{"title":"A framework for the evaluation of the theoretical threat coverage provided by intrusion detection systems","authors":"Gideon Creech","doi":"10.1109/MILCIS.2017.8188557","DOIUrl":null,"url":null,"abstract":"Intrusion detection systems are a central component of cyber security architecture, and their accuracy is a critical performance metric for any security deployment. Most of the current performance analysis of intrusion detection systems relies on empirical profiling of a given algorithm or implementation against a benchmark dataset. Whilst effective to a point, this traditional evaluation methodology is unable to assess the completeness of threat coverage provided by an intrusion detection system and is consequently a sub-optimal approach if conducted in isolation of other tests. This paper introduces a framework to evaluate the total potential coverage provided by an intrusion detection system as a function of its data sources, extending and complementing the traditional approach.","PeriodicalId":227691,"journal":{"name":"2017 Military Communications and Information Systems Conference (MilCIS)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2017-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 Military Communications and Information Systems Conference (MilCIS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MILCIS.2017.8188557","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Intrusion detection systems are a central component of cyber security architecture, and their accuracy is a critical performance metric for any security deployment. Most of the current performance analysis of intrusion detection systems relies on empirical profiling of a given algorithm or implementation against a benchmark dataset. Whilst effective to a point, this traditional evaluation methodology is unable to assess the completeness of threat coverage provided by an intrusion detection system and is consequently a sub-optimal approach if conducted in isolation of other tests. This paper introduces a framework to evaluate the total potential coverage provided by an intrusion detection system as a function of its data sources, extending and complementing the traditional approach.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
