In the last quarter report, there were two potential streams identify for research
1. Testing of anomaly based intrusion detection systems
2. Modeling intrusion detection systems
Proceeding ahead with the testing of anomaly based IDS, we intended to do the following
1. Understand the anomaly based IDS models
2. How currently the IDS systems are tested. i.e. testing methodology, test scripts generation etc
3. How audit records are used to understand any intrusions in the system etc.
Currently, based on the information obtained. There are not many research papers supporting the testing of IDS systems.
When we are not getting sufficient information, the thought on what could have led to scenario is a question that comes up. In addition most of the testing related research have been carried out a few years ago, implying there is no currently existing research based on the literature review that has been obtained.
Given the situation what could be the steps ahead.
1. Irrespective of the availability of specific information, understanding the basic model of anomaly based IDS would help us in deriving better testing techniques.
2. Improvement of the test scripts could be an option which need to be worked on.
3. In addition, there was also some work related to the software platform for testing IDS undertaken by Prof. Biswanath Mukherjee and his associates.
4. The model itself could be looked at. One fact that should be considered is that anomaly based IDS does have the ability to raise an alarm for all possible situations which it was not trained before, hence there is greater probability of false alarms as well. Hence we could spend some effort here to understand how this could be avoided.
Though we have signature and anomaly based IDS. Current industry preference is signature since it is trained to identify fixed anomalies and it does most of the time. While in the case of anomaly based IDS, it is dynamic, but there is a probability if the system is trained to accept an intrusion as a normal behavior it cannot differentiate.
No comments:
Post a Comment