questions of IDS performance

[guo_yinghua () yahoo com cn]

I am interested in IDS, especially in the ad hoc network environment. In general, various application environments have 
various security requirements of their underlying communication networks. For example, communication networks are 
required to be protected with higher security level when they are deployed in hostile and tough environment (i.e. 
military applications). On the other hand, the requirement of communication security in civilian applications that 
usually are located in non-hostile is comparatively loose. Accordingly, IDS, if it is deployed to protect various 
networks, should be able to provide adjustable security levels in terms of various levels of detection rate, false 
alarm rate, detection time, and etc. 
My question is: what are the desired levels for acceptable performance in terms of detection rate, false alarm rate, 
detection time of an IDS when it is deployed in various network applications. 
·For instance, when an IDS is deployed to protect a network in a civilian application (e.g. university LAN), what are 
the desired levels for acceptable performance in terms of detection rate, false alarm rate, detection time? Is 60 
seconds of detection time acceptable? Is 80% of detection rate good? 
·How about these levels for acceptable performance when IDS is deployed in high security requirement application (e.g. 
battlefield communication)? 
·How about these levels for acceptable performance when IDS is deployed in mobile ad hoc networks?
If specific answers for these questions are not available, could you provide some rough guides to the solutions of 
these questions? 

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------