Download
1 / 1
20 likes | 134 Vues
Explore the necessity of evaluating Intrusion Detection Systems to enhance network security against internal and external threats. Learn the significance of real-world attack scenarios, the limitations of existing evaluation methods, and the crucial role of IDS in safeguarding against cyber attacks.
E N D
:: Problem:: • Why do we need IDS evaluation? • No network is 100% secure • Intrusions from inside and outside • Quality of Service • Rule of “Five 9’s” • Detection of Intrusions is Paramount • Loss of revenue and assets • Focus on Denial of Service (DoS) :: Background :: -DARPA released the 1998, 1999, and 2000 “Standard Evaluation Corpora for Intrusion Detection Systems” -Not complete, lack new/sophisticated attacks -IDS/IPS; first line of defense against network attacks. -Cyber Sec industry needs a standard way to evaluate real world attack scenarios -Standard collection of attacks would be a start. Senior Project – Computer Science – 2014Intrusion Detection Systems: Investigation of Evaluation Corpora Jeramey NormandAdvisor – Prof. Valerie Barr and Prof James Hedrick Example of A Ping of DeathDoS :: Design and Methods :: Test Bed and Experiments Test Bed • Snort IDS-for traffic inspection • Backtrack Linux and Scapy.py for packet crafting on attack machine • Experiments • Using the DARPA data sets as a check list of attacks. Writing DoS attacks in Python using Scapy • Using Snort IDS to detect attacks from DARPA data sets • Then creating signatures for DoS attacks not contained in data sets :: Conclusions :: • DARPA data sets not tailored to an out of the box IDS evaluation approach. • Serves as a better initial check list of DoS attacks to evaluate. • Majority of time spent learning how to craft packets that simulate real attacks. • Clear that DARPA data set is missing newer attacks, and will take future work to make more complete
