Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation
MIT Lincoln Laboratory · Massachusetts Institute of Technology
Abstract
An intrusion detection evaluation test bed was developed which generated normal traffic similar to that on a government site containing 100's of users on 1000's of hosts. More than 300 instances of 38 different automated attacks were launched against victim UNIX hosts in seven weeks of training data and two weeks of test data. Six research groups participated in a blind evaluation and results were analyzed for probe, denial-of-service (DoS) remote-to-local (R2L), and user to root (U2R) attacks. The best systems detected old attacks included in the training data, at moderate detection rates ranging from 63% to 93% at a false alarm rate of 10 false alarms per day. Detection rates were much worse for new and…
Citation impact
- FWCI
- 27.95
- Percentile
- 100%
- References
- 25
Authors
11- RPRichard P. LippmannCorresponding
MIT Lincoln Laboratory
- DJDavid J. Fried
MIT Lincoln Laboratory, Massachusetts Institute of Technology
- IGIsaac Graf
Massachusetts Institute of Technology, MIT Lincoln Laboratory
- JHJoshua Haines
MIT Lincoln Laboratory, Massachusetts Institute of Technology
- KRK. R. Kendall
MIT Lincoln Laboratory, Massachusetts Institute of Technology
Topics & keywords
- Intrusion detection system
- Computer science
- Denial-of-service attack
- Constant false alarm rate
- Computer security
- Test (biology)
- Anomaly-based intrusion detection system
- Anomaly detection
- Peace, Justice and strong institutions