Testing Intrusion Detection Systems

In government and industry, intrusion detection systems (IDSs) are now stan­ dard equipment for large networks. IDSs are software or hardware systems that automate the process of monitor­ ing the events occurring in a computer system or network, analyzing them for signs of security problems. Despite the expansion of IDS technology in recent years, the accuracy, performance, and effectiveness of these systems is largely untested, due to the lack of a compre­ hensive and scientifically rigorous test­ ing methodology. This ITL Bulletin summarizes NISTIR 7007, An Over­ view of Issues in Testing Intrusion Detec­ tion Systems, by Peter Mell and Vincent Hu of NIST’s Information Technol­ ogy Laboratory, and Richard Lipp­ mann, Josh Haines, and Marc Zissman of the Massachusetts Institute of Tech­ nology Lincoln Laboratory. The Defense Advanced Research Projects Agency (DARPA) sponsored the work.