作　　者： ; ; ;

机构地区： 清华大学信息科学技术学院计算机科学与技术系

出　　处： 《计算机科学》 2006年第8期1-8,共8页

摘　　要： 入侵检测技术已经成为信息安全保障体系的重要组成部分。但是到目前为止,还没有广泛认同的入侵检测系统(IDS)评测标准,用户和研究人员对IDS和新的检测算法的有效性抱有疑问。解决这些问题的关键在于对IDS进行完善的评测。研究者对此提出了多种不同的IDS评测方案,如MIT Lincoln Lab提出的数据集评测和Neohapsis提出的OSEC(Open Security Evaluation Criteria)等。通过对评测结果的分析,能发现现有技术的不足,从而为IDS技术今后的研究提供指导。本文对MIT LL提出的数据集评测方法进行了详细分析,阐述了数据集评测方法中的关键问题,并在MIT LL研究的基础上,提出了相关改进方案,作为进一步的研究。 Intrusion detection technology has been an indispensable part of information security metrics, but till now no standard is widely accepted to evaluate the effectiveness and accuracy of intrusion detection systems （IDS）. Thus, both the end users and researchers have doubt on the effectiveness of IDS and algorithms. The key point of the solution is to construct a precise and comprehensive methodology for IDS evaluation. Researchers have proposed several IDS evaluation methods, such as dataset evaluation proposed by MIT Lincoln Lab and Open Security Evaluation Criteria proposed by Neohapsis, etc. According to the evaluation results researchers may look through the weak point of current intrusion detection technologies and thus improve on them. In this paper we present a detail analysis of dataset evaluation methodology proposed by MIT Lincoln Lab and point out the key problems of dataset evaluation methodology. We also propose an improving research plan as our furthering work in order to update the evaluation dataset.

关 键 词： 入侵检测 数据集 评测 测试

领　　域： [自动化与计算机技术] [自动化与计算机技术]