A methodology of testing intrusion detection systems

Nicholas J.Puketza, et al, "A methodology of testing intrusion detection systems", University of California

- Elaborate information is provided on the testing methodology to assess the performance of IDS

- the authors have quoted that test data could be obtained from sources such as CERT advisories, periodicals such as PHRACK and 2600, USENET, analyzing the vulnerabilities detected by security tools such as COPS and TIGER

Possible articles that could be referred to related to obtaining intrusion data:

1. M. Bishop, \A Taxonomy of UNIX System and Network Vulnerabilities," Technical
Report CSE-95-10, University of California at Davis, September 1995.
2. D. Farmer and W. Venema, \Improving the Security of Your Site by Breaking Into
It," USENET posting, December 1993.
3. D. Farmer and E. H. Spaord, \The COPS Security Checker System," Proc., Summer
USENIX Conference, pp. 165-170, June 1990.
4. S. Kumar and E. H. Spaord, \A Pattern Matching Model for Misuse Intrusion Detec-
tion," Proc., 17th National Computer Security Conference, Baltimore, MD, pp. 11-21,
October 1994.
5. D. R. Saord, D. L. Schales, and D. K. Hess, \The TAMU Security Package: An
Ongoing Response to Internet Intruders in an Academic Environment," Proc., Fourth
USENIX UNIX Security Symposium, Santa Clara, CA, pp. 91-118, October, 1993.

- test case selection based on 3 different strategies is elaborated

The authors have not provided in depth information on how large volume of test data could be generated, but they have given guidance related to the direction which needs to be adopted to achieve it