One Size Fits None: The Importance of Detector Parameterization

Abstract

The parameterization of an administrator's intrusion detection system (IDS) is as crucial as the IDS itself. The difference between sufficient and insufficient parameterization can be the difference between a detected and undetected attack. This work focuses on identifying a methodical process for IDS parameterization. Such a process provides administrators of intrusion detection systems with the knowhow of selecting suitable parameters for the effective operation of their detector. The process stresses the importance of altering parameters for individual applications. Parameterization experiments are employed on two different open source IDSs, namely Stide and pH, and tested against three real world vulnerabilities. The results show the interesting trends that are observed during the experiments.