The base-rate fallacy and the difficulty of intrusion detection-Reference-Cited by-同舟云学术

The base-rate fallacy and the difficulty of intrusion detection

Published:2000-08 Issue:3 Volume:3 Page:186-205
ISSN:1094-9224
Container-title:ACM Transactions on Information and System Security
language:en
Short-container-title:ACM Trans. Inf. Syst. Secur.

Author:

Axelsson Stefan¹

Affiliation:

1. Ericsson Mobile Data Design AB

Abstract

Many different demands can be made of intrusion detection systems. An important requirement is that an intrusion detection system be effective ; that is, it should detect a substantial percentage of intrusions into the supervised system, while still keeping the false alarm rate at an acceptable level. This article demonstrates that, for a reasonable set of assumptions, the false alarm rate is the limiting factor for the performance of an intrusion detection system. This is due to the base-rate fallacy phenomenon, that in order to achieve substantial values of the Bayesian detection rate P(Intrusion***Alarm) , we have to achieve a (perhaps in some cases unattainably) low false alarm rate. A selection of reports of intrusion detection performance are reviewed, and the conclusion is reached that there are indications that at least some types of intrusion detection have far to go before they can attain such low false alarm rates.

Publisher

Association for Computing Machinery (ACM)

Subject

Safety, Risk, Reliability and Quality,General Computer Science

Link

https://dl.acm.org/doi/pdf/10.1145/357830.357849

Reference23 articles.

1. ANDERSON J. P. 1980. Computer security threat monitoring and surveillance. 79F26400 26 Feb revised April 15. ANDERSON J. P. 1980. Computer security threat monitoring and surveillance. 79F26400 26 Feb revised April 15.

2. AXELSSON S. 1998. Research in intrusion-detection systems: A survey. 98--17. AXELSSON S. 1998. Research in intrusion-detection systems: A survey. 98--17.

3. AXELSSON S. 2000. Intrusion-detection systems: A taxonomy and survey. 99-15 (March). AXELSSON S. 2000. Intrusion-detection systems: A taxonomy and survey. 99-15 (March).

4. AXELSSON S. 2000. A preliminary attempt to apply detection and estimation theory to intrusion detection. 00--4 (March). AXELSSON S. 2000. A preliminary attempt to apply detection and estimation theory to intrusion detection. 00--4 (March).

Cited by 329 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Introducing a Comprehensive, Continuous, and Collaborative Survey of Intrusion Detection Datasets;Proceedings of the 17th Cyber Security Experimentation and Test Workshop;2024-08-13

2. DRACE: A Framework for Evaluating Anomaly Detectors for Industrial Control Systems;Proceedings of the 10th ACM Cyber-Physical System Security Workshop;2024-07

3. Leveraging Generative Models for Covert Messaging: Challenges and Tradeoffs for "Dead-Drop" Deployments;Proceedings of the Fourteenth ACM Conference on Data and Application Security and Privacy;2024-06-19

4. A Unified Time Series Analytics based Intrusion Detection Framework for CAN BUS Attacks;Proceedings of the Fourteenth ACM Conference on Data and Application Security and Privacy;2024-06-19

5. CCS: A Cross-Plane Collaboration Strategy to Defend Against LDoS Attacks in SDN;IEEE Transactions on Network and Service Management;2024-06