Abstract
An Intrusion Detection System (IDS), that monitors passively specific computing resources, and reports anomalous or intrusive activities, is becoming an important component in the security system of information infrastructure. Algorithms for detecting intrusions are under rapid development, but far from being mature. One interesting and difficult issue is how to study and test a new intrusion detection algorithm against a variety of (perhaps simluated) intrusive activities under realistic background traffic. A flexible and general-purpose platform for testing intrusion detection algorithm is clearly desirable. This paper presents such a software platform, called IntruDetector. With this platform, detection algorithm can be tested directly in a real environment with wide range of intrusive activities. The data of normal system activities are directly collected from the live environment, and are mixed with intrusive activities that are simulated by hybrid simulation. The main properties of this approach are: (1) the back-ground traffic is realistic; (2) it allows flexible simulation of various types of intrusiions; and (3) normal system operation will not be disrupted by virtually simulated destructive intrusions during testing.