Author
Nicholas J. Puketza,Kui Zhang,Mandy Chung,Biswanath Mukherjee,Ronald A. Olsson
Abstract
Intrusion Detection Systems (IDS) attempt to identify unauthorized use, misuse,
and abuse of computer systems. In response to the growth in the use and
development of IDS's, we have developed a methodology for testing IDS's. The
methodology consistes of techniques from the field of software testing which
we have adapted for the specific purpose of testing IDS's. In this paper, we
identify a set of general IDS performance objectives which is the basis for the
methodology. We present the details of the methodology, including strategies
for test-case selection and specific testing procedures. We include quantitative
results from testing experiments on the Network Security Monitor (NSM), an IDS
developed at UC Davis. We present an overview of the software platform that we
have used to create user-simulation scripts for testing experiments. The platform
consists of the UNIX tool 'expect' and enhancements that we have developed,
including mechanisms for concurrent scripts and a record-and-replay feature.
We also provide background information on intrusions and IDSs to motivate our
work.
Keywords
Intrusion detection, software testing, computer security, computer user simulation