| With the rapid development of the Internet, network attack and invasions arebecoming more and more serious, therefore accordingly, IDS is one of the importantsecurity protection ways. Many of the IDS products appeared on the market and IDSdevices from different manufacturers have various log formats, so the paper aims togive an foundation framework of IDS testing tool with functions such as efficienton-line inspection, adding rules and analyzing alarm log automatically.The classical testing methods and theories from some international famous labsand research institution have been elaborated, and the current emerging IDS testingtools also have been analyzed and studied. Based on national standards for referenceGBT20275-2006and NSS testing method, we provide a kind of IDS testing toolcombining rules of snort IDS which Sourcefire VRT develops and maintains with thefeature of Tilera multi-core processor system architecture. The foundation framework oftesting tool for IDS based on multi-core includes host control and analysis program andmulti-core IDS testing device program. The former is composed of host commandcommunication module and IDS alert log analysis module. The latter consists ofprocessing control commands module, processing information of rules module,generating test packets module and simulating network attack module.The false positive are tested respectively by the testing tool for IDS based onmulti-core which is designed and implemented in this paper, so that it can complete toenvalue the safety strategy of IDS. |
PDF Full Text Request