- 【Updated on May 12, 2025】 Integration of CiNii Dissertations and CiNii Books into CiNii Research
- Trial version of CiNii Research Knowledge Graph Search feature is available on CiNii Labs
- Suspension and deletion of data provided by Nikkei BP
- Regarding the recording of “Research Data” and “Evidence Data”
The base-rate fallacy and the difficulty of intrusion detection
-
- Stefan Axelsson
- Ericsson Mobile Data Design AB
Search this article
Description
<jats:p> Many different demands can be made of intrusion detection systems. An important requirement is that an intrusion detection system be <jats:italic>effective</jats:italic> ; that is, it should detect a substantial percentage of intrusions into the supervised system, while still keeping the false alarm rate at an acceptable level. This article demonstrates that, for a reasonable set of assumptions, the false alarm rate is the limiting factor for the performance of an intrusion detection system. This is due to the base-rate fallacy phenomenon, that in order to achieve substantial values of the Bayesian detection rate <jats:italic>P(Intrusion***Alarm)</jats:italic> , we have to achieve a (perhaps in some cases unattainably) low false alarm rate. A selection of reports of intrusion detection performance are reviewed, and the conclusion is reached that there are indications that at least some types of intrusion detection have far to go before they can attain such low false alarm rates. </jats:p>
Journal
-
- ACM Transactions on Information and System Security
-
ACM Transactions on Information and System Security 3 (3), 186-205, 2000-08
Association for Computing Machinery (ACM)
- Tweet
Details 詳細情報について
-
- CRID
- 1363670318561125376
-
- ISSN
- 15577406
- 10949224
-
- Data Source
-
- Crossref
