A Methodology for Testing Intrusion Detection Systems

Get BibTex-formatted data

Author

Nicholas J. Puketza,Kui Zhang,Mandy Chung,Biswanath Mukherjee,Ronald A. Olsson

Entry type

misc

Abstract

Intrusion Detection Systems (IDS) attempt to identify unauthorized use, misuse, and abuse of computer systems. In response to the growth in the use and development of IDS's, we have developed a methodology for testing IDS's. The methodology consistes of techniques from the field of software testing which we have adapted for the specific purpose of testing IDS's. In this paper, we identify a set of general IDS performance objectives which is the basis for the methodology. We present the details of the methodology, including strategies for test-case selection and specific testing procedures. We include quantitative results from testing experiments on the Network Security Monitor (NSM), an IDS developed at UC Davis. We present an overview of the software platform that we have used to create user-simulation scripts for testing experiments. The platform consists of the UNIX tool 'expect' and enhancements that we have developed, including mechanisms for concurrent scripts and a record-and-replay feature. We also provide background information on intrusions and IDSs to motivate our work.

Date

1996 – October

URL

http://ieeexplore.ieee.org/sta ... 544350&isnumber=11896

Address

IEEE

Institution

IEEE

Key alpha

Puketza

Number

Pages

719-729

Volume

Publication Date

2001-01-01

Keywords

Intrusion detection, software testing, computer security, computer user simulation

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Misc{ Puketza,
	title = "A Methodology for Testing Intrusion Detection Systems",
	author = "Nicholas J. Puketza,Kui Zhang,Mandy Chung,Biswanath Mukherjee,Ronald A. Olsson",
	year = "1996",
	month = "October",
	address = "IEEE",
	institution = "IEEE",
	number = "10",
	pages = "719-729",
	volume = "22",
	abstract = "Intrusion Detection Systems (IDS) attempt to identify unauthorized use, misuse,
and abuse of computer systems. In response to the growth in the use and
development of IDS's, we have developed a methodology for testing IDS's. The
methodology consistes of techniques from the field of software testing which
we have adapted for the specific purpose of testing IDS's. In this paper, we
identify a set of general IDS performance objectives which is the basis for the
methodology. We present the details of the methodology, including strategies
for test-case selection and specific testing procedures. We include quantitative
results from testing experiments on the Network Security Monitor (NSM), an IDS
developed at UC Davis. We present an overview of the software platform that we
have used to create user-simulation scripts for testing experiments. The platform
consists of the UNIX tool 'expect' and enhancements that we have developed,
including mechanisms for concurrent scripts and a record-and-replay feature.
We also provide background information on intrusions and IDSs to motivate our
work.",
	keywords = "Intrusion detection, software testing, computer security, computer user simulation",
	url = "http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=544350&isnumber=11896",
}