[prev in list] [next in list] [prev in thread] [next in thread]
List: focus-ids
Subject: questions of IDS performance
From: guo_yinghua () yahoo ! com ! cn
Date: 2006-05-23 2:26:41
Message-ID: 20060523022641.29610.qmail () securityfocus ! com
[Download RAW message or body]
I am interested in IDS, especially in the ad hoc network environment. In general, \
various application environments have various security requirements of their \
underlying communication networks. For example, communication networks are required \
to be protected with higher security level when they are deployed in hostile and \
tough environment (i.e. military applications). On the other hand, the requirement of \
communication security in civilian applications that usually are located in \
non-hostile is comparatively loose. Accordingly, IDS, if it is deployed to protect \
various networks, should be able to provide adjustable security levels in terms of \
various levels of detection rate, false alarm rate, detection time, and etc. My \
question is: what are the desired levels for acceptable performance in terms of \
detection rate, false alarm rate, detection time of an IDS when it is deployed in \
various network applications. ·For instance, when an IDS is deployed to protect a \
network in a civilian application (e.g. university LAN), what are the desired levels \
for acceptable performance in terms of detection rate, false alarm rate, detection \
time? Is 60 seconds of detection time acceptable? Is 80% of detection rate good? \
·How about these levels for acceptable performance when IDS is deployed in high \
security requirement application (e.g. battlefield communication)? ·How about these \
levels for acceptable performance when IDS is deployed in mobile ad hoc networks? If \
specific answers for these questions are not available, could you provide some rough \
guides to the solutions of these questions?
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic