[Snort-sigs] A question about comparing IDSs

Martin Dion martin.dion at ...2318...
Tue Mar 16 06:28:07 EST 2004

Good morning,


The NSS Group undergo formal evaluation of various IDS product both
100Meg and Gig sensors on a regular basis.  All IDS's undergo the same
testing strategy and comparative result is offered based on the
different variables such has successful detection rate, false positive,
false negative, features....




Have a nice day !

Martin Dion, CISM
Technology and Security Services

Above Security
Phone: (450) 430-8166 #103
Cell: (514) 831-5427
Email: martin.dion at ...2318...

This message and any attachments are confidential and intended solely
for the addressee. If you have received this message in error please
delete it and notify Above Security immediately, telephone number (450)
430-8166. Any unauthorized use, alteration or dissemination is
prohibited. Above Security accepts no liability whatsoever for any loss,
whether it be direct, indirect or consequential, arising from
information made available and actions resulting there from.


-----Original Message-----
From: Yaakov Yehudi [mailto:yehudi at ...1252...] 
Sent: Tuesday, March 16, 2004 7:25 AM
To: Islam Hegazy; snort sigs
Subject: RE: [Snort-sigs] A question about comparing IDSs


Hi Islam,


The question is a good one, but an answer is not so easy.  The main
thing affecting response time will be the speed of the various hardware
components, and this will vary from computer to computer.  To get a
useful answer, you would have to run each IDS on identical hardware.  


Also the data on the network would ideally be exactly the same for each
IDS's test.  And it would only be fair to ensure that the data would
trigger the same number of responses in each IDS.  To the best of my
knowledge, there has never been a test of IDS's like this.


Best Regards, Yaakov

	-----Original Message-----
	From: snort-sigs-admin at lists.sourceforge.net
[mailto:snort-sigs-admin at lists.sourceforge.net]On Behalf Of Islam Hegazy
	Sent: Tue, March 16, 2004 11:21
	To: snort sigs
	Subject: [Snort-sigs] A question about comparing IDSs

	Dear all,


	I am Islam Hegazy, a researcher in the faculty of Computer and
Information Sciences, Ain Shams University, Egypt. I am interested in
IDSs. I have developed an IDS that can detect DoS attacks, Ping sweep
attacks, and secure documents thefts. I need to compare my results with
other IDSs. I searched the commercial products sites, like Cisco, Sans,
RealSecure. Snort, but they don't provide their experimental results. I
also searched Network security magazine, IEEE, ACM but all the papers
that I got talked about designs or frameworks but they don't publish any
experimental results. I wonder if anyone can guide me to the right
direction to find experimental results talking about the detection time
or response time of various IDSs so that I can finish my work.


	I hope that it is clearer this time.



	Islam Hegazy

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20040316/71273af6/attachment.html>

More information about the Snort-sigs mailing list