Abstract:
Information security plays a major role in today's IT enabled organizations. In this security stance, Intrusion Detection Systems (IDSes) is a very important element if not the most. Therefore it is very important to select the most suitable product to deploy in any organization concerned. In order to select the suitable IDS it is necessary to evaluate at least short listed number of products or it is necessary to rely on some third party organizations who evaluate these products. But only very few organizations are involving in evaluating IDSes and therefore the cost of hiring such an organization is very high and hence only a very few organizations can bear it where as small organizations have to depend of there own methods. Therefore it is essential for the research community to help in evaluating these products. But the research community can not rely on the methods used by the organizations that do the evaluations since those methods are proprietary and not publicly available. This paper describes a method of using the existing freely available tools of generating a data set or a criterion check list and a framework that can be used to evaluate intrusion detection systems for a specific facility using the proposed method of generating data set./ Finally we discuss the lessons learned using this kind of a framework to evaluate intrusion detection systems and the opportunities for further improvement of this framework and in this area. The tool uses a check list or attack script list and a parser that passes parameters to an open source/free vulnerability scan engine according to the check list to attack the targets and then search the intrusion detection systems logs/database for any detection of those attacks. This will evaluate the quality of the signatures of the specific intrusion detection system. Then we use Snort IDS as the base line to benchmark other candidate Ides (and possibly will try to benchmark at least one more IDS, as a proof-of-concept, due to the time limitation).