Title :
On the Verification and Validation of Signature-Based, Network Intrusion Detection Systems
Author :
Massicotte, F. ; Labiche, Yvan
Author_Institution :
Canadian Cyber Incident Response Centre, Public Safety Canada, Ottawa, ON, Canada
Abstract :
An Intrusion Detection System (IDS) protects computer networks against attacks and intrusions in combination with firewalls and anti-virus systems. One class of IDS is called signature-based network IDSs as they monitor network traffic, looking for evidence of malicious behaviour as specified in attack descriptions (referred to as signatures). It is common knowledge in the research community that IDSs have problems accurately identifying attacks. In this paper we discuss this accuracy problem and decompose it into a detection problem and a confirmation problem. We then map the evaluation of this accuracy problem to the traditional software verification and validation problem, which allows us to analyze the techniques academics have been using to evaluate their IDS technologies. As a result, we are able to identify areas where research is needed to improve the assessment of the IDS accuracy problem through verification and validation techniques.
Keywords :
computer network security; digital signatures; formal verification; telecommunication traffic; IDS; antivirus systems; attack descriptions; computer network protection; firewalls; malicious behaviour; network intrusion detection systems; network traffic monitoring; signature based network; signature validation; signature verification; Accuracy; Computers; Engines; Malware; Software; Telecommunication traffic; Testing; Intrusion detection system; Network; Signature; Verification and Validation;
Conference_Titel :
Software Reliability Engineering (ISSRE), 2012 IEEE 23rd International Symposium on
Conference_Location :
Dallas, TX
Print_ISBN :
978-1-4673-4638-2
DOI :
10.1109/ISSRE.2012.16
