Edward Amoroso and Richard Kwapniewski, AT&T Laboratories
{eamoroso|rkwapniewski}@att.com
A set of criteria is introduced for comparing and assessing intrusion detection systems. The theory, requirements classes, metrics, and practical application of the criteria are discussed. Fifteen specific requirements are described and broken into Class C, Class B, and Class A compliance. A questionnaire for obtaining vendor information is shown; advice and experiences from test evaluations are given based on our use of the criteria with several commercially available systems.