Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Testing IDS?

from [Wilmar SULAIMAN] Network Security [Permanent Link]
Subject: Testing IDS?
Date: Wed, 1 Jun 2005 12:42:45 +1000 (EST) 
Dear all,

I am new to the IDS. How you normally test your IDS? Currently I am working using MIT darpa dataset 1999. I believe it is really hard to get 100% accuracy. One of the issues that I found is because this is post attack analysis, we knew the ip victim, therefore do we need to include the non ip victim in the testing? because including non ip victim under testing phase could improve the false positive rate.

http://www.cs.fit.edu/~mmahoney/dist/, I also found this link is very usefull, but the evaluation program doesn't consider the port. So what does it mean is it could be the case that the attack intended to port 80, but our IDS detected port 25 packet as port 80 attack.

Any idea how people normally testing their IDS? especially for 1999 darpa dataset.


Wilmar Sulaiman


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Testing IDS?, Wilmar SULAIMAN <=
Previous by Date:  Re: New to Snort !!!, Justin . Ross
Next by Date:  Re: Value of IDS, ROI, Fergus Brooks
Previous by Thread:  RE: Snort on Gigabit [was Re: IDS\IPS that can handle one Gig], Federated Information Security
Next by Thread:  Re: Value of IDS, ROI, Fergus Brooks
Indexes:  [Date] [Thread] [Top] [All Lists]