IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IDS evaluations procedures

From: Joel Esler <eslerj () gmail com>
Date: Tue, 12 Jul 2005 10:48:18 -0400
depends on the bandwidth of the network.

On 12 Jul 2005 02:40:18 -0000, david.sames () sparta com
<david.sames () sparta com> wrote:

I'm in the process of developing test procedures for evaluating an internal anomaly-based detection system. I'd like 
to construct a test set of nominal data peppered with attack data. What is a reasonable ratio of attack data to 
"normal" traffic that is representative of "real" systems.

Thanks,

Dave

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------




--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: