Research And Implementation Of Performance Testing Tools For Network-Based Intrusion Detection System

Develops from the host-based intrusion detection system in 1980s to the complex multi-shape network-based intrusion detection system now, the researchers have devoted to researching the framework of intrusion detection system as well as the technological development of the testing method. However, regarding the testing method of intrusion dectection system, the unified standard still hasn't been constituted. Presently, the common standard on the detection entry of the network-based intrusion detection products detect in our country is "GA/T 403.1-2002 Information technology-- Technical requirements for intrusion detection products--Part 1: Network-based products". We investigate into the rule of this criterion, with the purpose of solving the chanllege problems such as the difficulty to be tested and the comparison in original testing project.Firstly, we analyze the classical testing methods and theories from some international famous labs and research institutions, as well as the existing states in this domain. Then, based on these correlative research conclusions and the current domestic criteria, we purposefully pay attention to the study on the testing principles of the function, the performance and pre-conditions of the critical item on the network-based intrusion detection system. Consequently, a series of much more reasonable and improved testing methods on the system are proposed in this paper. And we reanalyze the content of the current criteria based on the association between the function and the performance, which leads to the proposal of a rather integrated workflow of testing. Finally, on the basis of the proposed testing workflow and testing theory of critical items, further program modular design are produced. As a result, the performance testing tool on the network-based intrusion detection system will be finished.In conclusion, on the basis of the GA/T 403.1-2002 standard and the experience of domestic and foreign examination methods and advanced tools, the goal of this paper is to propose a new examination frame and corresponding method, which can further provide the foundation to the establishment of testing standard on network-based intrusion detection products. We use programming implement to establish the unified platform on the performance testing tool, in order to realize the brand-new testing design on the network-based intrusion detection system performance, and provide the platform for the next-generation performance expansion testing as well.