Determination of suitability of network intrusion detection rules and their mathematical evaluation
The article deals with the problems that arise when detecting network attacks using intrusion detection systems in the corporate network of an enterprise. The features of the formation of signatures of network attacks are considered. The problem of coincidence of parameters of network intrusions and parameters of damaged packets is investigated. To assess the suitability of the rules for detecting network attacks and their subsequent control, a method for upgrading the component composition of intrusion detection systems has been redesigned. A method of mathematical evaluation of the suitability of the rules for detecting network attacks is considered.