ABSTRACT
Many Network administrators and network analysts in organizations do not know which
intrusion detection system to use. This is partly due to the fact that there is no clear
comparison between the different intrusion detection systems. Therefore. organizations
need concrete comparisons between different tools in order to choose which best suitc for
their needs is. This research aims at comparing anomaly with signature detection methods
in order to establish which is best suited to guard organization. such as data theft. The
difference between anomaly and signature-based detection is that an anomaly Intrusion
Detection System needs to be trained and generate many alerts, the majority of which
being false alarms: hence another aim is to establish the in influence of the training
period length of an anomaly Intrusion Detection system on its dctcction rate. I lence. this
research presents a Network-based Intrusion Detection System evaluation testbed setup.
and it shows the setup for two of these using the signature detector (Snort) and the
anomaly detector Statistical Packet Anomaly Detection Engine (SPADE). Thc evaluation
testbed is then used to create a data theft scenario that includes the follo’s ing stages:
reconnaissance: gaining unauthorized access: and finally data theft. Therefore. it offers
the opportunity to compare both detection methods with regards to that threat. this
research acts as documentation for setting up a network Intrusion Detection System
evaluation testbed. SPADE. lack a centralized documentation and no research paper
could be identified that clearly documents the configuration of an evaluation testbed for
Intrusion Detection System. Standards for evaluating Intrusion Detection System could
not identified, and thus this required the creation of a bespoke evaluation testbed which.
in tum~ limited the time dedicated to evaluating the threat scenario itself. Along with this.
results show that configuration. testing and verification of the anomaly detection s> stem
is highly error-prone.
JAMES, K (2021). Analysis And Evaluation Of Network Intrusion Detection Methods; A Case Of Anomaly Detection And Signature Detection Approaches. Afribary. Retrieved from https://afribary.com/works/analysis-and-evaluation-of-network-intrusion-detection-methods-a-case-of-anomaly-detection-and-signature-detection-approaches
JAMES, KAWEESA "Analysis And Evaluation Of Network Intrusion Detection Methods; A Case Of Anomaly Detection And Signature Detection Approaches" Afribary. Afribary, 03 Jun. 2021, https://afribary.com/works/analysis-and-evaluation-of-network-intrusion-detection-methods-a-case-of-anomaly-detection-and-signature-detection-approaches. Accessed 25 Apr. 2024.
JAMES, KAWEESA . "Analysis And Evaluation Of Network Intrusion Detection Methods; A Case Of Anomaly Detection And Signature Detection Approaches". Afribary, Afribary, 03 Jun. 2021. Web. 25 Apr. 2024. < https://afribary.com/works/analysis-and-evaluation-of-network-intrusion-detection-methods-a-case-of-anomaly-detection-and-signature-detection-approaches >.
JAMES, KAWEESA . "Analysis And Evaluation Of Network Intrusion Detection Methods; A Case Of Anomaly Detection And Signature Detection Approaches" Afribary (2021). Accessed April 25, 2024. https://afribary.com/works/analysis-and-evaluation-of-network-intrusion-detection-methods-a-case-of-anomaly-detection-and-signature-detection-approaches