-
- Stefan Axelsson
- Ericsson Mobile Data Design AB
この論文をさがす
説明
<jats:p> Many different demands can be made of intrusion detection systems. An important requirement is that an intrusion detection system be <jats:italic>effective</jats:italic> ; that is, it should detect a substantial percentage of intrusions into the supervised system, while still keeping the false alarm rate at an acceptable level. This article demonstrates that, for a reasonable set of assumptions, the false alarm rate is the limiting factor for the performance of an intrusion detection system. This is due to the base-rate fallacy phenomenon, that in order to achieve substantial values of the Bayesian detection rate <jats:italic>P(Intrusion***Alarm)</jats:italic> , we have to achieve a (perhaps in some cases unattainably) low false alarm rate. A selection of reports of intrusion detection performance are reviewed, and the conclusion is reached that there are indications that at least some types of intrusion detection have far to go before they can attain such low false alarm rates. </jats:p>
収録刊行物
-
- ACM Transactions on Information and System Security
-
ACM Transactions on Information and System Security 3 (3), 186-205, 2000-08
Association for Computing Machinery (ACM)
