IntruDetector: a software platform for testing network intrusion detection algorithms

An intrusion detection system (IDS), that monitors passively specific computing resources, and reports anomalous or intrusive activities, is becoming an important component in the security system of information infrastructure. Algorithms for detecting intrusions are under rapid development, but far from being mature. One interesting and difficult issue is how to study and test a new intrusion detection algorithm against a variety of (perhaps simulated) intrusive activities under realistic background traffic. A flexible and general-purpose platform for testing intrusion detection algorithms is clearly desirable. This paper presents such a software platform, called IntruDetector. With this platform, detection algorithms can be tested directly in a real environment with a wide range of intrusive activities. The data of normal system activities are directly collected from the live environment, and are mixed with intrusive activities that are simulated by hybrid simulation. The main properties of this approach are: (1) the background traffic is realistic; (2) it allows flexible simulation of various types of intrusions; and (3) normal system operation will not be disrupted by virtually simulated destructive intrusions during testing.