[Snort-sigs] A question about comparing IDSs

Yaakov Yehudi yehudi at ...1252...
Tue Mar 16 04:44:12 EST 2004

Hi Islam,

The question is a good one, but an answer is not so easy.  The main thing
affecting response time will be the speed of the various hardware
components, and this will vary from computer to computer.  To get a useful
answer, you would have to run each IDS on identical hardware.

Also the data on the network would ideally be exactly the same for each
IDS's test.  And it would only be fair to ensure that the data would trigger
the same number of responses in each IDS.  To the best of my knowledge,
there has never been a test of IDS's like this.

Best Regards, Yaakov
  -----Original Message-----
  From: snort-sigs-admin at lists.sourceforge.net
[mailto:snort-sigs-admin at lists.sourceforge.net]On Behalf Of Islam Hegazy
  Sent: Tue, March 16, 2004 11:21
  To: snort sigs
  Subject: [Snort-sigs] A question about comparing IDSs

  Dear all,

  I am Islam Hegazy, a researcher in the faculty of Computer and Information
Sciences, Ain Shams University, Egypt. I am interested in IDSs. I have
developed an IDS that can detect DoS attacks, Ping sweep attacks, and secure
documents thefts. I need to compare my results with other IDSs. I searched
the commercial products sites, like Cisco, Sans, RealSecure. Snort, but they
don't provide their experimental results. I also searched Network security
magazine, IEEE, ACM but all the papers that I got talked about designs or
frameworks but they don't publish any experimental results. I wonder if
anyone can guide me to the right direction to find experimental results
talking about the detection time or response time of various IDSs so that I
can finish my work.

  I hope that it is clearer this time.

  Islam Hegazy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20040316/05a8d443/attachment.html>

More information about the Snort-sigs mailing list