Generation and use of test data sets in IDS testing

Vidar Evenrud Seeberg, "Generation and use of test data sets in IDS testing", September 16, 2005

When evaluating an IDS, the evaluator can choose mainly between four approaches in
generating and using test data sets:

The evaluator can base the test on an empty test data set (no background trac)
 The evaluator can generate test data by recording real network trac
 The evaluator can generate test data by sanitizing recorded real network trac
 The evaluator can generate test data using simulated traffic

Quoted reference to arrive at the approaches-

P Mell, V Hu, R Lippmann, J Haines, and M Zissman. An overview of issues in testing
intrusion detection systems. Technical Report NIST IR 7007, National Institute of
Standards and Technology, August 2003.