| Criterion | Evaluation Elements |
| Data | Type of Data, Amount of Data, Origin of Data |
| Detection Range | Accuracy, Completeness, Known Attacks, Masquerade Attacks, Denial of Service, Malicious Use, Leakage, Attempted Break-Ins, Penetration of Security Control Systems |
| Resources | Overhead |
| Network | Network based or not, Portability |
| System Architecture | Methods of Detection, Real-time Operation, Human Supervision, Manipulation Level, Behavior Modeling, Attack Resistance |
| Alarm | Countermeasure Activities, Detection Time |
| System Change | User Behavior, Sensitivity Levels, Expanding System, Knowledge Base |