A Metrics-Based Approach to Intrusion Detection System Evaluation for Distributed Real-Time Systems

Abstract

This paper describes a set of metrics that will help administrators of distributed, real-time (clustered) computer facilities to select the best intrusion detection system for their facilities. The metrics herein are the subset of our general metric set that particularly impact real-time and distributed processing issues. We discuss related works in this field, the role of intrusion detection in information assurance, some basic classes of intrusion detection systems, a general architecture of network intrusion detection systems, and the scorecard metrics and their application to real-time and distributed processing systems. Finally we discuss the lessons we learned using a preliminary version of the metric scorecard to test three commercial intrusion detection systems and the opportunities for further work in this area.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Apr 01, 2002
Accession Number
ADA406577

Entities

People

  • B. L. Chappell
  • G. A. Fink
  • K. F. O'donoghue
  • T. G. Turner

Organizations

  • Naval Surface Warfare Center

Tags

Communities of Interest

  • Cyber
  • Energy and Power Technologies
  • Sensors
  • Weapons Technologies

DTIC Thesaurus Topics

  • Application Protocols
  • Classification
  • Computer Programs
  • Computers
  • Computing System Architectures
  • Detection
  • Detectors
  • Information Assurance
  • Information Security
  • Information Systems
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Security
  • Standards
  • Test And Evaluation
  • Throughput

Fields of Study

  • Computer science

Readers

  • Database Systems and Applications
  • Defense Acquisition Program Management
  • Sensor Fusion and Tracking Systems.