The base-rate fallacy and the difficulty of intrusion detection-Reference-Cited by-同舟云学术

The base-rate fallacy and the difficulty of intrusion detection

Published:2000-08 Issue:3 Volume:3 Page:186-205
ISSN:1094-9224
Container-title:ACM Transactions on Information and System Security
language:en
Short-container-title:ACM Trans. Inf. Syst. Secur.

Author:

Axelsson Stefan¹

Affiliation:

1. Ericsson Mobile Data Design AB

Abstract

Many different demands can be made of intrusion detection systems. An important requirement is that an intrusion detection system be effective ; that is, it should detect a substantial percentage of intrusions into the supervised system, while still keeping the false alarm rate at an acceptable level. This article demonstrates that, for a reasonable set of assumptions, the false alarm rate is the limiting factor for the performance of an intrusion detection system. This is due to the base-rate fallacy phenomenon, that in order to achieve substantial values of the Bayesian detection rate P(Intrusion***Alarm) , we have to achieve a (perhaps in some cases unattainably) low false alarm rate. A selection of reports of intrusion detection performance are reviewed, and the conclusion is reached that there are indications that at least some types of intrusion detection have far to go before they can attain such low false alarm rates.

Publisher

Association for Computing Machinery (ACM)

Subject

Safety, Risk, Reliability and Quality,General Computer Science

Link

https://dl.acm.org/doi/pdf/10.1145/357830.357849

Reference23 articles.

1. ANDERSON J. P. 1980. Computer security threat monitoring and surveillance. 79F26400 26 Feb revised April 15. ANDERSON J. P. 1980. Computer security threat monitoring and surveillance. 79F26400 26 Feb revised April 15.

2. AXELSSON S. 1998. Research in intrusion-detection systems: A survey. 98--17. AXELSSON S. 1998. Research in intrusion-detection systems: A survey. 98--17.

3. AXELSSON S. 2000. Intrusion-detection systems: A taxonomy and survey. 99-15 (March). AXELSSON S. 2000. Intrusion-detection systems: A taxonomy and survey. 99-15 (March).

4. AXELSSON S. 2000. A preliminary attempt to apply detection and estimation theory to intrusion detection. 00--4 (March). AXELSSON S. 2000. A preliminary attempt to apply detection and estimation theory to intrusion detection. 00--4 (March).

Cited by 315 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Statistical knowledge and game-theoretic integrated model for cross-layer impact assessment in industrial cyber-physical systems;Advanced Engineering Informatics;2024-01

2. Prioritizing Remediation of Enterprise Hosts by Malware Execution Risk;Annual Computer Security Applications Conference;2023-12-04

3. Intrusion Detection for Scalable and Elastic Microservice Applications;2023 IEEE 28th Pacific Rim International Symposium on Dependable Computing (PRDC);2023-10-24

4. Black-box Attacks Against Neural Binary Function Detection;Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses;2023-10-16

5. False Sense of Security: Leveraging XAI to Analyze the Reasoning and True Performance of Context-less DGA Classifiers;Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses;2023-10-16