| The rapid growth of computer network has brought great economic benefit and social benefit for human, but its attendant network security problem also becomes a big difficult problem that trouble customers. For protecting network security, we must build a whole suit of security protecting system which conduct multilayer and diverse detect and protection. Thus IDS (Intrusion Detection System) is an indispensable part in building security protecting system.As the same as other products, after the development and application of IDS achieve a certain degree, the requirement for testing and evaluating IDS is especial urgent. Every aspect all hope that it exit a rational method which can test and evaluate IDS scientifically, fairly and credibly. Developers of IDS hope that testing IDS can help the development of intrusion detection technology. Users of IDS expect that they can get specialist IDS evaluate results and make these results as reliance of selecting IDS. The testing and evaluation of IDS products is the basis that makes IDS extensive application, and test provide most creditable reliance for evaluation. But it has no united IDS test method and evaluation standard by far. IDS have no accepted framework standard, so it is very difficult to establish united test method and evaluation standard for distinct IDS. By now, no one research institute can provide a kind of adaptable evaluation framework, thus it is very urgent and necessary that research in depth method of test and evaluation for IDS.In this paper, at first, we detailed introduce intrusion detection principle, intrusion detection technology, IDS classification as well as IDS function in second chapter, introduce each kind of intrusion detection technology characteristic and different IDS good and bad points. Subsequently, we detailed introduce IDS functionstructure, system structure and at present existed main flaw in the third chapter.We mainly introduce IDS test appraisal project which we proposed in the Fourth chapter. Our project conducts the whole test and evaluation for IDS from the management, the function, the performance and itself safety four aspects. In this chapter, we introduce emphatically IDS performance appraisal targets, IDS test appraisal environment constructing, and network background flow simulation, the commonly used attack method and IDS evasion attack technology simulation, as well as the concrete test appraisal method.Finally we discussed emphatically several difficult issues in the test appraisal: Network background flow simulation, false positives rate test and false negatives rate test. The network background flow simulation is the key point and the difficulty for constructing the test appraisal environment. Moreover, false positives rate and false negatives rate are the IDS most important two performance appraisal target.Our project consider the current network scale development and the actual network flow change as well as the network attack technology development present situation, formulate the general appraisal targets. Under ours test frame, people may carry on fairly scientific and comprehensive test to each different IDS system, may makes the effective crosswise comparison regarding each kind of IDS product technical condition and performance condition. The result of test appraisal may provide the objective reference for users when users select and purchase IDS product.
|
PDF Full Text Request