K. Zhang, M. Chung, B. Mukherjee, R. Olsson, "A Methodology for Testing Intrusion Detection Systems," IEEE Transactions Software Engineering, vol. 22, no. 10, 1996, pp. 719-729.

....attacks. 5.3 Verification Once confidence is established in the software fault tree, primarily through expert review, the design of the intrusion detection can then be traced to the software fault tree to determine its completeness and correctness. Based on the testing strategy of Puketza et al. [21] the SFTA can be used to test the design and implementation of an IDS. Given a subtree of an SFTA that describes related intrusive events, define the subtree to be an equivalence class for the set of intrusions. Select one or more representative minimum cuts of the subtree to be tested. Then, ....

Puketza, N. J., Zhang, K., Chung, M., Mukherjee, B., and Olsson, R. A. A methodology for testing intrusion detection systems. IEEE Transactions on Software Engineering 22, 10 (Oct. 1996), 719--729.

.... Why test network intrusion detection systems [RM98] ffl characterize behaviour ffl evaluate performance ffl predict trends ffl make improvements Anzen Computing, RAID99 1 Related Work As lazy programmers often do, we punted at rst ffl UC Davis Seclab software platform for IDS testing [UCSec96] ffl IBM Zurich GSAL IDS experimentation workbench [GSAL98] ffl DARPA Intrusion Detection Evaluation reference evaluation corpus [KK99] ffl Various network traOEc attack generation tools CASL, psh, tcplib, vulnerability scanners, etc. ffl Various network fault injection tools Orchestra, ....

N. Puketza, K. Zhang, M. Chung, B. Mukherjee, and R. Olsson , "A Methodology for Testing Intrusion Detection Systems,j IEEE Transactions on Software Engineering, Vol. 22, No. 10, pp. 719-729, October 1996. -Anzen Computing, RAID99- 21

....developed to test the intrusion detection system requirements. The CPN design will be tested using the use cases to observe the behavior of the CPN and verify correct functionality. Equivalence classes may be used to test representative samples from groups of intrusions to reduce the testing e ort [20]. Since the requirements model is less detailed than the CPN and may not be as expressive as a CPN model, the CPN design further constrains the sets of events that will be identi ed as intrusions. Thus, some use cases that are identi ed by the requirements as intrusions will not be considered ....

Nicholas J. Puketza, Kui Zhang, Mandy Chung, Biswanath Mukherjee, and Ronald A. Olsson. A methodology for testing intrusion detection systems. IEEE Transactions on Software Engineering, 22(10):719729, October 1996.

....new attacks. Veri cation Once con dence is established in the software fault tree, primarily through expert review, the design of the intrusion detection can then be traced to the software fault tree to determine its completeness and correctness. Based on the testing strategy of Puketza et al. [19] the SFTA can be used to test the design and implementation of an IDS. Given a subtree of an SFTA that describes related intrusive events, de ne the subtree to be an equivalence class for the set of intrusions. Select one or more representative minimum cuts of the subtree to be tested. Then, given ....

Puketza, N. J., Zhang, K., Chung, M., Mukherjee, B., and Olsson, R. A. A methodology for testing intrusion detection systems. IEEE Transactions on Software Engineering 22, 10 (Oct. 1996), 719729.

....intrusion detection systems, 3) Included a wide variety of attacks, and (4) Measured both attack detection rates and false alarm rates for realistic normal traffic. Most prior research in this area evaluated individual systems using a small number of attacks and little background traffic (e.g. [3,4,5]) or evaluated systems using confidential inhouse red teaming experiments where attacks are launched by teams of experts against a test or operational network. An evaluation of many systems with a shared corpus is difficult for many reasons. First, operational networks can not normally be used for ....

....edited documents, and sent mail. There were also a large number of users who primarily sent and received mail and browsed web sites. Public domain sources were used to obtain software programs created by simulated programmers, documents created by secretaries, and other content. As suggested in [3], a modified version of the expect language was used to create user automata which behaved as if they were users typing at keyboards. Human actors performed more complex tasks. They upgraded software, added users, changed passwords, remotely accessed programs with graphical user interfaces, and ....

N. Puketza, K. Zhang, M. Chung, B. Mukherjee, and R. A. Olsson, "A methodology for testing intrusion detection systems," IEEE Transactions on Software Engineering, 22, 1996, pp. 719-729.

....over only one of the two connection endpoints. In addition, we assume that the cracker does not have access to the Bro policy script, which each site will have customized, and should keep well protected. While previous work has addressed the general problem of testing intrusion detection systems [PZCMO96], this work 10 has focused on correctness of the system in terms of whether it does indeed recognize the attacks claimed. To our knowledge, the first discussion in the literature specifically aimed at the problem of attackers subverting a network intrusion detection system was the concurrent ....

N. Puketza, K. Zhang, M. Chung, B. Mukherjee and R. Olsson, "A Methodology for Testing Intrusion Detection Systems," IEEE Transactions on Software Engineering, 22(10), pp. 719-729, Oct. 1996.

....knows how to fool them can evade detection and complicated analytical techniques may provide many avenues of attack. On the other hand, overly simplistic systems may fail to detect attackers that intentionally mask their attacks with complex, coordinated system interactions from multiple hosts[6]. The need for reliable data storage is obvious. An attacker that can subvert the D box components of an IDS can prevent it from recording the details of her attack; poorly implemented data storage techniques can even allow sophisticated attackers to alter recorded information after an attack has ....

N. F. Puketza, K. Zhang, M. Chung, B. Mukherjee and R. A. Olsson , "A Methodology for Testing Intrusion Detection Systems," IEEE Transactions on Software Engineering, vol. 22, pp. 719-729, October 1996.

.... [3, 11, 17, 26] statistical profiling [14] immune system models [7, 8] data mining techniques [19] and various mixtures of neural networks, genetic algorithms and fuzzy logic [10, 24] Many of these approaches have not been robust, or at least it has been difficult to test their robustness [23]. A particular problem arises when an attacker masks his behaviour by performing large numbers of innocent actions between the malicious ones. One of the motivating factors in developing such systems is the desire that users should not have to write code. Many fielded systems use hard code for ....

NJ Puketza, K Zhang, M Chung, B Mukerjee, "A Methodology for Testing Intrusion Detection Systems," in IEEE Transaction on Software Engineering v 22 no 10 (Oct 1996) pp 719--729

No context found.

N. Puketza, K. Zhang, R.A. Olsson, B. Mukherjee, and M. Chung. "A Methodology for Testing Intrusion Detection Systems". IEEE Transactions on Software Engineering, 22(10):719--729, October 1996.

....proving properties of our solutions. Previously, formal methods have not been used in connection with intrusion detection. A common concern for intrusion detection systems is 110 that it is difficult to assess the benefits of deploying those systems. Currently, a testingbased methodology (e.g. [54, 55]) is used to evaluate an intrusion detection system, namely by subjecting it to test data that contain attacks and to test data that are normal attackfree. Results like the detection rate for real attacks and the false alarm rate are used to assess the effectiveness of an intrusion detection ....

N.F. Puketza, K. Zhang, M. Chung, B. Mukherjee, R.A. Olsson, "A Methodology for Testing Intrusion Detection Systems." IEEE Transactions on Software Engineering, Vol.22, No.10, October 1996, pp.719-729.

No context found.

N. Puketza, K. Zhang, M. Chung, B. Mukherjee, and R. A. Olsson, "A methodology for testing intrusion detection systems," IEEE Transactions on Software Engineering, 22, 1996, pp. 719-729.

No context found.

N. Puketza, K. Zhang, M. Chung, B. Mukherjee, and R. A. Olsson, "A methodology for testing intrusion detection systems," IEEE Transactions on Software Engineering, 22, 1996, pp. 719-729.

No context found.

Nicholas J. Puketza, Kui Zhang, Mandy Chung, Biswanath Mukherjee, and Ronald A. Olsson. A methodology for testing intrusion detection systems. IEEE Transactions on Software Engineering, 22(10):719--729, October 1996. 38

No context found.

N. J. Puketza, K. Zhang, M. Chung, B. Mukherjee, and R. A. Olsson. A methodology for testing intrusion detection systems. Software Engineering, 22(10), 1996.

No context found.

Puketza, N. J., Zhang, K., Chung, M., Mukherjee, B., and Olsson, R. A. A methodology for testing intrusion detection systems. IEEE Transactions on Software Engineering Oct. 1996; 22(10):719--729.

No context found.

NJ Puketza, K Zhang, M Chung, B Mukerjee, "A Methodology for Testing Intrusion Detection Systems," in IEEE Transaction on Software Engineering v 22 no 10 (Oct 1996) pp 719--729

No context found.

N. Puketza, K. Zhang, M. Chung, B. Mukherjee, and R. Olsson. A methodology for testing intrusion detection systems. IEEE Trans. Softw. Eng., 22(10), October 1996.

No context found.

Nicholas J. Puketza, Kui Zhang, Mandy Chung, Biswanath Mukherjee, and Ronald A. Olsson. A Methodology for Testing Intrusion Detection Systems. Software Engineering, 22(10):719-729, 1996.

No context found.

Puketza, N. F., Zhang, K., Chung, M., Mukherjee, B., and Olsson, R. A. (1996). A Methodology for Testing Intrusion Detection Systems. IEEE Transactions on Software Engineering.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC