[Snort-devel] A question about comparing IDSs

From: Islam Hegazy <islheg(at)hotmail.com>
Date: Thu Apr 08 2004 - 10:22:43 EDT

Dear All,

I am Islam Hegazy, a researcher in the faculty of Computer and Information Sciences, Ain Shams University, Egypt. I am interested in IDSs. I have developed an IDS that can detect DoS attacks, Ping sweep attacks, and secure documents thefts. I need to compare my results with other IDSs or to confirm that the false positives, false negatives, detection time and response time are acceptable. I searched the commercial products sites, like Cisco, Sans, RealSecure. Snort, but they don't provide their experimental results. I also searched Network security magazine, IEEE, ACM but all the papers that I got talked about designs or frameworks but they don't publish any experimental results. I wonder if you can guide me to the right direction to find experimental results or anything that talks about acceptable false positives, false negatives, detection time and response time ranges so that I can finish my work.

Thanks
Islam Hegazy

---

This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click

---

Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel Received on Thu Apr 8 11:38:21 2004