Intrusion detection system (IDS) testing with a packet stimulator system / Frederic Massicotte.: Co24-3/8-2007-3E-PDF

"The relevant commercial product and research literature shows that many techniques may be used to test Intrusion Detection Systems (IDS) that protect computer networks. There are two main techniques for testing IDS detection accuracy: the vulnerability exploitation program approach and the IDS stimulator approach. In the vulnerability exploitation program approach, real attacks are used against real target systems to generate test cases. The currently available solutions are not scalable and they are limited. For instance, the number of vulnerability exploitation programs used in test data sets is often small and the variety of the targeted systems is limited. To overcome this problem an IDS stimulator can be used to generate test cases based on the IDS signature database and to launch the packets corresponding to those signatures against different IDS for testing. However, most current IDS stimulators were developed for attacking IDS and not for IDS testing and evaluation. In this report, we will investigate how an IDS stimulator could generate test cases to identify problems in the IDS configuration or engine and to identify new IDS evasion techniques. To prove this approach, we developed a new enhanced IDS stimulator that we used against Snort and we identified configuration problems and potential evasion techniques when used against intrusion detection systems"--Abstract, page i.

Permanent link to this Catalogue record:
publications.gc.ca/pub?id=9.892652&sl=0

Publication information
Department/Agency Communications Research Centre (Canada), issuing body.
Title Intrusion detection system (IDS) testing with a packet stimulator system / Frederic Massicotte.
Series title CRC technical note ; CRC-TN-2007-003
Publication type Series - View Master Record
Language [English]
Format Electronic
Electronic document
Note(s) "Ottawa, March 2007."
Digitized edition from print [produced by Innovation, Science and Economic Development Canada].
Includes bibliographical references (pages 13-14).
Issued also in print format.
Includes abstracts in English and French.
Publishing information Ottawa, ON Canada : Communication Research Centre Canada = Centre des recherches sur les communications Canada, 2007.
Author / Contributor Massicotte, Frederic, author.
Description 1 online resource (iii, 14 pages) : illustrations.
Catalogue number
  • Co24-3/8-2007-3E-PDF
Subject terms Intrusion detection systems (Computer security)
Systèmes de détection d'intrusion (Sécurité informatique)
Request alternate formats
To request an alternate format of a publication, complete the Government of Canada Publications email form. Use the form’s “question or comment” field to specify the requested publication.
Date modified: