Intrusion detection system (IDS) testing with a packet stimulator system / Frederic Massicotte. : Co24-3/8-2007-3E-PDF

"The relevant commercial product and research literature shows that many techniques may be used to test Intrusion Detection Systems (IDS) that protect computer networks. There are two main techniques for testing IDS detection accuracy: the vulnerability exploitation program approach and the IDS stimulator approach. In the vulnerability exploitation program approach, real attacks are used against real target systems to generate test cases. The currently available solutions are not scalable and they are limited. For instance, the number of vulnerability exploitation programs used in test data sets is often small and the variety of the targeted systems is limited. To overcome this problem an IDS stimulator can be used to generate test cases based on the IDS signature database and to launch the packets corresponding to those signatures against different IDS for testing. However, most current IDS stimulators were developed for attacking IDS and not for IDS testing and evaluation. In this report, we will investigate how an IDS stimulator could generate test cases to identify problems in the IDS configuration or engine and to identify new IDS evasion techniques. To prove this approach, we developed a new enhanced IDS stimulator that we used against Snort and we identified configuration problems and potential evasion techniques when used against intrusion detection systems"--Abstract, page i.

Lien permanent pour cette publication :
publications.gc.ca/pub?id=9.892652&sl=1

• Format MARC XML
• Format MARC HTML

Demander des formats alternatifs