Performance evaluation of an intrusion detection system

Abstract

Intrusions detection systems (IDSs) are systems that try to detect attacks as they occur or after the attacks take place. IDSs collect network traffic information from some point on the network or computer system and then use this information to secure the network. Research in intrusion detection systems aims to reduce the impact of these attacks. In the recent years, research in intrusion detection systems aims to reduce the impact of attacks, and to evaluate the system. The evaluation of an IDS is a difficult task. We can make the difference between evaluating the effectiveness of an entire system and characteristics of the system components. In this sheet of paper, we present an approach for IDS evaluating based on measurement of its components performance. In this context, we have proposed a hardware platform based on embedded systems for the implementation of an IDS (SNORT) components. After, we tested a system for generating traffics and attacks based on Linux KALI (Backtrack) and Metasploite 3 Framework. The obtained results show the IDS performance is linked to the characteristics of these components. The obtained results show that the performance characteristics of an IDS depends on the performance of its components.