A Methodology of Testing Intrusion Detection Systems:
Introduction:
Software Testing concepts have been used as a basis for performing testing of the Intrusion detection systems.
Testing goals concentrated are the performance measures of the intrusion detection systems. The test case selection and procedures have been filtered to satisfy this goal.
Issues in evaluating an IDS
1. It might be difficult to identify all possible intrusions in a website where the IDS could be employed so as to arrive at the parameters for testing
2. Depending on the usage of the system, the IDS may at times miss out on identifying and tracking specific attacks
Types of Intrustions in focus:
1. Single Intruder Single Terminal (SIST)
2. Single Intruder Multiple Terminal (SIMT)
3. Multiple Intruder Multiple Terminal (MIMT)
Performance Objectives:
Broad Detection Range
Economy in Resource Usage
Resilience to Stress
Proposed Methodology:
Intrusion Identification tests
Resource Usage tests
Stress tests - Smoke screen noise, background noise, High Volume Sessions, Intensity and Load
Future Work:
1. Careful development of a suite of Intrusion test cases for basic detection system
2. Identification of additional performance objectives based on the information obtained from testing of other systems
3. Another task is to fine tune the testing procedures and develop suitable metrics to create a benchmark suite of IDSS, similar in spirit to the well established benchmarks such as SPECmarks, Livermore Loops and Dhrystone , which are used to test the performance of various computer architectures.
4. Testing techniques arrived at in this paper could be looked to adopt to testing other systems as well
No comments:
Post a Comment