Article

Article title THE DEVELOPMENT OF REQUIREMENTS TO THE CHARACTERISTICS OF NIDS FOR COMPARISON
Authors I.Yu. Polovko
Section SECTION II. SECURITY OF INFORMATION SYSTEMS AND NETWORKS
Month, Year 12, 2013 @en
Index UDC 004.056
DOI
Abstract The scientific work is devoted to the actual problem of selecting protection to provide reliable operation of the network. As a means of protection consider the intrusion detection system (NIDS). The necessity of developing requirements to the structure of quality characteristics of NIDS, was justified. That allowing to obtain a balanced quality assessment of the systems. The characteristics structurally divided into two groups – to evaluate the functional properties of the system and for performance evaluation. The choice of, these characteristics was justified. Primarily was investigated mechanisms of NIDS, during the development of characteristics of the NIDS, that are most critical for the attack, thus may affect on efficiency of detection of attacks. Has been identified the most vulnerable aspects of NIDS at the detection of attacks. For this was considered an approach based on a study of the weaknesses of protocols, the using of which allows you to legally circumvent the mechanisms of NIDS. That is shown that the NIDS that are clearly following RFC, are vulnerable. The developed characteristics allows to estimate the compliance of the real and the manufacturer"s functional properties of NIDS.

Download PDF

Keywords Network security; NIDS; quality characteristics; evaluation criteria.
References 1. Common Intrusion Detection Framework. URL: http://www.gidos.org/ (дата обращения 18.10.2010).
2. Половко И.Ю. Абрамов Е.С. Выбор характеристик систем обнаружения атак для выработки заключения о функциональных возможностях СОА // Известия ЮФУ. Технические науки. – 2011. – № 12 (125). – С. 88-96.
3. Ptacek Т.Н., Newsham T.N. Insertion, evasion, and denial of service: eluding network intrusion detection. // Technical Report, Secure Networks, January 1998.
4. RFC-792 Протокол ICMP.
5. Половко И.Ю. Методы тестирования производительности сетевых СОА // Материалы первой Всероссийской молодёжной конференции по проблемам информационной безопасности «Перспектива 2009». – Таганрог: Изд-во ТТИ ЮФУ, 2009. – С. 192-195.
6. Половко И.Ю. Разработка и исследование системы оценки качества СОА. URL: http://www.library.sfedu.ru/referat/D212-208-25/05-13-19/20120323_D212-208-25_05-13-19_PolovkoIY.pdf (дата обращения 21.09.2013).

Comments are closed.