Software Intrusion Detection Evaluation System: A Cost-Based Evaluation of Intrusion Detection Capability
Open Access
- 1 January 2018
- journal article
- research article
- Published by Scientific Research Publishing, Inc. in Communications and Network
- Vol. 10 (04), 211-229
- https://doi.org/10.4236/cn.2018.104017
Abstract
In this paper, we consider a cost-based extension of intrusion detection capability (CID). An objective metric motivated by information theory is presented and based on this formulation; a package for computing the intrusion detection capability of intrusion detection system (IDS), given certain input parameters is developed using Java. In order to determine the expected cost at each IDS operating point, the decision tree method of analysis is employed, and plots of expected cost and intrusion detection capability against false positive rate were generated. The point of intersection between the maximum intrusion detection capability and the expected cost is selected as the optimal operating point. Considering an IDS in the context of its intrinsic ability to detect intrusions at the least expected cost, findings revealed that the optimal operating point is the most suitable for the given IDS. The cost-based extension is used to select optimal operating point, calculate expected cost, and compare two actual intrusion detectors. The proposed cost-based extension of intrusion detection capability will be very useful to information technology (IT), telecommunication firms, and financial institutions, for making proper decisions in evaluating the suitability of an IDS for a specific operational environment.Keywords
This publication has 10 references indexed in Scilit:
- Statistical analysis of CIDDS-001 dataset for Network Intrusion Detection Systems using Distance-based Machine LearningProcedia Computer Science, 2018
- A Survey and Comparison of Performance Evaluation in Intrusion Detection SystemsPublished by Springer Science and Business Media LLC ,2017
- Optimizing Operating Cost of an Intrusion Detection SystemInternational Journal of Communications, Network and System Sciences, 2013
- Measuring intelligent false alarm reduction using an ROC curve-based approach in network intrusion detectionPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2012
- Pattern Analysis and Signature Extraction For Intrusion Attacks On Web ServicesInternational journal of Network Security & Its Applications, 2010
- ACO based Distributed Intrusion Detection SystemInternational Journal of Digital Content Technology and its Applications, 2009
- Measuring intrusion detection capabilityPublished by Association for Computing Machinery (ACM) ,2006
- A framework for the evaluation of intrusion detection systemsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2006
- Evaluation of intrusion detectors: a decision theory approachPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2002
- Intrusion detection using autonomous agentsComputer Networks, 2000