The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)
Center for Education and Research in Information Assurance and Security

The Base-Rate Fallacy and its Implications for the Difficulty of Intrusion Detection

Author

Stefan Axelsson

Entry type

proceedings

Abstract

Many different demands can be made of intrusion detection systems. An important requirement is that it be effective i.e. that it should detect a substantial percentage of intrusions into the supervised system, while still keeping the false alarm rate at an acceptable level. This paper aims to demonstrate that, for a reasonable set of assumptions, the false alarm rate is the limiting factor for the performance of an intrusion detection system. This is due to the base-rate fallacy phenomenon, that in order to achieve- a perhaps unattainably low- false alarm rate. A selection of reports of intrusion detection performance are reviewed, and the conclusion is reached that there are indications that at least some types of intrusion detection have far to go before they can attain such low false alarm rates.

Date

1999 – 11 – 01

Journal

Proceedings of the 6th ACM Conference on Computer and Communications Security

Key alpha

Axelsson

School

Chalmers University of Technology

Publication Date

1999-11-01

Copyright

ACM 1999

Language

English

Location

A hard-copy of this is in the Papers Cabinet

Subject

The Base-Rate Fallacy and its Implications for the Difficulty of Intrusion Detection

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.