Solution Found!
Solved: Intrusion detection systems. Refer to the Journal
Chapter 7, Problem 18E(choose chapter or problem)
Problem 18E
Intrusion detection systems. Refer to the Journal of Research of the National Institute of Standards and Technology (Nov.–Dec. 2003) study of a computer intrusion detection system (IDS), Exercise 3.69 (p. 167). Recall that an IDS is designed to provide an alarm whenever unauthorized access (e.g., an intrusion) to a computer system occurs. The probability of the system giving a false alarm (i.e., providing a warning when no intrusion occurs) is defined by the symbol , while the probability of a missed detection (i.e., no warning given when an intrusion occurs) is defined by the symbol . These symbols are used to represent Type I and Type II error rates, respectively, in a hypothesis-testing scenario.
a. What is the null hypothesis, H0?
b. What is the alternative hypothesis, Ha?
c. According to actual data on the EMERALD system collected by the Massachusetts Institute of Technology Lincoln Laboratory, only 1 in 1,000 computer sessions with no intrusions resulted in a false alarm. For the same system, the laboratory found that only 500 of 1,000 intrusions were actually detected. Use this information to estimate the values of and .
Questions & Answers
QUESTION:
Problem 18E
Intrusion detection systems. Refer to the Journal of Research of the National Institute of Standards and Technology (Nov.–Dec. 2003) study of a computer intrusion detection system (IDS), Exercise 3.69 (p. 167). Recall that an IDS is designed to provide an alarm whenever unauthorized access (e.g., an intrusion) to a computer system occurs. The probability of the system giving a false alarm (i.e., providing a warning when no intrusion occurs) is defined by the symbol , while the probability of a missed detection (i.e., no warning given when an intrusion occurs) is defined by the symbol . These symbols are used to represent Type I and Type II error rates, respectively, in a hypothesis-testing scenario.
a. What is the null hypothesis, H0?
b. What is the alternative hypothesis, Ha?
c. According to actual data on the EMERALD system collected by the Massachusetts Institute of Technology Lincoln Laboratory, only 1 in 1,000 computer sessions with no intrusions resulted in a false alarm. For the same system, the laboratory found that only 500 of 1,000 intrusions were actually detected. Use this information to estimate the values of and .
ANSWER:
Solution:
Step 1 of 4:
It is given that a computer system is designed to give alarm whenever an unauthorised user attempts to access the computer.
The symbol is defined as the probability of the system giving false alarm, that is the system is giving alarm even when the authorised user attempts to access the computer.
The symbol is defined as the probability of missed alarm, that is the system failed to detect the unauthorised user.
Also it is given that is the Type I error rate and
is the Type II error rate.
Using this we need to answer the followings.