Towards Systematic Signature Testing

11 years 1 months ago
Towards Systematic Signature Testing
: The success and the acceptance of intrusion detection systems essentially depend on the accuracy of their analysis. Inaccurate signatures strongly trigger false alarms. In practice several thousands false alarms per month are reported which limit the successful deployment of intrusion detection systems. Most today deployed intrusion detection systems apply misuse detection as detection procedure. Misuse detection compares the recorded audit data with predefined patterns, the signatures. These are mostly empirically developed based on experience and knowledge of experts. Methods for a systematic development have been scarcely reported yet. A testing and correcting phase is required to improve the quality of the signatures. Signature testing is still a rather empirical process like signature development itself. There exists no test methodology so far. In this paper we present first approaches for a systematic test of signatures. We characterize the test objectives and present different...
Sebastian Schmerl, Hartmut König
Added 30 Oct 2010
Updated 30 Oct 2010
Type Conference
Year 2007
Where PTS
Authors Sebastian Schmerl, Hartmut König
Comments (0)