Re: IDS testing methodologies

[Raffael Marty <rmarty () arcsight com>]

Henrik,

Maybe you should also have a look at some basic research which was done in
this area:

Analysis and Results of the 1999 DARPA Off-Line Intrusion
Detection Evaluation, presented at Third Intl. Workshop on Recent
Advances in Intrusion Detection (RAID2000)

John McHugh, The 1998 Lincoln Laboratory IDS Evaluation: A Critique,
presented at Third Intl. Workshop on Recent Advances in Intrusion
Detection (RAID2000)

And my work, which is called THOR (http://thor.cryptojail.net). It is about
a testbed for IDSes and how to automate testing. It also talks about how
you can use this environment to do correlation among multiple IDS
sensors.

Regards

        Raffy

> I've learnt much at this website:
> http://www.nss.co.uk/

> ----- Original Message ----- 
> From: "Henrik Falkenthros, direktoer" <hef () bridicum dk>
> To: <focus-ids () securityfocus com>
> Sent: Wednesday, December 31, 2003 3:42 AM
> Subject: IDS testing methodologies
>
>
> > Hi List !
> >
> > I'm trying to find out ways of testing different IDS systems; is there a
> > 'recommended'/best practise methodology for testing Network based IDS (NIDS)
> > ? Any information - papers, tools, links and own experience are much
> > appreciated,,, 8-)
> >
> > cheers, Henrik Falkenthros

-- 

Raffael Marty, CISSP                          raffael.marty () arcsight com
Security Engineer                           Content Team @ ArcSight Inc.
1309 South Mary Ave.         Sunnyvale, CA 94087          (408) 328 5562

---------------------------------------------------------------------------
---------------------------------------------------------------------------