The Chief Information Officer (CIO) at Old Dominion University –ODU- is trying t
ID: 3229293 • Letter: T
Question
The Chief Information Officer (CIO) at Old Dominion University –ODU- is trying to improve the university’s information network security. The CIO is trying to evaluate a new intrusion detection technology in the market for possible replacement for the existing system. An intrusion detection system sounds an “alarm” each time possible malicious attack on a network is detected. The following information is provided:
• Probability of an attack is 0.01
• For the currently installed system, the probability of an alarm given that there is an attack is 0.9, while the probability of an alarm given there is no attack is 0.25.
• For the new technology, the probability of an alarm given that there is an attack is 0.8, while the probability of an alarm given there is no attack is 0.1.
• The CIO assumes that there are only two types of events: either there is or there is no attack.
The CIO is using “evidence ratio,” described as P(B|A) / P(B|A’) as a way to compare the technologies. Please help the CIO compare the new technology with the currently installed system by answering the following questions: Hints: P(A): Probability of actual malicious attack P(A’): Probability of no actual malicious attack P(B): Probability of an alarm Determine the evidence ratios for both the currently installed system for the new technology. Determine the probability of an attack given there was an alarm for both currenty installed technology and the new technology. Which is better, the currently installed system or the new technology?
Explanation / Answer
Old technology:
P(A) = 0.01
P(A') = 0.99
P(B|A) = 0.9
P(B|A') = 0.25
P(B|A)/P(B|A') = 0.9/0.25 = 3.6
New technology:
P(B|A) = 0.8
P(B|A') = 0.1
P(B|A)/P(B|A') = 0.8/0.1 = 8
So, new technology is better