A database of computer attacks for the evaluation of intrusion detection systems
Thesis (S.B. and M.Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 1999.
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Thesis |
| Language: | eng |
| Published: |
Massachusetts Institute of Technology
2005
|
| Subjects: | |
| Online Access: | http://hdl.handle.net/1721.1/9459 |
| _version_ | 1826198256186556416 |
|---|---|
| author | Kendall, Kristopher (Kristopher Robert), 1976- |
| author2 | Richard Lippmann. |
| author_facet | Richard Lippmann. Kendall, Kristopher (Kristopher Robert), 1976- |
| author_sort | Kendall, Kristopher (Kristopher Robert), 1976- |
| collection | MIT |
| description | Thesis (S.B. and M.Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 1999. |
| first_indexed | 2024-09-23T11:01:56Z |
| format | Thesis |
| id | mit-1721.1/9459 |
| institution | Massachusetts Institute of Technology |
| language | eng |
| last_indexed | 2024-09-23T11:01:56Z |
| publishDate | 2005 |
| publisher | Massachusetts Institute of Technology |
| record_format | dspace |
| spelling | mit-1721.1/94592020-03-31T14:39:45Z A database of computer attacks for the evaluation of intrusion detection systems Kendall, Kristopher (Kristopher Robert), 1976- Richard Lippmann. Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science Electrical Engineering and Computer Science Thesis (S.B. and M.Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 1999. Includes bibliographical references (p. 121-124). The 1998 DARPA intrusion detection evaluation created the first standard corpus for evaluating computer intrusion detection systems. This corpus was designed to evaluate both false alarm rates and detection rates of intrusion detection systems using many types of both known and new attacks embedded in a large amount of normal background traffic. The corpus was collected from a simulation network that was used to automatically generate realistic traffic-including attempted attacks. The focus of this thesis is the attacks that were developed for use in the 1998 DARPA intrusion detection evaluation. In all, over 300 attacks were included in the 9 weeks of data collected for the evaluation. These 300 attacks were drawn from 32 different attack types and 7 different attack scenarios. The attack types covered the different classes of computer attacks and included older, well-known attacks, newer attacks that have recently been released to publicly available forums, and some novel attacks developed specifically for this evaluation. The development of a high quality corpus for evaluating intrusion detection systems required not only a variety of attack types, but also required realistic variance in the methods used by the attacker. The attacks included in the 1998 DARPA intrusion detection evaluation were developed to provide a reasonable amount of such variance in attacker methods, Some attacks occur in a single session with all actions occurring in the clear, while others are broken up into several sessions spread out over a long period of time with the attacker taking deliberate steps to minimize the chances of detection by a human administrator or an intrusion detection system. In some attacks, the attacker breaks into a computer system just for fun, while in others the attacker is interested in collecting confidential information or causing damage. In addition to providing detailed descriptions of each attack type, this thesis also describes the methods of stealthiness and the attack scenarios that were developed to provide a better simulation of realistic computer attacks. by Kristopher Kendall. S.B.and M.Eng. 2005-08-22T18:32:12Z 2005-08-22T18:32:12Z 1999 1999 Thesis http://hdl.handle.net/1721.1/9459 43474201 eng M.I.T. theses are protected by copyright. They may be viewed from this source for any purpose, but reproduction or distribution in any format is prohibited without written permission. See provided URL for inquiries about permission. http://dspace.mit.edu/handle/1721.1/7582 124 p. 7266320 bytes 7266082 bytes application/pdf application/pdf application/pdf Massachusetts Institute of Technology |
| spellingShingle | Electrical Engineering and Computer Science Kendall, Kristopher (Kristopher Robert), 1976- A database of computer attacks for the evaluation of intrusion detection systems |
| title | A database of computer attacks for the evaluation of intrusion detection systems |
| title_full | A database of computer attacks for the evaluation of intrusion detection systems |
| title_fullStr | A database of computer attacks for the evaluation of intrusion detection systems |
| title_full_unstemmed | A database of computer attacks for the evaluation of intrusion detection systems |
| title_short | A database of computer attacks for the evaluation of intrusion detection systems |
| title_sort | database of computer attacks for the evaluation of intrusion detection systems |
| topic | Electrical Engineering and Computer Science |
| url | http://hdl.handle.net/1721.1/9459 |
| work_keys_str_mv | AT kendallkristopherkristopherrobert1976 adatabaseofcomputerattacksfortheevaluationofintrusiondetectionsystems AT kendallkristopherkristopherrobert1976 databaseofcomputerattacksfortheevaluationofintrusiondetectionsystems |