My Thesis>> Analysis and evaluation of intrusion detection systems test methods

By: Amiri

Supervisor: Dr. Amir Hossein Jahangir

January 2017

Keywords (5 to 7 keywords): Intrusion Detection System Evaluation, Performance, IDS, IPS, Attack Coverage, CVSS, Network Security, Attack Detection Test

Intrusion detection systems’ test and evaluation is an active research area on which many researchers have been working for years. A complete and comprehensive test methodology that can be applied in reasonable time and cost is important and useful both to evaluate a newly designed system and to compare two or more existing systems to select an appropriate system for a particular network. In this research, we first determine the critical features of an IDS and then inspect methods and effective parameters that may influence the test process and propose a method for testing intrusion detection systems. In the proposed test methodology we only examine critical features which lake of them cause serious disorder in the system. To evaluate the results of the attack detection test from various systems, we propose a method based on CVSS and attack tree that can adapt to a destination network, in proposed evaluation method we assign a score to each attack, in the calculation of this score we consider attack damage and vulnerable platform utilization in the network. As the commercial test tools are quite expensive and free tools are usually not complete and do not help evaluating test results, we designed and implemented a tool for test and evaluation of intrusion detection systems based on proposed method. Finally, we compared it with the existing tools.

Download link-Persian (ASAP)