I am interested in IDS, especially in the ad hoc network environment. In general, various application environments have various security requirements of their underlying communication networks. For example, communication networks are required to be protected with higher security level when they are deployed in hostile and tough environment (i.e. military applications). On the other hand, the requirement of communication security in civilian applications that usually are located in non-hostile is comparatively loose. Accordingly, IDS, if it is deployed to protect various networks, should be able to provide adjustable security levels in terms of various levels of detection rate, false alarm rate, detection time, and etc.
My question is: what are the desired levels for acceptable performance in terms of detection rate, false alarm rate, detection time of an IDS when it is deployed in various network applications. ·For instance, when an IDS is deployed to protect a network in a civilian application (e.g. university LAN), what are the desired levels for acceptable performance in terms of detection rate, false alarm rate, detection time? Is 60 seconds of detection time acceptable? Is 80% of detection rate good? ·How about these levels for acceptable performance when IDS is deployed in high security requirement application (e.g. battlefield communication)? ·How about these levels for acceptable performance when IDS is deployed in mobile ad hoc networks? If specific answers for these questions are not available, could you provide some rough guides to the solutions of these questions? ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
