Systematization of metrics in intrusion detection systems

Abstract

Intrusion detection assumes paramount importance in this information era due to its capability of providing security protection to information systems. In addition to advancing the specific intrusion detection techniques, substantial efforts have been devoted to the taxonomy of existing IDSs, mostly focusing on the methodology, audit source and architecture aspects. The employed metric is another decisive factor of IDS performance, yet a systematized understanding in this aspect is still lacking. As an initial effort towards this objective, a categorization of IDS metrics is proposed in this work, where existing IDS metrics are divided into four types - information theoretic, probabilistic, proximity-based, and reliability-based metrics. Simulation studies of several intrusion detection algorithms that match the proposed categorization are also conducted based on the KDD'99 dataset.