14th Annual Computer Security Applications Conference
December 7-11, 1998
Phoenix, Arizona


A Selection Criteria for Intrusion Detection Systems

Edward Amoroso and Richard Kwapniewski, AT&T Laboratories

A set of criteria is introduced for comparing and assessing intrusion detection systems. The theory, requirements classes, metrics, and practical application of the criteria are discussed. Fifteen specific requirements are described and broken into Class C, Class B, and Class A compliance. A questionnaire for obtaining vendor information is shown; advice and experiences from test evaluations are given based on our use of the criteria with several commercially available systems.