Information Technology Reference
In-Depth Information
1.4 Conclusions
The ultimate goal of intrusion detection is to develop systems able to perform
their task confronting imprecise environments. That requires to evaluate IDSes
under a different range of conditions in order to properly design and develop them
to cope with different operational scenarios. However, the number of methodolo-
gies for the evaluation of IDSes or their different components is really scarce [3].
Moreover, the first experiences on the evaluation of IDSes have not been satis-
factory [3]. This work takes the first step towards the construction of a formal
framework for the evaluation of a specific component of IDSes —
alert triage
.
This framework not only allows one to select the best alert triage system but
also to make practical choices when assessing different of its components.
Acknowledgments
Part of this work has been performed in the context of the MCYT-FEDER
project SAMAP (TIC2002-04146-C05-01) and the SWWS project funded by the
EC under contract number IST-2001-37134.
References
1. Martin, F.J., Plaza, E.: Alert triage on the ROC. Technical report, IIIA-CSIC
Technical Report 2003-06 (2003)
2. Provost, F., Fawcett, T.: Robust classification for imprecise environments. Machine
Learning Journal
42
(2001)
3. McHugh, J.: Testing intrusion detection systems: A critique of the 1998 and 1999
DARPA intrusion detection system evaluations as performed by Liconln laboratory.
ACM Transactions on Information and System Security
3
(2000) 262-294
