I am interested in IDS, especially in the ad hoc network environment. In
general, various application environments have various security requirements of
their underlying communication networks. For example, communication networks
are required to be protected with higher security level when they are deployed
in hostile and tough environment (i.e. military applications). On the other
hand, the requirement of communication security in civilian applications that
usually are located in non-hostile is comparatively loose. Accordingly, IDS, if
it is deployed to protect various networks, should be able to provide
adjustable security levels in terms of various levels of detection rate, false
alarm rate, detection time, and etc.
My question is: what are the desired levels for acceptable performance in terms
of detection rate, false alarm rate, detection time of an IDS when it is
deployed in various network applications.
7For instance, when an IDS is deployed to protect a network in a civilian
application (e.g. university LAN), what are the desired levels for acceptable
performance in terms of detection rate, false alarm rate, detection time? Is 60
seconds of detection time acceptable? Is 80% of detection rate good?
7How about these levels for acceptable performance when IDS is deployed in high
security requirement application (e.g. battlefield communication)?
7How about these levels for acceptable performance when IDS is deployed in
mobile ad hoc networks?
If specific answers for these questions are not available, could you provide
some rough guides to the solutions of these questions?
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
