Using Intrusion Detection Systems with a Firewall: Evaluation on DARPA 99 Dataset


H. Günes Kayacık
A. Nur Zincir-Heywood

Author Addresses: 

Faculty of Computer Science
Dalhousie University
6050 University Ave.
PO Box 15000
Halifax, Nova Scotia, Canada
B3H 4R2


In this paper, two open-source network intrusion detection systems –Snort and Pakemon– are combined with Cisco IOS Firewall intrusion detection features to increase detection of attacks. Evaluation of the systems is performed on DARPA 99 Intrusion Detection dataset. Individual and combined performance is characterized using multiple performance metrics. Results show that different tools perform well under different attack categories; hence demonstrating the benefit of deploying intrusion detection systems working together with a firewall.

Tech Report Number: 
Report Date: 
December 1, 2003
PDF icon CS-2003-12.pdf247.06 KB