Browse Prior Art Database

A database of computer attacks for the evaluation of intrusion detection systems

IP.com Disclosure Number: IPCOM000128123D
Original Publication Date: 1999-Dec-31
Included in the Prior Art Database: 2005-Sep-15
Document File: 5 page(s) / 19K

Publishing Venue

Software Patent Institute

Related People

Kendall, Kristopher: AUTHOR [+3]

Related Documents

http://theses.mit.edu:80/Dienst/UI/2.0/Describe/0018.mit.theses/1999-93: URL

Abstract

The 1998 DARPA intrusion detection evaluation created the first standard corpus for evaluating computer intrusion detection systems, This corpus was designed to evaluate both false alarm rates and detection rates of intrusion detection systems using many types of both known and new attacks embedded in a large amount of normal background traffic, The corpus was collected from a simulation network that was used to automatically generate realistic trafficincluding attempted attacks, The focus of this thesis is the attacks that were developed for use in the 1998 DARPA intrusion detection evaluation, In all, over 300 attacks were included in the 9 weeks of data collected for the evaluation, These 300 attacks were drawn from 32 different attack types and 7 different attack scenarios. The attack types covered the different classes of computer attacks and included older, well-known attacks, newer attacks that have recently been released to publicly available forums, and some novel attacks developed specifically for this evaluation, The development of a high quality corpus for evaluating intrusion detection systems required not only a variety of attack types, but also required realistic variance in the methods used by the attacker The attacks included in the 1998 DARPA intrusion detection evaluation were developed to provide a reasonable amount of such variance in attacker methods, Some attacks occur in a single session with all actions occurring in the clear, while others are broken up into several sessions spread out over a long period of time with the attacker taking deliberate steps to minimize the chances of detection by a human administrator or an intrusion detection system, In some attacks, the attacker breaks into a computer system just for fun, while in others the attacker is interested in collecting confidential information or causing damage, f n addition to providing detailed descriptions of each attack type, this thesis also describes the methods of stealthiness and the attack scenarios that were developed to provide a better simulation of realistic computer attacks Thesis Supervisor; Richard Lippmann Title: Senior Scientist, MIT Lincoln Laboratory [2]

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 31% of the total text.

Page 1 of 5

 This record is the front matter from a document that appears on a server at MIT and is used through permission from MIT. See http://theses.mit.edu:80/Dienst/UI/2.0/Describe/0018.mit.theses/1999-93 for copyright details and for the full document in image form.

A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems

by

Kristopher Kendall
Submitted in partial fulfillment of the requirements for the degree of Master of Engineering in Electrical Engineering and Computer Science

at the Massachusetts Institute of Technology

June 1999
(c) Kristopher Kendall, MCMXCVT-V, All rights reserved.

THE AUTHOR HEREBY GRANTS TO M.I.T. PERMISSION TO REPRODUCE AND TO DISTRIBUTE COPIES OF THIS THESIS DOCUMENT IN WHOLE OR IN PART. SIGNATURE OF author: [[signature omitted]]

Department of Electrical Engineering and Computer Science,

May 21, 1999
CERTIFIED BY: [[SIGNATURE OMITTED]]

Richard Lippmann

Senior Scientist, MIT Lincoln Laboratory Thesis Supervisor

ACCEPTED BY: [[SIGNATURE OMITTED]]

Arthur C. Smith Chairman, Department Committee on Graduate Theses ARCHIVES MASSACHUSETTS INSTITUTE OF TECHNOLOGY LIBRARIES JUL 15 1999

*This work was sponsored by the Department of Defense Advanced Research Projects Agency (DARPA), Opinions, interpretations, conclusions, and recommendations are those of the author and are not necessarily endorsed by l3ARPA.

Massachusetts Institute of Technology Page 1 Dec 31, 1999

Page 2 of 5

A database of computer attacks for the evaluation of intrusion detection systems

A Database of Computer Attacks for the Evaluations of Intrusion Detection Systems

By

Kristopher Kendall

Submitted to the Department of Electrical Engineering and Computer Science May 21, 1999 In Partial Fulfillment of the Requirements for the Degree of Bachelor of Science in Computer Science and Engineering and Master of Engineering in Electrical Engineering and Computer Science

Abstract

The 1998 DARPA intrusion detection evaluation created the first standard corpus for evaluating computer intrusion detection systems, This corpus was designed to evaluate both false alarm rates and detection rates of intrusion detection systems using many types of both known and new attacks embedded in a large amount of normal background traffic, The corpus was collected from a simulation network that was used to automatically generate realistic trafficincluding attempted attacks,

The focus of this thesis is the attacks that were developed for use in the 1998 DARPA intrusion detection evaluation, In all, over 300 attacks were included in the 9 weeks of data collected for the evaluation, These 300 attacks were drawn from 32 different attack types and 7 different attack scenarios. The attack types covered the different classes of computer attacks and included older, well-known attacks, newer attacks that have recently been released to publicly available forums, and some novel attacks developed specifically for this evaluation,

The development of a high quality cor...