Article

Article title ANALYSIS OF THE FUNCTIONAL REQUIREMENTS FOR INTRUSION DETECTION SYSTEMS
Authors I.Y. Polovko, O.Y. Peskova
Section SECTION II. SECURITY OF INFORMATION SYSTEMS AND NETWORKS
Month, Year 02, 2014 @en
Index UDC 004.056
DOI
Abstract The article work is devoted to the actual problem of assessing of the quality of IDS. The comparative analysis has been done for adopted FSTEC requirements to Intrusion Detection Systems with list of the functional characteristics of IDS. The main goal of these characteristics is to determine the functional abilities of IDS (such as intrusion detections in a protected network, the ability to report any incidents, to collect and store information). The realized analysis showed that the adopted requirements does not allow to compare different intrusion detection systems fully. The practical use of adopted requirements contributes to the solution of practical problems of classification of IDS, but it"s not sufficient to assess the quality of implementation of security functions in these intrusion detection systems. To address issues related to the assessment of the quality of IDS - namely, how their functionality can detect a maximum of significant events is proposed to consider additional functional characteristics.

Download PDF

Keywords Network security; intrusion detection systems; functional requirements of IDS.
References 1. Барабанов А., Марков А., Цирлов В. Сертификация систем обнаружения вторжений. Открытые системы. СУБД № 03 2012 г. [Электронный ресурс] URL: http://www.osp.ru/os/2012/03/13015155/ (дата обращения 18.02.2014).
2. Информационное письмо ФСТЭК России об утверждении требований к системам обнаружения вторжений [Электронный ресурс] URL: http://fstec.ru/component/attachments/download/305 (дата обращения 18.02.2014).
3. ГОСТ Р ИСО/МЭК 15408-2-2013. Информационная технология. Методы и средства обеспечения безопасности. Критерии оценки безопасности информационных технологий. Ч. 3. Требования доверия к безопасности. – М.: Изд-во стандартов, 2009. – 119 с.
4. Половко И.Ю. Разработка и исследование системы оценки качества СОА URL: http://www.library.sfedu.ru/referat/D212-208-25/05-13-19/20120323_D212-208-25_05-13-19_PolovkoIY.pdf (дата обращения 23.11.2013).
5. Ptacek Т.Н., Newsham T.N. Insertion, evasion, and denial of service: eluding network intrusion detection // Technical Report, Secure Networks, January 1998.
6. Половко И.Ю. Абрамов Е.С. Выбор характеристик систем обнаружения атак для выработки заключения о функциональных возможностях СОА // Известия ЮФУ. Технические науки. – 2011. – № 12 (125). – С. 88-96.

Comments are closed.