| Along with the deployment and the application of Intrusion DetectionSystem (IDS), there were lots of Intrusion Detection Systems working in theweb. Some IDS' function was good, but some was bad, so it was veryimportant to establish a scientific, equitable, believable testing system. Theexcellent IDS could not only reduce the risk when the computer was workingin the network, but also predigest the working of computer manager.This paper design and establish consummate testing system to test IDS,the testing system was composed by three aspects: testing content, testingmeans and testing step.Testing content was composed by a lot of embranchments: 1)Functionality testing. In this aspect, the cover function, escape testingfunction, IDS interdiction function, attack orientation function, abnormaltesting function, data package reform function and data package fieldabnormal testing function were tested and analyzed. This paper establishedthe testing program, and at last summarized the log, alert and response abilityof every IDS. 2) Capability testing. The capability of IDS was also testing inthis paper. In this paper, we adjust the send manner and send rapid, test thecapability of IDS, summarized and concluded the conclusion. 3) Theanalyzed of delay of IDS. In this aspect, the Petri net was applied in theCIDF-Based IDS, there were lots of theorems and formulas. So we could getthe testing module's establish step: establish the SPN module according tothe IDS, get the SPN isomorphic MC, and analyzed the delay of IDSaccording to MC-Based probability. The theorems and formulas couldanalyze the delay of IDS exactly.According as the different testing contents, the paper presented thedifferent testing means. The means could be part to three kinds: 1) Collectand select the attack software in the network. The collection was the attackdatabase, and we could expansion the database by increase the attackprogram. 2) Write the true attack programs, and these programs could alsobe input into the attack database. 3) According as attack character write themock attack procedure. These programs were not the real attack program, butthey included the attack character, and these programs could not affect theresult of the testing. We could use these attack procedure to intrusioncomputer in the network, so we could get the test result about IDS.Testing step could also be disparate into three part, these were prophase,metaphase and anaphase. In test prophase, we must collect and compile theattack procedure. In test metaphase, we must test according to the test steps,and disposal the testing environment, the principles are: 1) Confirm thetesting subnet. The testing subnet was disport into open model and closemodel: In the open model, the backdrop flux was the real flux, and in theclose model, the backdrop flux was the package we construct. 2) Confirm theposition of IDS. The entrance of the subnet is the best place for setting theIDS. On the testing process, log the result of testing after every program run.At last, in test anaphase, we should analyze the test result, and make out theavailability conclusion.Test content, testing means and testing step, they compose a perfecttesting system together. According to the testing system, we could test IDSfairly. It was not only benefit for the development of network security, butalso benefit for the amelioration of IDS. Certainly, this testing system alsohad limitation. For example, in the aspect of overcast testing, the test casewas not enough;the amount of the attack would be extension;this systemalso need the better mathematics model to analyze the IDS. According to thenet system, we also could analyze the throughput of IDS, these were the afterwork of this paper. |
PDF Full Text Request