{"title":"一个评估入侵检测系统理论威胁覆盖率的框架","authors":"Gideon Creech","doi":"10.1109/MILCIS.2017.8188557","DOIUrl":null,"url":null,"abstract":"Intrusion detection systems are a central component of cyber security architecture, and their accuracy is a critical performance metric for any security deployment. Most of the current performance analysis of intrusion detection systems relies on empirical profiling of a given algorithm or implementation against a benchmark dataset. Whilst effective to a point, this traditional evaluation methodology is unable to assess the completeness of threat coverage provided by an intrusion detection system and is consequently a sub-optimal approach if conducted in isolation of other tests. This paper introduces a framework to evaluate the total potential coverage provided by an intrusion detection system as a function of its data sources, extending and complementing the traditional approach.","PeriodicalId":227691,"journal":{"name":"2017 Military Communications and Information Systems Conference (MilCIS)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2017-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A framework for the evaluation of the theoretical threat coverage provided by intrusion detection systems\",\"authors\":\"Gideon Creech\",\"doi\":\"10.1109/MILCIS.2017.8188557\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Intrusion detection systems are a central component of cyber security architecture, and their accuracy is a critical performance metric for any security deployment. Most of the current performance analysis of intrusion detection systems relies on empirical profiling of a given algorithm or implementation against a benchmark dataset. Whilst effective to a point, this traditional evaluation methodology is unable to assess the completeness of threat coverage provided by an intrusion detection system and is consequently a sub-optimal approach if conducted in isolation of other tests. This paper introduces a framework to evaluate the total potential coverage provided by an intrusion detection system as a function of its data sources, extending and complementing the traditional approach.\",\"PeriodicalId\":227691,\"journal\":{\"name\":\"2017 Military Communications and Information Systems Conference (MilCIS)\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 Military Communications and Information Systems Conference (MilCIS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/MILCIS.2017.8188557\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 Military Communications and Information Systems Conference (MilCIS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MILCIS.2017.8188557","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A framework for the evaluation of the theoretical threat coverage provided by intrusion detection systems
Intrusion detection systems are a central component of cyber security architecture, and their accuracy is a critical performance metric for any security deployment. Most of the current performance analysis of intrusion detection systems relies on empirical profiling of a given algorithm or implementation against a benchmark dataset. Whilst effective to a point, this traditional evaluation methodology is unable to assess the completeness of threat coverage provided by an intrusion detection system and is consequently a sub-optimal approach if conducted in isolation of other tests. This paper introduces a framework to evaluate the total potential coverage provided by an intrusion detection system as a function of its data sources, extending and complementing the traditional approach.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
