| Summary: | 碩士 === 中原大學 === 資訊工程研究所 === 90 === Intrusion detection system (IDS) is an important mechanism in protecting computer system security. With assistance of IDS, we can discover abnormal behavior in the network environment and, in response to that, take corresponding actions to deal with it. Many intrusion detection systems and their merits are different. Users want to know which candidate IDS among the availables will fit their needs best before making a procurement decision, or, if an Intrusion detection system is adapted already, how well it performs. It calls for an evaluation framework that takes the characteristic pertaining individual system and network environment into concern.
In this thesis, an Intrusion Detection System testing platform was proposed. With this platform, the performance of various kind of IDSs can be evaluated in the contests of specific network environments. And users can select a proper IDS to protect their network environment according to the testing result.
The proposed platform considers the dependence relation between IDS performance and the application environment, since the same IDS may have different detection performance in distinct environments. It consists of three subsystems: Environment Analysis, Test Planning and Log Analysis. The Environment Analysis subsystem examines the characteristic and critical flaws of the application environment. The Test Planning subsystem provides toolkit through an User Interface which allows users to construct specific test profile to their environment. According to the test result, Log Analysis Subsystem produces Receiver Operating Characteristic (ROC) curves of individual IDS. With ROC curves, the relation of detection rate and false alarm rate of an intrusion detection system can be comprehended easily.
The proposed platform has been done a series of scanning, auditing and testing against the environment in our laboratory. The result was examined and analyzed.
|
|---|
