SyncPoint based scoring method in IDS evaluation

SyncPoint based scoring method in IDS evaluation

Scoring the true positive rate and the false positive rate is a key component in IDS evaluation.The accuracy of the scoring method affects the effectiveness of the evaluation results.There are two kinds of scoring methods existed,one considering the false positive and the other not.But both of them...

Full description

Saved in:
Bibliographic Details
Main Authors: YANG Wang1, GONG Jian1, WU Xiong1
Format: Article
Language:zho
Published: Editorial Department of Journal on Communications 2008-01-01
Series:Tongxin xuebao
Subjects:
IDS evaluation
scoring method
SyncPoint
false positive rate
scalability
Online Access:http://www.joconline.com.cn/zh/article/74652776/
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Scoring the true positive rate and the false positive rate is a key component in IDS evaluation.The accuracy of the scoring method affects the effectiveness of the evaluation results.There are two kinds of scoring methods existed,one considering the false positive and the other not.But both of them aren’t accurate enough and don’t scale to the traffic volume increase.The characteristics required by the evaluating window was analyzed,and a SyncPoint based scoring method utilizing the features that the IDS processes the packet in a FIFO queue way was proposed.The theoretical analy-sis and the experiment show that the SyncPoint based scoring method is better than the current methods in accuracy and the scalability.
ISSN:1000-436X

Similar Items