Intrusion Detection Systems (IDSs) protect computer networks against attacks and intrusions in combinations with firewalls and anti-virus systems. Many studies have reported that IDSs have several accuracy problems. For example, IDSs can generate thousands of alarms a day that flood network administrators, and many of these alarms are false alarms. As a result, network administrators run the risk of missing good alarms lost in the noise generated by the false alarms. In this thesis, we present three contributions to the domain of IDS testing and evaluation to measure this accuracy problem and we present one contribution to the domain of IDS signature generation to generate automatically IDS signatures. |