Intrusion detection systems (IDS) help identify anomalies in the network and alarming systems security engineers when th
Posted: Sun May 15, 2022 11:43 am
Intrusion detection systems (IDS) help identify anomalies in the
network and alarming systems security engineers when that happens.
To describe the performance of an IDS several metrics are defined
such as
• False positive rate = FP / (TN+FP)
• False negative rate = FN / (TP+FN)
• Accuracy = (TP+TN) / (TP+TN+FP+FN)
Where FP denotes false positives, TN denotes true negatives, FN
denotes false negatives and TP denotes true positives. A false
positive is when the IDS detects an anomaly, but that detection is
wrong and there is no anomaly. Similarly, a FN is when the IDS does
not detect an anomaly while there is actually an anomaly. Consider
the following case: Suppose for a certain network there are 950
benign and 50 malicious events in a certain time interval (i.e.,
1,000 events in total). The recent evaluation report for the newly
developed intrusion detection system (IDS) shows that 45 malicious
events were detected by the IDS, but the IDS was unable to identify
the other five malicious events. Also, the IDS wrongly classified
10 benign events into intrusions. Given the numbers provided,
calculate the following:
1) IDS's false positive rate
2) IDS's false negative rate
3) IDS's accuracy
4) if you are the security engineer, would you be more concerned
about FP or FN, discuss your answer.
network and alarming systems security engineers when that happens.
To describe the performance of an IDS several metrics are defined
such as
• False positive rate = FP / (TN+FP)
• False negative rate = FN / (TP+FN)
• Accuracy = (TP+TN) / (TP+TN+FP+FN)
Where FP denotes false positives, TN denotes true negatives, FN
denotes false negatives and TP denotes true positives. A false
positive is when the IDS detects an anomaly, but that detection is
wrong and there is no anomaly. Similarly, a FN is when the IDS does
not detect an anomaly while there is actually an anomaly. Consider
the following case: Suppose for a certain network there are 950
benign and 50 malicious events in a certain time interval (i.e.,
1,000 events in total). The recent evaluation report for the newly
developed intrusion detection system (IDS) shows that 45 malicious
events were detected by the IDS, but the IDS was unable to identify
the other five malicious events. Also, the IDS wrongly classified
10 benign events into intrusions. Given the numbers provided,
calculate the following:
1) IDS's false positive rate
2) IDS's false negative rate
3) IDS's accuracy
4) if you are the security engineer, would you be more concerned
about FP or FN, discuss your answer.