Proposals on assessment environments for anomaly-based network intrusion detection systems

One of the key challenges that researchers should face when proposing a new intrusion detection approach (IDS) is that of demonstrating its general validity. This fact goes necessarily through the disposal of a real set of intrusion (as well as non-intrusion) related events, from which to compare and thus validate the performance of the novel proposed techniques. However, this a priori simple issue is far to be obvious because of the lack of a commonly accepted assessment methodology. In this line, the authors discuss a set of basic requirements that an intrusion-oriented framework should fulfill in order to deal with the normalization of the evaluation process in IDS environments. In its current preliminary state, the work is mainly focused to analyze, specify and manage traffic databases for developing and validating NIDS.