Assume that your organization observes on average 10 million packets per day, an

Question

Assume that your organization observes on average 10 million packets per day, and that your unit of analysis is packets. On average, there are 1,000 actual attack packets per day (ground truth). Investigating each incident (attack packet) takes an average of 3 minutes and you have a staff of 10 well-trained analysts. IDS A has a true positive rate of 92% and a false positive rate of 0.01%. IDS B has a true positive rate of 34% and a false positive rate of 0.001%. Which IDS would you choose and why?

Explanation / Answer

Sensitivity (also called the true positive rate, the recall, or probability of detection in some fields) measures the proportion of actual positives that are correctly identified as such (e.g., the percentage of sick people who are correctly identified as having the condition).

false positive ratio (or false alarm ratio) is the probability of falsely rejecting the null hypothesis for a particular test.

So choose IDS A because of high true positive ratio

Related Questions

Navigate

• Browse (All)
• Browse A
• Subjects