Computer Engineering and Applications ›› 2008, Vol. 44 ›› Issue (9): 113-117.

• 网络、通信、安全 • Previous Articles     Next Articles

Survey in evaluation of intrusion detection system

TIAN Jun-feng,LIU Tao,CHEN Xiao-xiang   

  1. Institute of Computer Network Technology,Hebei University,Baoding,Hebei 071002,China
  • Received:2007-09-19 Revised:2007-12-10 Online:2008-03-21 Published:2008-03-21
  • Contact: TIAN Jun-feng

入侵检测系统的评估方法与研究

田俊峰,刘 涛,陈小祥   

  1. 河北大学 数学与计算机学院,河北 保定 071002

  • 通讯作者: 田俊峰

Abstract: In an effort to analyze and solve evaluation of intrusion detection system,evaluation methods such as ROC curve,the Bayesian detection rate,the expected cost and the intrusion detection capability have been introduced.The evaluation methods which only involve few evaluation metrics(such as false positive rate,false negative rate) have their own weaknesses,because the complexity of intrusion detection system is the main cause and evaluation of intrusion detection system must involve many performance indexes.In order to achieve the purpose of intrusion detection systems for comprehensive evaluation,this paper gives a method of entropy weight coefficient that is applied to calculate the weight of factors and decrease subjective judgment on the effect of the weight coefficient.Intrusion detection systems are evaluated objectively and comprehensively by the method of entropy weight coefficient.

Key words: network security, intrusion detection system, evaluation, fuzzy comprehensive evaluation

摘要: 在阐述入侵检测系统评估所要解决问题的同时对ROC曲线图、贝叶斯检测率、检测期望值和检测量CID等评估方法进行了深入的研究和分析。发现这些方法只基于某几个指标(如误报率、漏报率)对入侵检测系统进行评价,致使评价结果各有不足,这主要是缘于入侵检测系统的复杂性,对其进行性能评价无疑会涉及影响其性能的每一个主要指标。为此应用一种熵权系数模糊综合评判法,采用模糊综合决策的评估方案,利用熵权系数法计算各指标因素的权重,从而使其能够比较全面地评价一个入侵检测系统。

关键词: 网络安全, 入侵检测系统, 评估, 模糊综合评判