| With the features of dynamic detection and active defense, IDS has already become the crucial element of the security defense system. Compared with traditional security techniques such as encryption, IDS is still imperfect. It is recognized that the ratio of False Positive and False Negative are relatively high is the main problem of IDS. So it is very important to test the function and performance of different IDS. Through the testing process of the detection accuracy of IDS, the research on creating testing data has become a difficult and important field.Evasion technique can disguise and transform the attack behavior to different forms without altering its original behavior, which can result in evading the IDS at the same time .In this paper focused on the testing technique of IDS based on evasion technique. Firstly, the principle of intrusion detection and the design and implementation of IDS were analyzed, the critical techniques and existent problems through IDS testing were summarized; Secondly the existent security problems of IDS was analyzed, the mechanism of evading the IDS through the attack transformation using evasion technique was discussed in detail, an attack transformation model was built from the aspect of attack description, transformation Riles description, attacker model and attack transform tree; Then, according to the relationship between the penetration testing and IDS testing based on evasion technique, an attack testing Petri net ATPN towards hypothesis and confirmation of flaws was built, and the flaw confirmation phase of NIDS testing based on evasion technology was discussed in detail, in order to test the NIDS detection accuracy from the false negative aspect, an implementation framework of NIDS testing based on evasion technique was designed; Finally, the creation of evasion attack traffic was studied, an algorithm of creating evasion attack testing traffic was designed, and the attack transformation model was validated through experiment. |
PDF Full Text Request