Acquisition of evidence from network intrusion detection systems

Authors/Creators

Brian Cusack, Edith Cowan University
Muteb Alqahtani, Auckland University of Technology

Abstract

The literature reviewed suggests that Network Intrusion Systems (NIDS) are valuable tools for the detection of malicious behaviour in network environments. NIDS provide alerts and the trigger for rapid responses to attacks. Our previous research had shown that NIDS performance in wireless networks had a wide variation under different workloads. In this research we chose wired networks and asked the question: What is the evidential value of NIDS? Three different NIDS were tested under two different attacks and with six different packet rates. The results were alarming. As the work loading increased the NIDS detection capability fell rapidly and as the complexity of attack increased the NIDS detection capability fell more quickly. We conclude that NIDS have weak evidential value for either system improvement or legal admissibility.

Document Type

Conference Proceeding

Date of Publication

1-1-2014

Faculty

Faculty of Health, Engineering and Science

Publisher

Edith Cowan University

School

ECU Security Research Institute

Comments

Cusack B., Alqahtani M. (2014). Acquisition of evidence from network intrusion detection systems. Proceedings of the 11th Australian Digital Forensics Conference, ADF 2013. (pp. 36-43). Edith Cowan University. Available here

Copyright

free_to_read