Abstract:

It has become a hot topic  in the current research of network security to evaluate the effectiveness and reliability of intrusion detection systems effectively with the development of technology and products of intrusion detection. This paper indicates the advantages and disadvantages of some intrusion detection models which are commonly used at present. An optimal reference value is given through analyzing and deriving an intrusion expectation model, which is different from the current problem of velocity and accuracy of the assessment of intrusion detection systems. Meanwhile, the relations of false alarm rate, false negative rate and the product of intrusion rate and intrusion number are given. Therefore, the product of intrusion rate and intrusion number can be given through the relation which is significant for the IDS capabilities evaluation. The feasibility of the return expectationsbased IDS access model in assessing IDS is proved by the experiments of the Matlab software.

Key words: false alarm rate；false negative rate；detection rate；IDS；return expectations