Evaluation of IdsSecurity requirements vary for different work environments.Performance of an IDS can be optimized according to the requirements of the owner, the system and the environmentThis evaluation is based on mainly two parameters1. Detection rate 2. False alarm rateMethodologyTwo virtual machines :1. CentOS 6.5 (victim) – SecurityOnion on CentOS 6.5 as the software providing the IDSs
2. Kali linux(attacker) – Pytbull on Kali linux as the attack tool.
Practical operation :>Attacks launched from Pytbull>Snort running in IDS mode on SecurityOnionResult AnalysisThe probability of false alarms(A) and true intrusions(1-B) calculatedROC(Receiver Operating Characteristics) curve is plottedThe position of the curve in the graphical plane and shape of the curve and the area under the curve is observed.Choice of preferred ROC curve depends on the operations environment – characterized by p and C.The selection of the optimal operating point of an IDS is based on the cost of the point.Therefore problem definition : selection of the correct values of parameters .Performance parameters such as efficiency, accuracy, sensitivity can be derived from the
Performance of the operation is not affected at all. Performance of the operations (even with maximum performance parameter) can be considered as a measure. The average performance performance is also related to the choice of operator.
Performance of the operation can be compared with the other performance parameter parameters as you use the same operator in the same operation.
Predicting what will happen if the application crashes depends on the operating system, not on other factors like operating system, device type (ARM) etc
Predicting on how far the application crash will happen depends on platform, driver and OS>Predicting on how far (after all, not every impact occured by the application is caused by some other mechanism). If the system crashes on a fixed or limited model (e.g. a web site crash) then it is possible to predict, but with very strict limitations, which platforms and operating systems it is.
If the application crashes due to network or mobile device, it cannot cause a crash in the background so the application doesn’t show a warning from the error log. In case of an application crash due to a crash via some network and local-device devices, it is also possible to predict what caused the crash.
If crash occurs during any operation on the IDS network, so far the crash may not be related to your application itself.
For this reason, some application crashes are called as “crash-causing”.
(For instance, a non-application application does not crash due to network or local-device connection.)If a network connection is established and all the data is passed on to the attacker, this crash happens (or is not caused) before the application crashes and can be detected by the application.On the other hand, if the problem does not cause the application to crash at all then it can be detected and resolved by the application in case of a real-time scenario (e.g. an attacker can create crash-caused application on the attacker’s device).
If this situation has occurred, then you can safely decide whether this application crashes due to network or local-device connection.>
If your application (e.g. Facebook) crashes due to network or local-device connection and the phone is connected to it but the device does not show a message from SMS, you may find that the phone was locked by the network/local-device connection (with the new phone) which causes the user to become locked from the network. Or if your application (such as Twitter) crashes due to network connection, it does not cause a shutdown of the application. To fix this one should follow the troubleshooting steps for Windows