Towards Improving IDS Using CTF Events

Abstract: In cybersecurity, Intrusion Detection Systems (IDS) serve as a vital defensive layer against adversarial threats. Accurate benchmarking is critical to evaluate and improve IDS effectiveness, yet traditional methodologies face limitations due to their reliance on previously known attack signatures and lack of creativity of automated tests. This paper introduces a novel approach to evaluating IDS through Capture the Flag (CTF) events, specifically designed to uncover weaknesses within IDS. CTFs, known for engaging a diverse community in tackling complex security challenges, offer a dynamic platform for this purpose. Our research investigates the effectiveness of using tailored CTF challenges to identify weaknesses in IDS by integrating them into live CTF competitions. This approach leverages the creativity and technical skills of the CTF community, enhancing both the benchmarking process and the participants' practical security skills. We present a methodology that supports the development of IDS-specific challenges, a scoring system that fosters learning and engagement, and the insights of running such a challenge in a real Jeopardy-style CTF event. Our findings highlight the potential of CTFs as a tool for IDS evaluation, demonstrating the ability to effectively expose vulnerabilities while also providing insights into necessary improvements for future implementations.