IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IDS evaluations procedures

From: Whodini <whodknee () gmail com>
Date: Wed, 13 Jul 2005 12:14:04 -0400
I work for a rather large (global) network and we average 15-23% of
our daily traffic

On 12 Jul 2005 02:40:18 -0000, david.sames () sparta com
<david.sames () sparta com> wrote:

I'm in the process of developing test procedures for evaluating an internal anomaly-based detection system. I'd like 
to construct a test set of nominal data peppered with attack data. What is a reasonable ratio of attack data to 
"normal" traffic that is representative of "real" systems.

Thanks,

Dave

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------




--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: