Intrusion detection systems monitor network state looking for unauthorized usage, denial of service, and anomalous behavior.

Such systems have never been formally evaluated ... until now.

The Information Systems Technology Group ( IST ) of MIT Lincoln Laboratory, under Defense Advanced Research Projects Agency ( DARPA ITO ) and Air Force Research Laboratory ( AFRL/SNHS ) sponsorship, has collected and distributed the first standard corpora for evaluation of computer network intrusion detection systems. We have also coordinated, with the Air Force Research Laboratory, the first formal, repeatable, and statistically-significant evaluations of intrusion detection systems. Such evaluation efforts have been carried out in 1998 and 1999.

These evaluations measure probability of detection and probability of false-alarm for each system under test.  These evaluations are contributing significantly to the intrusion detection research field by providing direction for research efforts and an objective calibration of the current technical state-of-the-art.  They are of interest to all researchers working on the general problem of workstation and network intrusion detection.  The evaluation is designed to be simple, to focus on core technology issues, and to encourage the widest possible participation by eliminating security and privacy concerns, and by providing data types that are used commonly by the majority of intrusion detection systems.