RE: [Snort-sigs] A question about comparing IDSs

From: Martin Dion <martin.dion(at)abovesecurity.com>
Date: Tue Mar 16 2004 - 09:27:12 EST

Good morning,  

The NSS Group undergo formal evaluation of various IDS product both 100Meg and Gig sensors on a regular basis. All IDS's undergo the same testing strategy and comparative result is offered based on the different variables such has successful detection rate, false positive, false negative, features....  

http://www.nss.co.uk/default.htm  

Have a nice day !

Martin Dion, CISM
Vice-President
Technology and Security Services

Above Security
Phone: (450) 430-8166 #103
Cell: (514) 831-5427
Email: martin.dion@abovesecurity.com

This message and any attachments are confidential and intended solely for the addressee. If you have received this message in error please delete it and notify Above Security immediately, telephone number (450) 430-8166. Any unauthorized use, alteration or dissemination is prohibited. Above Security accepts no liability whatsoever for any loss, whether it be direct, indirect or consequential, arising from information made available and actions resulting there from.   

-----Original Message-----
From: Yaakov Yehudi [mailto:yehudi@tehila.gov.il] Sent: Tuesday, March 16, 2004 7:25 AM
To: Islam Hegazy; snort sigs
Subject: RE: [Snort-sigs] A question about comparing IDSs  

Hi Islam,  

The question is a good one, but an answer is not so easy. The main thing affecting response time will be the speed of the various hardware components, and this will vary from computer to computer. To get a useful answer, you would have to run each IDS on identical hardware.  

Also the data on the network would ideally be exactly the same for each IDS's test. And it would only be fair to ensure that the data would trigger the same number of responses in each IDS. To the best of my knowledge, there has never been a test of IDS's like this.  

Best Regards, Yaakov

	-----Original Message-----
	From: snort-sigs-admin@lists.sourceforge.net
[mailto:snort-sigs-admin@lists.sourceforge.net]On Behalf Of Islam Hegazy
	Sent: Tue, March 16, 2004 11:21
	To: snort sigs
	Subject: [Snort-sigs] A question about comparing IDSs

	Dear all,

	 

	I am Islam Hegazy, a researcher in the faculty of Computer and

Information Sciences, Ain Shams University, Egypt. I am interested in IDSs. I have developed an IDS that can detect DoS attacks, Ping sweep attacks, and secure documents thefts. I need to compare my results with other IDSs. I searched the commercial products sites, like Cisco, Sans, RealSecure. Snort, but they don't provide their experimental results. I also searched Network security magazine, IEEE, ACM but all the papers that I got talked about designs or frameworks but they don't publish any experimental results. I wonder if anyone can guide me to the right direction to find experimental results talking about the detection time or response time of various IDSs so that I can finish my work.          

        I hope that it is clearer this time.                    

	Thanks 
	Islam Hegazy




-------------------------------------------------------

This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click

---

Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs Received on Tue Mar 16 10:28:24 2004